Among the most recent corporate victims of cyber-crime is The Carphone Warehouse. A cyber-attack via one of the company’s websites enabled hackers to access the personal data of over 2 million customers, including the encrypted credit card details of around 90,000 people. The company is already facing the fallout from angry customers critical of their handling of the incident.
Data security breaches in smaller firms are even more prevalent. According to PWC's Information Security Breaches Survey, 76% of small businesses admitted to a security breach in the last year, with 20% losing confidential data.
Do you need cyber insurance?
Inadvertent data breaches caused by human error remain the biggest risk for your data security. But this is no reason to be complacent about deliberate criminal activity. Cyber-crime costs SMEs in the UK around £800m a year, and the threats are only increasing as hackers come up with ever more ways to compromise security.
Many firms are starting to face up to the pressing question: do we need to take out specific insurance policies against this kind of crime?
If you can answer yes to the following questions, you are likely to benefit from a cyber-policy.
But what about if you don’t do business online? That doesn't matter to cyber criminals. Nor do they care that you are not a high profile multinational with high-net-worth clients. You could still be a target, and a vulnerable one.
Even if you don't transact online, you certainly use email, and you may well use off-site 'virtual' computer systems to store data. Many people use cloud services without even realising it – for example Hotmail, Yahoo mail and Gmail, Dropbox and many other smart phone apps. Sometimes you’ll upload data to these without even realising you’ve done it.
Key benefits of a cyber-policy
Cyber insurance policies include cover both for third party and first party losses. The best ones will also provide you with rapid access to trusted experts in cyber-crime recovery – helping you get back up and running quickly with minimum reputational damage.
Security Liability: provides cover to pay costs arising from a breach of duty to protect confidential information, in both electronic and non-electronic form.
This includes the failure to protect against anticipated security threats, including the failure to protect against unauthorised access to or physical theft of hardware or firmware, or any liability associated with the transmission of computer viruses.
Privacy Liability: provides cover to pay costs arising from violations of privacy laws and regulations whether relating to clients, third parties or staff.
Privacy Regulatory Defence and Civil Penalties cover: may include compensation awarded by the regulator, civil penalties or fines, to the extent insurable by law. This may arise from a breach of privacy caused by the insured or the outsourced providers of the insured.
Security Event Costs: reimburses costs for:
To discuss your information security and cyber risks with one of Lockton’s specialist team, just get in touch.
Find out more at the Lockton website.