Demystifying Cyber Protection Insurance

Planned Cover , 28 September 2020

Planned Cover demystifies cyber protection insurance, offering an explainer on terminology and what it all means for you and your business.

Cybercrime is hitting the headlines and the message to protect ourselves is loud and clear. But have you recently looked at Cyber Insurance and decided it’s all too hard? Do you find the terminology difficult to understand and do you wonder whether it’s necessary? Hopefully the following information will help build a better understanding of what it all means and, more importantly, provide a warning about the ways cyber criminals can impact you and your business.

What is a cyber insurance policy?

To summarise, a cyber insurance policy is designed to protect businesses against cyber risks and assist with any losses or liabilities incurred from cyber events. They typically cover Third Party Claims relating to the Insured's liability to third parties from a failure to keep data secure (such as claims for compensation by third parties) and First Party Costs, which are costs incurred by the Insured when responding to a breach. 

Coverage under a policy can be triggered by the following events:

Cyber Events

Crimeware

Any malware of any type intentionally designed to cause harm to your IT infrastructure.

Cyber Espionage

Unauthorised access to an item of your IT infrastructure linked to a state affiliated or criminal source exhibiting the motive of espionage.

Cyber Extortion

A crime involving an attack or threat of attack against your IT.

Denial of Service

Uniquely intended to compromise the availability of your IT infrastructure.

Hacking

Malicious or unauthorised access to your IT infrastructure.

Insider and Privilege Misuse

Unapproved or malicious use of your IT infrastructure by your employees, outsiders in collusion with your employees, or business partners who are granted privilege access to your IT infrastructure.

Miscellaneous Errors

Unintentional actions that directly compromise a security attribute of an item of your IT infrastructure.

Privacy Error

Acts or omissions by your employees that lead to unauthorised access to, unauthorised disclosure of, or loss of data (including non-electronic data), which necessitates incurring notification costs or identity theft response costs.

Payment Card Skimming

This involves a skimming device being physically implanted into an item of your IT infrastructure that reads data from a payment card.

Physical Theft and Loss

An item of your IT infrastructure is missing or falls into the hands of a third party or the public, whether through misplacement or malice.

Web App Attacks

This happens when a web application is the target of attack against your IT infrastructure – includes exploitation of code level vulnerabilities in the application.

Third Party Liability Claim or ‘Loss to others claim’

Most cyber insurance policies will pay for a loss that you are legally liable for, arising out of a claim that is first made against you and notified to them during the policy period, because of multimedia injury or because of a cyber event in your business.

Credible Threat to Your IT Infrastructure

Cyber extortion and Hacking/Crimeware are highly credible threats that can bring your IT infrastructure to a complete halt. Hackers gain access to your IT system and take control of it, locking you out of the ability to operate your business.

Losses To Your Business coverage provides these protections

Business Interruption

Impact on Business Costs: Reimbursement for lost profits, as well as necessary expenses incurred to maintain operation of the business as a result of the interruption.

Preventative Shutdown Allowance

An allowance that is paid when the revenue you earn during the preventative shutdown falls short of the revenue you ordinarily earn directly as a result of the preventative shutdown.

‘Loss To Others’ Defends and Indemnifies You against Third Party Liability Claims

Should you find yourself in a legal battle brought upon by a third party who has incurred losses as a result of a Cyber incident, a typical policy will cover you for the following:

  • Legal Expenses
  • Defence Costs
  • Settlements / Awards / Damages
  • Civil Fines and Penalties
  • Mandatory Notices from Regulators (incl. the OAIC)
  • Multimedia Injury
  • Payment Card industry Liability
  • Regulatory Fines and Penalties

Cyber Event Response Costs covers these Responses

Credit and Identity Monitoring Costs

Incurred in engaging monitoring services by a third party for persons affected by a cyber event for a period of up to 12 months.

Cyber Extortion Costs / Ransomware Costs

Paid to respond to a cyber event where a third party is seeking to obtain pecuniary gain from you through cyber extortion.

Data Restoration Costs

Incurred in restoring or replacing data or programs in your IT infrastructure that have been lost, damaged or destroyed.

Data Securing Costs

Incurred in securing your IT infrastructure to avoid ongoing impact on business costs, loss and cyber event response costs.

External Management Costs (Crisis Management)

Incurred in responding to a cyber event including crisis management and mitigation measures engaged in by you to counter a credible impending threat to stage a cyber event against your IT infrastructure.

Identity Theft Response Costs

Incurred in supporting an individual with reporting of the identity theft and re-establishing identity and essential records.

Notification Costs

Incurred in notifying any person whose data or information has been accessed or lost including the cost of preparing a statement to the Office of the Australian Information Commissioner or other authorities.

Public Relations Costs

Incurred in responding to a cyber event including external public relations, media, social media and communications management.

Pursuit Costs

Paid to a third party (other than a law enforcement officer or your current or former employee or IT contractor), as reward for assistance leading to the arrest and conviction of the perpetrator of a cyber event covered under the policy.

Virus Extraction Costs

Incurred to remove a virus from your IT infrastructure.

Other things to be aware of

Optional Covers may be available for other situations like Criminal Financial Loss (cover for Direct Financial Loss), Tangible Property (if a Cyber Event damages your IT hardware) and more.

There will be waiting periods, limitations and indemnity periods on all policies, so you need to be fully aware of these. 

Seek help from the experts

Planned Cover Account Managers can assist you to fully understand all the cover, features, and terms and conditions before proceeding with a Cyber Insurance policy.

Laurence Gottlieb
State Manager VIC
laurenceg@plannedcover.com.au
(03) 8508 5400

Simon Gray
State Manager NSW/ACT
simong@plannedcover.com.au
(02) 9957 5700

Karen Meiklejohn
State Manager QLD/NT
karenm@plannedcover.com.au
(07) 3017 1500

Kylie McGrath
State Manager WA
kyliem@plannedcover.com.au
(08) 9261 1200

Cos Cirocco
State Manager SA/TAS and National Business Manager
cosc@plannedcover.com.au
(08) 8363 7366