Demystifying Cyber Protection Insurance
Planned Cover demystifies cyber protection insurance, offering an explainer on terminology and what it all means for you and your business.
Cybercrime is hitting the headlines and the message to protect ourselves is loud and clear. But have you recently looked at Cyber Insurance and decided it’s all too hard? Do you find the terminology difficult to understand and do you wonder whether it’s necessary? Hopefully the following information will help build a better understanding of what it all means and, more importantly, provide a warning about the ways cyber criminals can impact you and your business.
What is a cyber insurance policy?
To summarise, a cyber insurance policy is designed to protect businesses against cyber risks and assist with any losses or liabilities incurred from cyber events. They typically cover Third Party Claims relating to the Insured’s liability to third parties from a failure to keep data secure (such as claims for compensation by third parties) and First Party Costs, which are costs incurred by the Insured when responding to a breach.
Coverage under a policy can be triggered by the following events:
Any malware of any type intentionally designed to cause harm to your IT infrastructure.
Unauthorised access to an item of your IT infrastructure linked to a state affiliated or criminal source exhibiting the motive of espionage.
A crime involving an attack or threat of attack against your IT.
Denial of Service
Uniquely intended to compromise the availability of your IT infrastructure.
Malicious or unauthorised access to your IT infrastructure.
Insider and Privilege Misuse
Unapproved or malicious use of your IT infrastructure by your employees, outsiders in collusion with your employees, or business partners who are granted privilege access to your IT infrastructure.
Unintentional actions that directly compromise a security attribute of an item of your IT infrastructure.
Acts or omissions by your employees that lead to unauthorised access to, unauthorised disclosure of, or loss of data (including non-electronic data), which necessitates incurring notification costs or identity theft response costs.
Payment Card Skimming
This involves a skimming device being physically implanted into an item of your IT infrastructure that reads data from a payment card.
Physical Theft and Loss
An item of your IT infrastructure is missing or falls into the hands of a third party or the public, whether through misplacement or malice.
Web App Attacks
This happens when a web application is the target of attack against your IT infrastructure – includes exploitation of code level vulnerabilities in the application.
Third Party Liability Claim or ‘Loss to others claim’
Most cyber insurance policies will pay for a loss that you are legally liable for, arising out of a claim that is first made against you and notified to them during the policy period, because of multimedia injury or because of a cyber event in your business.
Credible Threat to Your IT Infrastructure
Cyber extortion and Hacking/Crimeware are highly credible threats that can bring your IT infrastructure to a complete halt. Hackers gain access to your IT system and take control of it, locking you out of the ability to operate your business.
Losses To Your Business coverage provides these protections
Impact on Business Costs: Reimbursement for lost profits, as well as necessary expenses incurred to maintain operation of the business as a result of the interruption.
Preventative Shutdown Allowance
An allowance that is paid when the revenue you earn during the preventative shutdown falls short of the revenue you ordinarily earn directly as a result of the preventative shutdown.
‘Loss To Others’ Defends and Indemnifies You against Third Party Liability Claims
Should you find yourself in a legal battle brought upon by a third party who has incurred losses as a result of a Cyber incident, a typical policy will cover you for the following:
- Legal Expenses
- Defence Costs
- Settlements / Awards / Damages
- Civil Fines and Penalties
- Mandatory Notices from Regulators (incl. the OAIC)
- Multimedia Injury
- Payment Card industry Liability
- Regulatory Fines and Penalties
Cyber Event Response Costs covers these Responses
Credit and Identity Monitoring Costs
Incurred in engaging monitoring services by a third party for persons affected by a cyber event for a period of up to 12 months.
Cyber Extortion Costs / Ransomware Costs
Paid to respond to a cyber event where a third party is seeking to obtain pecuniary gain from you through cyber extortion.
Data Restoration Costs
Incurred in restoring or replacing data or programs in your IT infrastructure that have been lost, damaged or destroyed.
Data Securing Costs
Incurred in securing your IT infrastructure to avoid ongoing impact on business costs, loss and cyber event response costs.
External Management Costs (Crisis Management)
Incurred in responding to a cyber event including crisis management and mitigation measures engaged in by you to counter a credible impending threat to stage a cyber event against your IT infrastructure.
Identity Theft Response Costs
Incurred in supporting an individual with reporting of the identity theft and re-establishing identity and essential records.
Incurred in notifying any person whose data or information has been accessed or lost including the cost of preparing a statement to the Office of the Australian Information Commissioner or other authorities.
Public Relations Costs
Incurred in responding to a cyber event including external public relations, media, social media and communications management.
Paid to a third party (other than a law enforcement officer or your current or former employee or IT contractor), as reward for assistance leading to the arrest and conviction of the perpetrator of a cyber event covered under the policy.
Virus Extraction Costs
Incurred to remove a virus from your IT infrastructure.
Other things to be aware of
Optional Covers may be available for other situations like Criminal Financial Loss (cover for Direct Financial Loss), Tangible Property (if a Cyber Event damages your IT hardware) and more.
There will be waiting periods, limitations and indemnity periods on all policies, so you need to be fully aware of these.
Seek help from the experts
Planned Cover Account Managers can assist you to fully understand all the cover, features, and terms and conditions before proceeding with a Cyber Insurance policy.
State Manager VIC
(03) 8508 5400
State Manager NSW/ACT
(02) 9957 5700
State Manager QLD/NT
(07) 3017 1500
State Manager WA
(08) 9261 1200
State Manager SA/TAS and National Business Manager
(08) 8363 7366