Why do we need Cyber Insurance?

Many of us simply do not know what Cyber Insurance does so we have no chance of knowing why we might need it. If we are lucky enough to get three affordable quotes, few of us are capable of comparing one with the other as no two policies are the same. The language used differs and sometimes certain words have differing meanings. Comparing the relevance and value of all three is all but impossible.

Before we consider Cyber Insurance, we should carefully consider what could and might go wrong: what we might lose (or have to pay) in terms of money, penalties, lost trade, breach of contract, loss of goodwill, loss of intellectual property. The list really is endless!

Many brokers do sell Cyber Insurance. However, not all brokers are trained on Cyber Risks and it is all too easy to buy, quite unwittingly, a policy that simply does not meet your needs.

Insurance policies, together with the schedule and proposal form (or statement of fact), will specify those ‘threats’ that will be insured by the policy. However, it can be really difficult to spot what is really important for your business – but is simply missing. Remember, very often it is not what is in the policy that is important – but what has been left out.

All insurance policies have exclusions and limitations. Some will exclude certain aspects of coverage that you need and some will impose conditions that you do not fully understand or with which you cannot possibly comply. Ask. Check – and ask again.

Why do we need Cyber Insurance?

Many of us simply do not know what Cyber Insurance does so we have no chance of knowing why we might need it. If we are lucky enough to get three affordable quotes, few of us are capable of comparing one with the other as no two policies are the same. The language used differs and sometimes certain words have differing meanings. Comparing the relevance and value of all three is all but impossible.

Before we consider Cyber Insurance, we should carefully consider what could and might go wrong: what we might lose (or have to pay) in terms of money, penalties, lost trade, breach of contract, loss of goodwill, loss of intellectual property. The list really is endless!

Many brokers do sell Cyber Insurance. However, not all brokers are trained on Cyber Risks and it is all too easy to buy, quite unwittingly, a policy that simply does not meet your needs.

Insurance policies, together with the schedule and proposal form (or statement of fact), will specify those ‘threats’ that will be insured by the policy. However, it can be really difficult to spot what is really important for your business – but is simply missing. Remember, very often it is not what is in the policy that is important – but what has been left out.

All insurance policies have exclusions and limitations. Some will exclude certain aspects of coverage that you need and some will impose conditions that you do not fully understand or with which you cannot possibly comply. Ask. Check – and ask again.

When asked “Why do You need Cyber Insurance”, Google’s AI response was expectedly swift – but of little help.

Cyber insurance is a valuable investment for businesses of all sizes because it can help protect against cyberattacks and the fallout they cause.

Well. Who’d have thought!

So, what to do?

Asking Google will lead you down a variety of Rabbit Holes. Be prepared to spend some time! Buying online is great – if you really know what you want – and what you don’t want. But too many times I have seen insurance that simply does not match the needs of the applicant.

If you are not confident on the matter of Cyber, find a good broker who is. Avoid online forms. Talk to someone!

When looking for insurance you will find it useful to have some idea of both your vulnerabilities and the insurance options available to mitigate those vulnerabilities.

We work closely with and recommend BGi.uk. Whether you choose BGi.uk or another good Broker to help, I hope that the summary and explanation of threats and insurance terms given below might be helpful.

Remember!

Nick Elwell reminds us that our lives are increasingly dominated by Cyber. We rely on ‘Cyber’ every second of every year. Our lives would be very different without Cyber: if we could live at all!

Many things around us are dangerous. They are a necessary part of our world and we live with them. Knives are dangerous: we use them carefully. Cars are Dangerous: we are wary when crossing roads. Umbrellas are dangerous: well, they are in some situations!

‘Cyber’ has been defined in various ways: these two probably sum up what we mean:

1.) involving, using, or relating to computers, especially the internet.
2.) computers, especially the internet, and activities that use them.

If you run a business, it is important to remember that many (and possibly most) General Insurance Policies that you rely on to support and protect your businesses have a Cyber Exclusion. This might read as follows:

‘It is important to bear in mind that if the ‘proximate cause’ of an incident that you think should be insured by a policy is attributed to a Cyber event, it may be rejected by insurers.’ The term ‘Proximate cause’ is fundamental.

Claims Examples

A Medical Malpractice Insurance Claim – An Osteopath uses a computer diagnosis and computer program created to treat a patient.

Problem: If the device causes injury to a patient due to improper diagnosis or treatment because the operating system has been compromised by a Cyber event – the claim will naturally be rejected as the proximate cause of the injury is the Cyber event.

It is clearly necessary that you, or your Broker, ensures that the Cyber exclusion from the policy is deleted or amended as appropriate: perhaps along the following lines:

‘This exclusion shall not operate to exclude losses that would otherwise be covered in respect of the insured’s liability for Bodily Injury or Property Damage arising directly from [the excluded cyber event].’

So, what’s Insured?

It is evident that very few people have any idea as to what might be insured by a Cyber Insurance Policy. The following headings might outline what could be covered under a Cyber Insurance Policy – but it would take another essay to explain what they all mean – or do.

So, which of the following would be of value to you and/or your business?

Additional Increased Cost of Working

Breach Response Costs

Breach Response Service

Claim Preparation Costs

Computer Replacement & Bricking, System Damage & Rectification

Corporate Identity Theft

Court Attendance

Criminal Reward

Crisis Communication Costs

Crisis Management & Public Relations

Cyber Extortion

Defamation

Dependent Business Interruption

Direct and indirect business interruption

Direct Loss of Profits & Increased Cost of Working

Extortion

Funds Transfer Fraud & Liability

Hardware Replacement Costs

Impersonation Repair Costs

Incident Response Costs

Intellectual Property Rights Infringement

Invoice Manipulation

IT Security & Forensic Costs

Legal And Regulatory Costs

Management Liability

Multimedia Content Liability

Network Security Liability

PCI Fines & Assessments

Post Breach Remediation Costs

Privacy Breach Management Costs

Privacy Liability

Proof of Loss preparation expenses

Push Payment

Ransomware & Cyber Extortion

Regulatory Defence and Penalties

Reputational Harm or Loss

Service Fraud including Cryptojacking

Technology Errors and Omissions

Telephone Hacking

Theft Of Funds Held in Escrow

Theft Of Personal Funds

Third Party Privacy Breach Management Costs

 

The Cyber Insurance Protection provided by most insurers in the UK is quite good. But make sure you tell them in detail about your concerns, your perceived vulnerabilities – and what keeps you awake at night!

Without specific instruction, some insurers will –

  • offer exceptionally wide cover which will be critical in certain circumstances – but may be unnecessary in others.
  • have inhouse capabilities which will enable them to tell you of a problem before you know about it!
  • outsource the provision of specialist services: in much the same way as Insurers tend to appoint independent Insurance Claims adjusters.

 

 

BGi.uk are FCA regulated Insurance Brokers. If you need a Broker’s help, ask for Georgia or Henry.

Tel: 01367 246135

email: info@BGi.uk – and include the word ‘Cyber’ in the email heading.

 

Written by Nick Elwell whose profile on LinkedIn reads –

knows a bit about insurance (esp. the awkward stuff!)

Access to UK & EEA markets.

Our mantra: simple solutions to complex risks.

 

BGi.uk is a privately owned, independent, insurance broker regulated by the Financial Conduct Authority

 

https://www.linkedin.com/in/nickelwell/

GAMBRYCE - protecting you, protecting your data