Cyber Security Policy
This policy covers liability or loss due to data breaches, payment gateway flaws or deliberate cyber and data fraud and other cyber security breaches. It’s a cover contractually required of many IT firms and the like by their clients. This insurance is recognized by investors, external agencies and international companies, helping you meet contractual requirements.
There are two components to this cover- First party and third party. First party covers losses that you incur such as damage control losses or audit costs. Third party refers to losses incurred by your customers or vendors. This includes data theft of your clients. This policy covers you for claims whenever they occur(even years later), provided the loss incident happened in the policy period.
A cyber insurance policy is also known as the cyber liability insurance or cyber risk insurance. Some players term it as an information and network security policy.
Even the best cybersecurity protocols in place today cannot guarantee 100% security. However, businesses can ensure this protection with a cyber insurance policy. The rise in data breaches and cybersecurity incidents worldwide indicates that there is a real and growing need for businesses to get cyber insurance.
What does this policy cover?
Cyber insurance includes expenses related to first-party damage as well as claims made by third parties in the following scenarios:
- Data breach and privacy management: The insurance company covers the costs associated with the management of an incident related to cyber-crime. The covered expenses here include the cost of:
- Data subject notification
- Call management
- Credit checking for data subjects
- Legal costs
- Court attendance and regulatory fines
- Multimedia and media liability cover:
- This insurance covers the third-party damages including specific defacement of website and intellectual property rights infringement.
- Extortion liability cover: The cyber insurance policy also covers the losses due to a threat of extortion and the professional fees related to dealing with the extortion.
- Network security liability: This may include the third-party damages as a result of the denial of access, costs related to the theft of data on third-party systems etc.
- In some cases, a few of the cyber liability covers may overlap with other policies like professional indemnity, but a decent cyber insurance policy always ensures that the cyber risks are adequately catered for.
What type of Losses are Covered by Cyber Risk Insurance?
Cyber Risk Insurance covers the losses relating to damage or loss of information from systems and networks. Such policies include significant assistance including management of the incident itself. When one gets such a policy, it is essential to understand if the policy covers only first-party risk or also third-party risks.
First-party insurance covers the assets of the business which includes:
- Loss or damage to data or software programs which are the digital assets of an organization.
- Network downtime causing severe business interruption.
- Cyber exhortation: In such a scenario, a third party threatens to damage or release data if they are not given a ransom amount.
- Customer notification expenses: In case when the customer personal data is compromised there is a legal or regulatory requirement to notify them about the privacy breach.
- Reputational damage: Breach of data results in loss of intellectual property or customers which cause reputational damage to the organization.
- Theft of money or digital assets: The theft in such a scenario can be of equipment or electronic theft.
Third Party cover provides the following benefits:
- Security and privacy breaches, and the investigation, defense costs and civil damages associated with the third-party.
- Multi-media liability: It covers investigation costs, defense costs, and civil damages. Such cost and damages arise from defamation, breach of privacy. Negligence in the publication of information in electronic or print media is also covered in this.
- Loss of third party data: This includes payment of compensation to customers for denial of access
- Failure of software or systems
- Patent, software and copyright infringement: Patents, software, and copyright are not covered by a cyber policy. Sometimes, copyright infringement claims, as a result of actions by a non-management employee or an outside third party are covered.
- Wars and invasions: Damages resulting from the war, invasions or insurrections are excluded.
- Failure in security measures: Policies will have required security measures to be put in place at all times, failure to implement which will cause denial of claim.
- Loss of electronic device: If an employee loses a company-issued portable electronic device, it is excluded from the policy.
- Vicarious liability: When an organization passes the data to a third-party vendor, and the breach occurs at the vendor’s system, the claim may be denied.
- Government Entity or Public Authority: Any recommendations or orders from government authority or public authority are excluded.
- Specific Network Interruption Condition: If data is lost due to any technical or network interruptions, it may be excluded.
- The cover and risks vary by industry. E-commerce firms are vulnerable because they have access to payment and transaction data. Sites that store personal information, such as user name, passwords, contact details, etc. are at risk of having data stolen. Even transaction data of websites is at risk. Perilwise factors in these factors.