Insurers have developed products for individuals and companies at attractive premiums
Insurers have developed products for individuals and companies at attractive premiums
With businesses, governments, and the public increasingly relying on digitization, cybersecurity has become a core part of how they fundamentally operate today.
Cyber attacks have increased over the past 12 to 18 months, affecting businesses of all types and sizes where data network reliability is a fundamental requirement for their operations. As a result, cybersecurity ranks high on a company’s list of governance priorities.
As more businesses began working from home, database breaches and hacking ensued, resulting in lost revenue opportunities across industries. Systems that are considered highly secure can also be attacked in cyber attacks. Nearly 26,000 Indian websites were reportedly hacked in the 10 months to October. The hackers had been operating from different parts of the world with hidden identities.
While weak passwords are the most common cause of such attacks, systems with unprotected or unchanged passwords are highly vulnerable. Second, different types of malware exploit outdated antivirus software. Third, working in unsecured environments such as a shared Wi-Fi network to access personal email and USB drives can prove risky.
It is the organization’s responsibility to take action to prevent and counter potential threats. They should train their employees to create strong passwords, follow proper password protection protocols, and ensure firewalls are resilient to malware attacks by installing regular software updates. This is another reason why organizations are pushing for virtual private networks.
types of threats
Internal threats can stem from employee negligence or ignorance, while external threats can come from former employees, competitors, and hackers stealing company data and money through spoofing and phishing. Of course, this would result in reputational damage, financial loss, litigation, regulatory investigations and most importantly, loss of customers and therefore revenue.
Ransomware attacks are evolving in the market, with the past 8-10 months seeing the highest number of sensitive data disclosure threats. A leading social networking platform suffered a data breach that sold millions of profiles containing email addresses, names, dates of birth and phone numbers on the dark web. In another incident, a major foreign bank was hacked, resulting in financial losses. Ransomware attackers can leak employee personnel files or compromised customer data.
Insurers also add crime policies to cover collusion by employees.
Cyber insurance solutions are available in the market to protect against losses from cyber attacks including self and third party losses and cyber extortion.
Self-insurance covers damage caused by electronic theft, loss of electronic communications, e-vandalism, business interruption (loss of income from fraudulent access affecting operations), and the like.
Third-party loss includes disclosure liability (any customer claim due to system security failures resulting in unauthorized access), content liability (for alleged copyright infringement), reputational liability, and management liability. Expense coverage includes privacy notice costs, crisis costs, and premium costs.
Some insurers even cover proactive forensic services in a potential threat situation. Businesses should first understand the need for cyber insurance solutions, rather than just taking out cyber insurance coverage. Cyber insurance helps cover legal costs arising from damage caused by a cyber attack. It should be part of the company’s overall business continuity strategy as it helps to recover quickly after an incident.
The ability to recognize an attack and quickly defend against it are some of the underwriting principles of insurers.
Insurers conduct thorough due diligence through quoting forms, interactions, network diagrams and reviews of a company’s cyber strategies before offering cyber insurance coverage.
As part of their review, insurers review MFA (multi-factor authentication) processes, verified backups, network monitoring, and whether users are employees and/or vendors.
Taking out cyber insurance alone is not enough; The company should ensure protocols are strictly followed and train employees on digital hygiene.
digital discipline
Proactive risk management strategies that include using strong passwords, ensuring passwords are not freely shared between employees, multi-factor authentication, proper firewall usage, and access controls via servers and routers are all examples of good digital behavior. These are also important underwriting points to get cyber insurance from insurers.
Whether or how much insurance coverage insurers can offer a company depends on the industry, profile and digital behavior of the company due to the high ransomware exposure.
To provide coverage, insurers consider factors such as company revenue, individual IT equipment, personally identifiable information, whether system or network management is outsourced, frequency of regular system checks, and use of encryption.
Thanks to work-from-home situations, insurers have developed products for private individuals at reasonable premiums in addition to business enterprise solutions.
While coverage for businesses can cost roughly around 4-5% of the limit requested, retail cyber products with individual coverage and add-ons such as family coverage and protecting digital assets from malware come with liability limits ranging from 50,000 to 1 crore £1,500 to £15,000 top prices.
This can be useful in the event of a retail cyber breach. More and more insurers are offering attractive premiums.
Excludes willful fraud or intentional breach, unlawfully collected data and unsolicited correspondence, to name a few.
Insurance protection always serves to prevent damage. However, clear, written incident planning and testing practices are critical to protecting against attacks.
Encapsulated cyber insurance and business maturity are both important as businesses using the best of practices with sound technical solutions and systems can still be vulnerable in these modern cyber environments.
(The author is a Director and CEO, TVS Insurance Broking Ltd.)
