The document discusses cyber liability insurance cover (CLIC) and provides information about:
- What CLIC protects against, including privacy liability, regulatory fines, and cyber extortion
- Common causes of cyber risk like data theft, phishing emails, and denial of service attacks
- Cyber challenges specific to the maritime industry such as GPS spoofing and hackers interfering with ship operations
- Steps to mitigate risk like purchasing CLIC and implementing security controls
- Important considerations when buying a CLIC policy including coverage exclusions, security requirements, and support services provided
Cyber insurance is probably one of the top security measures each organization, big corporations, and Small and Medium Enterprises (SMEs) should look up to when it comes to a cybersecurity data breach. https://cyberpal.io/
A publication to help business owners understand the need for cyber insurance, the news notification laws that impact business and what covers a cyber insurance policy provides.
In today’s media and technology age, website owners, designers, hosts and Internet Service providers are presented with multiple risks with regard to business and cyberspace. E-commerce now comprises approximately one-third of all the
business conducted on the Internet according to the Insurance Journal. Further, in 1999, businesses lost more than $20
billion because of power outages and hackers. Therefore, protection for your Internet-based resources must be a top
priority.
From the 2017 Intermountain CFO Summit. How do CFOs manage financial risk. What role does insurance play? This presentation is by a friend of the firm - Diversified Insurance
Cyber insurance is probably one of the top security measures each organization, big corporations, and Small and Medium Enterprises (SMEs) should look up to when it comes to a cybersecurity data breach. https://cyberpal.io/
A publication to help business owners understand the need for cyber insurance, the news notification laws that impact business and what covers a cyber insurance policy provides.
In today’s media and technology age, website owners, designers, hosts and Internet Service providers are presented with multiple risks with regard to business and cyberspace. E-commerce now comprises approximately one-third of all the
business conducted on the Internet according to the Insurance Journal. Further, in 1999, businesses lost more than $20
billion because of power outages and hackers. Therefore, protection for your Internet-based resources must be a top
priority.
From the 2017 Intermountain CFO Summit. How do CFOs manage financial risk. What role does insurance play? This presentation is by a friend of the firm - Diversified Insurance
Security and Privacy: What Nonprofits Need to KnowTechSoup
The adage says, "You can't have privacy without security, but you can have security without privacy." What does that really mean, and how can you proactively address both for your organization? With privacy scandals and data breaches grabbing headlines daily, even the smallest organizations must take responsibility for lawful custodianship and protection of personal information. In this 60-minute webinar with Michael Standard, senior corporate counsel at Symantec, we will cover the key elements of privacy and security programs. You will learn
- How privacy and security concerns intersect and differ
- Risks to assess when evaluating your privacy program
- The definition of "personal information"
- Key privacy laws that may impact your organization
- The top three privacy and security threats and how to mitigate them
[CB19] Integration of Cyber Insurance Into A Risk Management Program by Jake ...CODE BLUE
Many people believe that there are only two types of companies: those that have been breached, and those that will be. Regardless of your viewpoint, no matter how many new, shiny information security appliances are purchased, data breaches continue to happen at alarming rates. It doesn’t matter what industry or the size of an organization, as no company seemed to be immune. If you knew your house was going to burn down or your car was going to be stolen, you would be certain to have insurance right? Do you have cyber liability insurance for your most important assets in place?
his session will provide information on the current data breach landscape and then a behind the scenes look into cyber liability from a former insurance professional with no sales spin. The talk will discuss how the coverage works and what types of breaches can be covered.
Further, the session then will discuss how Cyber Insurance is being integrated into a risk management plan. Information Security professionals and incident responders are in many cases unaware of how the cyber insurance process works when there is a data breach and do not understand the requirements that can affect the incident response process.
“Cyber Liability & Cyber Insurance” - A discussion on best practices around Prevention, Detection, and Response!
Sponsored by Datto and Webster Bank
Series brought to you by the Connecticut Technology Council.
____________
TOPIC FOCUS:
1. Evolution and acceptance of Cybersecurity insurance
a. Understanding risk & effect on businesses
i. Used to be major brands, now widespread.
ii. Risk recognized, business leaders looking to minimize risk
b. Describing changes in cybersecurity insurance
How coverages have evolved - not just for biggest companies
i. Insurers are working with (tech) companies to get it right
ii. Where is it going from here? Trends, specialty insurance
2. Describe insurance types/ specifics and how they perform when needed
. Not all policies are the same
a. What to look for
b. How they vary by type of business (Healthcare vs. Retail vs. Software Co.)
c. What gaps still remain (What can’t get covered?)
3. How to minimize cost, get most value for your company
. Some protections on your current policies
a. Gating elements - What the insurance companies want to see - how that might help costs
4. Best practices generally
Please find enclosed some of the material relating to our ANZIIF CPD accredited Cyber Insurance training.
If the noise and rhetoric is getting too much, let us come and walk you through the how, what , when and where of Cyber Insurance
Presentation given by Dr K Subramanian, Director and Professor, Advance Centre for Informatic and Innovative Learning IGNOU on August 3rd, 2011 at eWorld Forum (www.eworldforum.net) in the session Information Management and Security
It’s important to establish the balance sheet for security leadership to measure, monitor and report. Insurance is an important component to protecting the balance sheet. Don’t believe all of the fake news about cyber-insurance. This session will take you from theory to practice. How partnering with the insurance industry provides practical benefits to security leaders if you let it.
Learning Objectives:
1: Learn how to map cyber-risks to financial impacts.
2: Learn how to determine if your insurance covers the impact from an incident.
3: Overcome common myths around cyber-insurance and claims.
(Source: RSA Conference USA 2018)
Cyber 101: An introduction to privileged access managementseadeloitte
Gartner has named privileged access management the #1 cyber security priority for organisations. But what exactly does privileged access management entail?
This article examines cyber and information security as it relates to the legal industry and provides strategic considerations for law firms looking to deal with information security issues.
Cyber security is becoming increasingly relevant within the insurance industry to the degree, that the National Association of Insurance Commissioners (NAIC) named it as the key initiative for 2015.
Security and Privacy: What Nonprofits Need to KnowTechSoup
The adage says, "You can't have privacy without security, but you can have security without privacy." What does that really mean, and how can you proactively address both for your organization? With privacy scandals and data breaches grabbing headlines daily, even the smallest organizations must take responsibility for lawful custodianship and protection of personal information. In this 60-minute webinar with Michael Standard, senior corporate counsel at Symantec, we will cover the key elements of privacy and security programs. You will learn
- How privacy and security concerns intersect and differ
- Risks to assess when evaluating your privacy program
- The definition of "personal information"
- Key privacy laws that may impact your organization
- The top three privacy and security threats and how to mitigate them
[CB19] Integration of Cyber Insurance Into A Risk Management Program by Jake ...CODE BLUE
Many people believe that there are only two types of companies: those that have been breached, and those that will be. Regardless of your viewpoint, no matter how many new, shiny information security appliances are purchased, data breaches continue to happen at alarming rates. It doesn’t matter what industry or the size of an organization, as no company seemed to be immune. If you knew your house was going to burn down or your car was going to be stolen, you would be certain to have insurance right? Do you have cyber liability insurance for your most important assets in place?
his session will provide information on the current data breach landscape and then a behind the scenes look into cyber liability from a former insurance professional with no sales spin. The talk will discuss how the coverage works and what types of breaches can be covered.
Further, the session then will discuss how Cyber Insurance is being integrated into a risk management plan. Information Security professionals and incident responders are in many cases unaware of how the cyber insurance process works when there is a data breach and do not understand the requirements that can affect the incident response process.
“Cyber Liability & Cyber Insurance” - A discussion on best practices around Prevention, Detection, and Response!
Sponsored by Datto and Webster Bank
Series brought to you by the Connecticut Technology Council.
____________
TOPIC FOCUS:
1. Evolution and acceptance of Cybersecurity insurance
a. Understanding risk & effect on businesses
i. Used to be major brands, now widespread.
ii. Risk recognized, business leaders looking to minimize risk
b. Describing changes in cybersecurity insurance
How coverages have evolved - not just for biggest companies
i. Insurers are working with (tech) companies to get it right
ii. Where is it going from here? Trends, specialty insurance
2. Describe insurance types/ specifics and how they perform when needed
. Not all policies are the same
a. What to look for
b. How they vary by type of business (Healthcare vs. Retail vs. Software Co.)
c. What gaps still remain (What can’t get covered?)
3. How to minimize cost, get most value for your company
. Some protections on your current policies
a. Gating elements - What the insurance companies want to see - how that might help costs
4. Best practices generally
Please find enclosed some of the material relating to our ANZIIF CPD accredited Cyber Insurance training.
If the noise and rhetoric is getting too much, let us come and walk you through the how, what , when and where of Cyber Insurance
Presentation given by Dr K Subramanian, Director and Professor, Advance Centre for Informatic and Innovative Learning IGNOU on August 3rd, 2011 at eWorld Forum (www.eworldforum.net) in the session Information Management and Security
It’s important to establish the balance sheet for security leadership to measure, monitor and report. Insurance is an important component to protecting the balance sheet. Don’t believe all of the fake news about cyber-insurance. This session will take you from theory to practice. How partnering with the insurance industry provides practical benefits to security leaders if you let it.
Learning Objectives:
1: Learn how to map cyber-risks to financial impacts.
2: Learn how to determine if your insurance covers the impact from an incident.
3: Overcome common myths around cyber-insurance and claims.
(Source: RSA Conference USA 2018)
Cyber 101: An introduction to privileged access managementseadeloitte
Gartner has named privileged access management the #1 cyber security priority for organisations. But what exactly does privileged access management entail?
This article examines cyber and information security as it relates to the legal industry and provides strategic considerations for law firms looking to deal with information security issues.
Cyber security is becoming increasingly relevant within the insurance industry to the degree, that the National Association of Insurance Commissioners (NAIC) named it as the key initiative for 2015.
Cyber Security and Insurance Coverage Protection: The Perfect Time for an AuditNationalUnderwriter
Cyber Security and Insurance Coverage Protection: The Perfect Time for an Audit by Lynda Bennett
2014 ended almost the same way that it began for most companies – having concerns about cyber security and hackers. At the beginning of the year, the news cycle was focused on breaches that took place in the consumer product space as Target, Michael’s, Neiman Marcus, and Home Depot worked fast and furious to address breaches that led to concerns about a massive amount of credit card information possibly being “in the open.” Later in the year, we learned that corporate giants like JPMorgan Chase and Apple were not immune from cyber security breaches as still more personally identifiable information and very personal photographs were released into the public domain. Finally, as 2014 drew to a close, the entertainment industry was further rocked by the cyber-attack on Sony Corp., which led to even broader concerns about national security and terrorist threats.
Cyber Insurance provides coverage for many different
losses, both first party (loss to the policyholder) and
third party (loss to others as a result of the policyholder’s
negligence).
Pandemic has taken a fair share of the toll on every economy, affecting millions of businesses across the globe. As organizations are adopting technology and innovation to fulfil their quest for growth, they must comprehend, the ghost of cyberattack will come to haunt them sooner or later. Cyber breaches will not only cause brand degradation, but also lead to loss of digital assets, and change in consumer behaviour. As a result, companies are considering corporate cyber insurance as a part of their cybersecurity strategies. Click on the link to read what cyber insurance is and why companies direly need it.
For digital media companies, effective cybersecurity programs a mustGrant Thornton LLP
In digital media trust is everything, without it your business model doesn’t work. Cybersecurity can be a key component, ensuring the integrity of your services. Check out this brief guide to securing your data.
What Not-for-Profits Can Do To Prevent "Uninspired" TheftCBIZ, Inc.
This presentation showcases the reasoning for and the importance of cyberseucrity in the not-for-profit sector. Case studies reinforce the importance of being ahead of the curve when managing cyber risk.
This presentation focuses to the rising prominence of insurance considerations—and more particularly—to legal aspects of insurance as it relates to cybersecurity and privacy.
The presentation defines "Cyber and Privacy Insurance” and organizes such insurance into four main types of cyber insurance coverage: data breach and privacy management coverage, multimedia liability coverage, extortion liability coverage, and network security liability coverage. With these definitions, the presentation then gives snapshot of how the Cyber Insurance Market Is Maturing, its participants, costs, and related attributes.
Consideration is given to the importance of defined terms, before launching into difficulties that providers and users have relative to measuring, modeling, and pricing cyber insurance risk. Particular attention is given to the language of “claims” and how to navigate through associated risk/cost analyses and cost structures.
Additionally, general considerations, pre-conditions, cost of compliance, business interruption, governing board oversight and related issues are brought together is a cohesive manner.
Intelligence-Driven Fraud Prevention
This RSA white paper discusses the need for new, intelligence-based approaches to manage fraud across digital channels.
Contents lists available at ScienceDirectJournal of AccounAlleneMcclendon878
Contents lists available at ScienceDirect
Journal of Accounting and Public Policy
journal homepage: www.elsevier.com/locate/jaccpubpol
Full length article
Cybersecurity insurance and risk-sharing
Lawrence D. Bodina, Lawrence A. Gordonb, Martin P. Loebb,⁎, Aluna Wangc
a Emeritus Professor of Management Science, Robert H. Smith School of Business, University of Maryland, College Park, MD 20742-1815, USA
b Accounting and Information Assurance, Robert H. Smith School of Business, University of Maryland, College Park, MD 20742-1815, USA
c Tepper School of Business, Carnegie Mellon University, 5000 Forbes Avenue, Pittsburgh, PA 15217, USA
A R T I C L E I N F O
Keywords:
Cybersecurity insurance
Cybersecurity risk management
A B S T R A C T
In today’s interconnected digital world, cybersecurity risks and resulting breaches are a funda-
mental concern to organizations and public policy setters. Accounting firms, as well as other
firms providing risk advisory services, are concerned about their clients’ potential and actual
breaches. Organizations cannot, however, eliminate all cybersecurity risks so as to achieve 100%
security. Furthermore, at some point additional cybersecurity measures become more costly than
the benefits from the incremental security. Thus, those responsible for preventing cybersecurity
breaches within their organizations, as well as those providing risk advisory services to those
organizations, need to think in terms of the cost-benefit aspects of cybersecurity investments.
Besides investing in activities that prevent or mitigate the negative effects of cybersecurity
breaches, organizations can invest in cybersecurity insurance as means of transferring some of
the cybersecurity risks associated with potential future breaches.
This paper provides a model for selecting the optimal set of cybersecurity insurance policies by
a firm, given a finite number of policies being offered by one or more insurance companies. The
optimal set of policies for the firm determined by this selection model can (and often does)
contain at least three areas of possible losses not covered by the selected policies (called the Non-
Coverage areas in this paper). By considering sets of insurance policies with three or more Non-
Coverage areas, we show that a firm is often better able to address the frequently cited problems
of high deductibles and low ceilings common in today’s cybersecurity insurance marketplace.
Our selection model facilitates improved risk-sharing among cybersecurity insurance purchasers
and sellers. As such, our model provides a basis for a more efficient cybersecurity insurance
marketplace than currently exists. Our model is developed from the perspective of a firm pur-
chasing the insurance policies (or the risk advisors guiding the firm) and assumes the firm’s
objective in purchasing cybersecurity insurance is to minimize the sum of the costs of the pre-
miums associated with the cybersecurity insurance policies selected and ...
Cybersecurity Risk Management for Financial InstitutionsSarah Cirelli
The New York State Department of Financial Services has been closely monitoring this ever-growing threat and has proposed regulations that would require financial services companies to adopt a cybersecurity program to protect their customers, employees, data and operations. Its proposed changes are expected to take effect on March 1, 2017. Financial services companies would have until Feb. 15, 2018, to submit a certificate of compliance with the program. Components of New York's proposed cybersecurity program are outlined in this article.
How to assess your Cybersecurity Vulnerability_.pdfMetaorange
The new age of cyber threats is not limited to data breaches and ransomware attacks. They have become much more advanced with AI-based security analysis, crypto-jacking, facial recognition, and voice cloning via deep fake, IoT compromise, and cloud-based DDoS attacks.
How to assess your Cybersecurity Vulnerability_.pptxMetaorange
Surprisingly, Deepfake Technology, which was once used for fun, has now enabled phishing attacks. Rick McRoy detected a deep fake-based voice call that caused a CEO to transfer a sum amount of $35 Million.
Further, AI-powered cyberattacks also pose a serious security risk. Existing cybersecurity tools are not enough to counter this cyber weaponry.
In the wake of such incidents, the need for advanced cybersecurity tools is growing important.
Aftab Hasan Speaking at Trade Credit Insurance Summit - 2014
Aftab Hasan Speaking at Cyber Security in Banking Conference - Dubai
1. “CYBER LIABILITY INSURANCE”
PROTECTION OF YOUR BUSINESS AGAINST ONLINE CYBER RISK
Presented By:
AFTAB HASAN - CEO
‘Arya Insurance Brokerage CO. (LLC)’
Dubai - U.A.E.
05th September 2016
2. WHAT TO EXPECT TODAY
Introduction to Cyber Liability Insurance Cover (CLIC)
Causes and Implication of Cyber Security Risk
What to look for in your Cyber Liability Policy
Cyber Security Risk & Challenges faced to Maritime Industry
How to mitigate Cyber Security Risk
How to buy Cyber Liability Insurance Cover (CLIC)
Selecting the right policy for your business
What are important questions to consider at the time of buying a
CLIC Policy
Conclusion
Q & A
3. INTRODUCTION TO CYBER
LIABILITY INSURANCE COVER
Cyber Liability Insurance Cover (CLIC)
The term "Cyber Liability Insurance Cover" (CLIC) is
often used to describe a range of covers - in very much
the same way that the word cyber is used to describe a
broad range of information security related tools,
processes and services.
“Cyber Liability Insurance Cover” (CLIC) has been
around for 10 years, but most security professionals
seem to have not heard of it or know that it exists.
4. CAUSES AND IMPLICATION OF
CYBER SECURITY RISK
Human action or illicit malicious action to intrude other’s cyber space
for illegitimate reason.
Stolen hardware devices – this is a common phenomenon due to the
shrinking sizes of devices and ease of portability. Loss of laptops, iPads,
USBs, etc. are also common examples but these thefts are not restricted
only to these devices.
Emails with multimedia and/or data sent incorrectly – emails
containing confidential information sent from an employee’s mailbox
to an unintended recipient/s may increase exposure to cyber risk and
liability.
Data Theft – this may occur due to ineffectively protected data or the
vulnerability of data when accessed from outside the organization’s
secure networks. This type of data loss is common in cases where a
BYOD (Bring Your Own Device) policy is in existence and employees
or associates are frequently connecting to the corporate network from
public and / or unsecure networks.
5. CAUSES AND IMPLICATION OF
CYBER SECURITY RISK
Phishing e-mails – these typically impersonate a known and trusted
brand and direct the recipient to a website seeking personal
information and files, bank details, passwords and other confidential
data.
Denial of Service – a cyber-attack whereby attackers bombard a site
with a large number of requests that cause a system overload and the
site collapses, thus preventing normal business to be conducted.
Cyber Extortion – these are cases of threatening a direct cyber-attack
or by activation of implanted Trojan/virus unless a ransom amount is
paid.
Damage of Reputation – this typically occurs in the case of a security
breach where your organization is perceived to have failed in ensuring
due diligence and appropriate security measures to keep customers and
their data from falling into the wrong hands.
6. WHAT TO LOOK FOR IN YOUR
CYBER LIABILITY POLICY
“Cyber Liability Insurance Cover” (CLIC) provide protections to
Policy Holders from:
Information security and privacy liability
Regulatory and defense penalties costs
Website and media content liability
Crisis management and public relations costs
First party data loss and data asset
Cyber extortion loss etc…
7. CYBER SECURITY RISK & CHALLENGES FACED
TO MARITIME INDUSTRY
Pirates now have a better, more efficient
weapon called internet!
In 2012 as per IMO records more than 120 ships,
including Asian coast guard vessels, documented
malicious jamming of global positioning signals.
In 2013 drug smugglers hacked cargo tracking
systems at the Port of Antwerp to avoid
detection.
In 2014 a major U.S. port facility suffered a
system disruption by cyber intruder’s locked
multiple ship-to-shore cranes for several hours.
8. CYBER SECURITY RISK & CHALLENGES FACED
TO MARITIME INDUSTRY
Coverage Gap of Cyber Insurance in Marine
Insurance Policy
Marine insurance policies exclude computer related
liability and losses resulting from computer and
network security failure.
Standalone cyber insurance may offer cover for:
Data theft
Incident response
Network business interruption
Cyber extortion
Property damage* – excluded.
Bodily injury/harm/death* – excluded.
9. CYBER SECURITY RISK & CHALLENGES FACED
TO MARITIME INDUSTRY
Threats to the Maritime Sector
In 2013 University of Texas researchers demonstrated that it is
possible to change a vessel’s direction by interfering with its GPS
signal to cause the onboard navigation systems to falsely
interpret a vessel’s position and heading.
Hacker caused a floating oil platform off Africa to tilt to one side,
forcing temporary shutdown.
Somali pirates employed hackers to infiltrate a shipping
company’s cyber systems to identify vessels passing through the
Gulf of Aden with valuable cargoes and minimal on-board
security leading to the hijacking of at least one vessel.
10. HOW TO MITIGATE CYBER SECURITY RISK
Data breaches are now a fact of life together with duties and death,
but how can businesses better manage the risks related to a data
breach and reduce the significant cost that can result from them?
One of the options is to buy:
Cyber Liability Insurance Cover (CLIC)
Technology rules our lives like never before. Digital
communications have taken on a new meaning with the advent of
social media. As we progress very rapidly through this digital age,
technological advancements have changed the way we look at
things. Internet of things (IoT) is the new mantra and will soon
govern the way we live our lives. These are all the inevitable signs
of what we consider to be good progress.
11. HOW TO MITIGATE CYBER SECURITY RISK
However, while there is a bright side to technology, it also
comes with an inherent threat and associated risks. For a
business owner, the reality of cyber risk has never been more
intimidating. Cyber Liability and Cyber Security Insurance are as
essential in your business protection toolkit today as other
business insurance policies such as fire, flood, theft, etc. Business
across all industry sectors and size of operations are vulnerable to
cyber risks.
Some of the elements of a cyber-liability cover may be
interconnected or overlap with cover from existing products,
including those for business continuity, third-party supply chain
issues and professional indemnity. Even if this overlap does exist,
a decent cyber liability policy will ensure cyber risks are fully
catered for.
12. HOW TO BUY CYBER LIABILITY INSURANCE COVER
For many insurers and brokers, the technicalities of information
security and the details of how to deal with a data breach are still
a mystery. The market for cyber liability products is also in its
infancy, so be prepared to work with your provider to ensure
that you get what you actually require.
A good starting point is to determine what costs or expenses you
would like to have covered and what types of incidents you want
cover for. Circulate and discuss this list with all the relevant
people, not forgetting to get all the information you need from
third-party suppliers and partners. List both your own costs
(known as first-party costs) and the costs that others may
attempt to claim from you as a result of the incident (known as
third-party costs).
13. HOW TO BUY CYBER LIABILITY INSURANCE COVER
The Broker
Getting the right broker is important.
A good specialist broker will save you time in
determining what is right for your business,
remembering that this may not be the broker you are
currently using for your non-cyber risks.
Share your list of estimated expenses and costs with
your broker and talk through the different exclusions
that might stop you from making a claim.
14. HOW TO BUY CYBER LIABILITY INSURANCE COVER
Insurance company
Apart from obviously being responsible for the
product, insurance companies are responsible for
providing support to your broker about the products.
In addition, they will decide if they are willing to take
on your risks according to your completed proposal
form and what premium you will need to pay.
Choosing the right insurer can be the difference
between paying little for cover that you will never be
able to utilize in the event of an incident or having
cost-effective cover where the insurer understands the
implications of a breach and the costs associated with
it.
15. SELECTING THE RIGHT POLICY FOR YOUR BUSINESS
Selecting the right policy for your business, business
model, industry, size, exposures and so forth is a very
complex exercise, which is why a specialist broker is
important, as they are likely to know the best products to
suit your needs.
It is important to understand the support you receive as
part of the cover. Some policies provide a point of contact
who will handle everything from the moment the insurer
has agreed the claim, whereas others will let you manage
the incident and decide which services you want to use
from their list of suppliers.
Remember that your organization may not have the
people or experience to manage a data breach incident so
third-party suppliers can often be a better route to take.
16. QUESTIONS TO CONSIDER AT THE TIME OF BUYING A
CLIC POLICY
All policies have a set of exclusions, terms and definitions. Understanding these
is important, so here are some important questions to consider;
What security controls can you put into place that will reduce the premium?
Will you have to undertake a security risk review of some sort?
What is expected of you to reduce or limit the risks?
Will you get a reduction for each year you do not claim?
What assistance is provided to improve information governance and
information security?
What and how big a difference to your future premiums will a claim make?
What support if any will be provided to assist in making the right security
decisions for the industry / business you are in?
The security / protection industry is very fast changing, how can the
insurance ensure that your policy is current?
Do all portable media/computing devices need to be encrypted?
What about unencrypted media in the care or control of your third-party
processors?
Are malicious acts by employees covered?
17. QUESTIONS TO CONSIDER AT THE TIME OF BUYING A
CLIC POLICY
Will you have to provide evidence of compliance to existing Data Protection
Principles, in relation to your actual processing, to prove you were not
acting disproportionately?
Although ignorance of the law is no excuse, we are just not able to keep up
with all the compliance issues that may affect all the territories our company
works in, would you refuse a claim if you were processing data that may
infringe laws in one country but not another – because insurance policies
often stipulate that you must not be breaking the law?
What if there is uncertainty around whether the incident took place a day
before the cover was in place or on the day?
Are the limits for expenses grouped together in a way that the maximum
limit that is covered is likely to be achieved very quickly, unless you
increase the cover?
Are all and any court attendances to defend claims from others covered?
Could you claim if you were not able to detect an intrusion until several
months or years have elapsed, so you are outside the period of the cover, (as
with the Red October malware which was discovered after about five years)?
18. CONCLUSION
With respect to small and medium-sized enterprises (SMEs) there are very
simple policies available, but sometimes these raise more questions than they
answer as they do not always provide a long list of exclusions or terms and
definitions. At least with detailed polices you should know where you stand.
Having worked with clients who did not have CLIC but suffered a data
breach and witnessed all of the associated trouble and costs we are hopeful
that many breached businesses will have an alternative to bankruptcy when
they pull their CLIC out of their top drawer.
Review coverage wordings to meet the requirements of the Policy holders.
Bring key IT personnel of the organization to underwriting meetings.
Discuss the reality of claims process with prospects and client from the
beginning itself.
No two businesses are the same when it comes to cyber risks, therefore it is
key to understand the cyber risks your business faces and to ensure your
cyber policy is tailored to mirror those risks.