Do you use the internet? Yes.
Then your business is at high risk of being attacked by organised cyber criminals.
No Company is Immune
Cyber risk is an enterprise wide issue that affects companies large and small. The targets of cyber attacks span a multitude of industries including construction, retailers, restaurants, media companies, manufacturers, banks, asset managers, defence contractors, transport organisations, healthcare organisations, agriculture and professional firms, just to name a few.
Cybercrime Insurance is designed to protect commercial businesses of all kinds against a wide range of first party and third party liability cyber exposures that arise when their customer information is breached or stolen.
Companies with access to private, confidential information about their customers have a responsibility to keep it secure. Equally, companies who have a web presence or a dependency on technology have emerging content and transactional exposures.
Features of CyberSecurity Isnurance
First party insuring clauses offer coverage for:
Consider the following loss scenarios based on actual claims and then ask yourself whether you have adequate insurance in place.
Coverage Considerations: Privacy Notification and Crisis Management.
A former hotel executive gained unauthorised access to the hotel’s confidential database of names and credit / debit card information of 75,000 customers as well as personal information of 2,500 employees. The information was sold to an organised crime network. The hotel incurred more than $2,500,000 in expenses associated with the forensic investigation, notifying customers, credit and identify monitoring and restoration, public relations and regularly action.
Coverage Considerations: e-Threat, e-Business Interruption, Privacy Notification and Crisis Management.
Hackers obtained access to a law firm’s network and claimed to have access to sensitive client information, including a public company’s acquisition target, another company’s prospective patent technology, the draft prospectus of a venture capital client and a significant number of claimants’ personally identifiable information. The firm was contacted by the hacker group seeking $10,000,000 not to place the stolen information on-line.
The law firm incurred $2,000,000 for forensic investigation, extortion related negotiations, a ransom payment, notifications, credit and identity monitoring, restoration services and independent lawyers’ fees. The firm also sustained $600,000 in lost business income and expenses associated with the system shutdown.
Coverage Considerations: Disclosure Wrongful Act, Privacy Notification and Crisis Management
A manufacturer leased a copying machine for a 2 year period through a third-party intermediary. During the 2 years the manufacturer made copies of business information, including proprietary client information and its own employee data. After the lease expired the manufacturer returned the machine via the third-party intermediary. Prior to making its way back to the actual leasing company a rogue employee of the third-party intermediary accessed the machine’s data and stole and sold the proprietary information.
The manufacturer incurred $75,000 in connection with a forensic investigation, notification, identity monitoring, restoration services and independent counsel fees. It also incurred approximately $100,000 in legal defense costs and $275,000 in indemnity associated with the theft and sale of proprietary client information.