Head Office:1300 008 245

Cyber Crime Insurance

Do you use the internet? Yes.

cyberThen your business is at high risk of being attacked by organised cyber criminals.

No Company is Immune

Cyber risk is an enterprise wide issue that affects companies large and small. The targets of cyber attacks span a multitude of industries including construction, retailers, restaurants, media companies, manufacturers, banks, asset managers, defence contractors, transport organisations, healthcare organisations, agriculture and professional firms, just to name a few.

Cybercrime Insurance is designed to protect commercial businesses of all kinds against a wide range of first party and third party liability cyber exposures that arise when their customer information is breached or stolen.

Companies with access to private, confidential information about their customers have a responsibility to keep it secure. Equally, companies who have a web presence or a dependency on technology have emerging content and transactional exposures.

Features of CyberSecurity Isnurance

First party insuring clauses offer coverage for:

  • Business interruption: including first dollar Extra Expenses.
  • E-Theft Loss: due to having transferred funds or property or given any value due to the fraudulent input of data into a computer system or through a network into a computer system.
  • E-communication Loss: due to a customer having transferred funds or property or given any value on the faith of any fraudulent communication for which loss you are held legally liable.
  • E-Threat Loss: including the cost of a professional negotiator and ransom payment.
  • Privacy Notification Expenses: including the cost of credit monitoring services for affected customers. Subject to a sub limit.
  • E-Vandalism Loss: even when the vandalism is caused by an employee.
  • Crisis Expenses: including the cost of public relations consultants. Subject to a sub limit.
  • Reward Expenses: including the cost of paying an informant. Subject to a sub limit.
  • Third party liability coverage pursuant to the Cyber Liability insuring clause which includes coverage for:
  • Disclosure Liability: including claims by customers arising from system security failures that result in unauthorised access to or dissemination of private information on the Internet.
  • Content Liability: including claims arising from intellectual property infringement, trademark infringement and copyright infringement.
  • Reputational Liability: including claims alleging disparagement of products or services, libel, slander, defamation and invasion of privacy.
  • Conduit Liability: including claims arising from system security failures that result in harm to third-party systems.
  • Impaired Access Liability: including claims arising from a system security failure that results in your clients’ systems being unavailable to customers.
  • Defence Costs: cover available for costs incurred in defending any claim brought by a government agency or licensing or regulatory organisation.

Loss Scenarios

Consider the following loss scenarios based on actual claims and then ask yourself whether you have adequate insurance in place.

Type of Organisation: Hotel

Coverage Considerations: Privacy Notification and Crisis Management.

A former hotel executive gained unauthorised access to the hotel’s confidential database of names and credit / debit card information of 75,000 customers as well as personal information of 2,500 employees. The information was sold to an organised crime network.  The hotel incurred more than $2,500,000 in expenses associated with the forensic investigation, notifying customers, credit and identify monitoring and restoration, public relations and regularly action.

 Type of Organisation:   Solicitor

Coverage Considerations: e-Threat, e-Business Interruption, Privacy Notification and Crisis Management.

Hackers obtained access to a law firm’s network and claimed to have access to sensitive client information, including a public company’s acquisition target, another company’s prospective patent technology, the draft prospectus of a venture capital client and a significant number of claimants’ personally identifiable information. The firm was contacted by the hacker group seeking $10,000,000 not to place the stolen information on-line.

The law firm incurred $2,000,000 for forensic investigation, extortion related negotiations, a ransom payment, notifications, credit and identity monitoring, restoration services and independent lawyers’ fees. The firm also sustained $600,000 in lost business income and expenses associated with the system shutdown.

Type of Organisation: Manufacturer

Coverage Considerations: Disclosure Wrongful Act, Privacy Notification and Crisis Management

A manufacturer leased a copying machine for a 2 year period through a third-party intermediary. During the 2 years the manufacturer made copies of business information, including proprietary client information and its own employee data. After the lease expired the manufacturer returned the machine via the third-party intermediary. Prior to making its way back to the actual leasing company a rogue employee of the third-party intermediary accessed the machine’s data and stole and sold the proprietary information.

The manufacturer incurred $75,000 in connection with a forensic investigation, notification, identity monitoring, restoration services and independent counsel fees. It also incurred approximately $100,000 in legal defense costs and $275,000 in indemnity associated with the theft and sale of proprietary client information.