Protection against cyber-crime

A rapidly evolving kind of crime demands a highly specialised kind of insurance. Brett Warburton-Smith of Lockton highlights the risks posed by hackers and cyber-criminals – and what you can do to protect your business from them.


Among the most recent corporate victims of cyber-crime is The Carphone Warehouse.  A cyber-attack via one of the company’s websites enabled hackers to access the personal data of over 2 million customers, including the encrypted credit card details of around 90,000 people.  The company is already facing the fallout from angry customers critical of their handling of the incident.

Data security breaches in smaller firms are even more prevalent.  According to PWC's Information Security Breaches Survey, 76% of small businesses admitted to a security breach in the last year, with 20% losing confidential data.

Do you need cyber insurance?

Inadvertent data breaches caused by human error remain the biggest risk for your data security.  But this is no reason to be complacent about deliberate criminal activity. Cyber-crime costs SMEs in the UK around £800m a year, and the threats are only increasing as hackers come up with ever more ways to compromise security.

Many firms are starting to face up to the pressing question: do we need to take out specific insurance policies against this kind of crime?

If you can answer yes to the following questions, you are likely to benefit from a cyber-policy.

  • Do you hold personal or confidential client data? Email addresses and telephone numbers are a saleable commodity.
  • Do you perform online transactions with either customers or business partners?
  • Do you use off-site 'cloud' software solutions in your business (many email systems, document management and other software solutions are 'in the cloud')?
  • Would you need professional support in the event of a major data security breach? (many firms rely on specialist consultants to manage reputational damage and get the business back up and running securely after a major security breach).

But what about if you don’t do business online? That doesn't matter to cyber criminals. Nor do they care that you are not a high profile multinational with high-net-worth clients. You could still be a target, and a vulnerable one. 

Even if you don't transact online, you certainly use email, and you may well use off-site 'virtual' computer systems to store data.  Many people use cloud services without even realising it – for example Hotmail, Yahoo mail and Gmail, Dropbox and many other smart phone apps. Sometimes you’ll upload data to these without even realising you’ve done it.

Key benefits of a cyber-policy

Cyber insurance policies include cover both for third party and first party losses.  The best ones will also provide you with rapid access to trusted experts in cyber-crime recovery – helping you get back up and running quickly with minimum reputational damage.

Security Liability:  provides cover to pay costs arising from a breach of duty to protect confidential information, in both electronic and non-electronic form.

This includes the failure to protect against anticipated security threats, including the failure to protect against unauthorised access to or physical theft of hardware or firmware, or any liability associated with the transmission of computer viruses.

Privacy Liability:  provides cover to pay costs arising from violations of privacy laws and regulations whether relating to clients, third parties or staff.

Privacy Regulatory Defence and Civil Penalties cover:  may include compensation awarded by the regulator, civil penalties or fines, to the extent insurable by law.  This may arise from a breach of privacy caused by the insured or the outsourced providers of the insured.

Security Event Costs: reimburses costs for:

  • notifications to clients regarding the breach
  • legal experts (to determine the applicability of any local or international laws and regulations and the insured's obligations under such laws and regulations)
  • computer forensic experts (who will investigate both the cause and extent of the breach)
  • credit protection services for affected individuals
  • crisis management teams (such as public relations managers or call centres to deal with the reputational impact of a breach and handling enquiries from concerned individuals).

To discuss your information security and cyber risks with one of Lockton’s specialist team, just get in touch.

Find out more at the Lockton website.


More articles