Cyber Liability Insurance: Protection For Your Customers’ Data
These days even the smallest businesses need to be online and engaged with the digital world in order to operate. While this new age has opened up fresh opportunities for businesses around the globe, it’s also brought with it significant risks.
This is where cyber liability insurance comes in. A cyber liability insurance policy could help protect you from claims, and support your profitability in the event of a cyber breach or attack. It’s now common that businesses hold some form of customer data, whether it be emails, addresses, financial details, or other personal information. All of this is valuable to hackers who can sell or use this information for fraudulent purposes, so protecting this is often a priority of any relevant business.
In addition, businesses can be severely disrupted by ransomware, so putting in place measures to support your business during a resulting period of business interruption can be an important risk mitigation strategy.
In this article, we’ll discuss what cyber liability insurance is and what a typical policy covers.
Prior to making a decision on a level of cover, ensure you review the Product Disclosure Statement for details of policy inclusions, limitations and exclusions.
What is cyber liability insurance?
Cyber liability insurance is a type of business insurance product, which protects your business against both the legal costs and expenses (including compensation payments) related to cybercrime incidents. Your coverage may generally include cover for expenses and legal costs relating to the following*:
- Data breaches
- Theft or loss of client information
- Business interruption costs
- Forensic investigation
- Data recovery
- Fines and penalties
- Crisis management costs (to restore your businesses reputation after an attack or data breach)
- Legal costs from any ensuing civil action taken against you or your company
Is cybercrime really a threat to your business?
You may think that your small grocery store, online homewares shop, or one-man IT consulting firm is an unlikely target for cybercrime, but that’s not the case. Here’s some government statistics that give you a good idea of the breadth of cybercrime in Australia:
- Cybercrime is costing businesses in Australia an estimated $1 billion a year1
- 55% of small to medium sized businesses unknowingly expose themselves to cybersecurity risks through their most common online activities (such as via email and social media)2
- Small business is the target of 43% of all cybercimes (According to the Australian Small Business & Family Enterprise Ombudsmen’s “Small Business Best Practice Research Report 2017)2
- 22% of small businesses that were breached by Ransomware attacks in 2017 were affected to such an extent that they couldn’t continue operating2
In short, few businesses are too small to be targeted. Like many of the other risks which businesses face, cybercrime can never be completely eliminated, only mitigated3. While prevention is a key part of any business’s strategy, ensuring you’re covered in the event of an incident is also important.
A cyber attack can be costly for your business
In the event of a cyber breach or crime, you may find yourself glad you purchased suitable cover, allowing you to get much needed financial support from your insurer.
The Australian Criminal Intelligence Commission (ACIC) website states after conducting a Cyber Security Review, they found that cybercrime is costing the Australian economy up to $1 billion annually in direct costs4.
The obvious exposures for your business from a cybercrime incident are claims by affected clients, and potential loss of revenue, as well as damage to core digital infrastructure. However, the secondary risks can include4:
- Damage to your business’ reputation
- Direct loss of customers and business opportunities
- Psychological and emotional impacts (both upon your business, staff, and customers)
The extent to which your business is at risk of a cyber-attack further increases with the size of your organisation, its public profile, as well as the amount and kinds of data you’re storing.
What are some further examples of cybercrime?
There are many different ways that an outside entity can perform a cyber attack on your organisation. Below are some examples provided by the ACIC4, as well as the Australian Cybercrime Online Reporting Network (ACORN)5:
- Ransomware: this is a type of malware that usually facilitates extortion. This malware can lock a computer’s content and displays a message requesting the user to pay a ransom in exchange for a decryption key that will supposedly allow the user to regain access to their device
- Credential harvesting malware: usually designed to harvest a user’s credentials when logging into a website. The malware is usually delivered to a victim’s computer or device via an email with a malicious attachment. Malware is a general term and refers to specific types, such as viruses, worms, trojan horses, or bots
- Denial of service attacks: This kind of attack floods a computer or website with data, causing it to overload and inhibits proper functioning
- Email spam and phishing: Phishing is a tactic used by criminals to trick people into giving out their personal or financial information. These kinds of email can come masked as coming from a legitimate business such as a bank or telco provider
- Online scam or fraud: These are dishonest schemes seeking to take advantage of unsuspecting people to gain a benefit (such as money or access to data), and can include prize scams, money scams, threats or extortion scams, investments scams, and identity theft
Understanding your coverage
Before you sign up for your policy, it’s vital that you understand what you’re covered for. Cyber liability insurance is a relatively new class of insurance product, so policy inclusions and exclusions may differ between providers.
Cyber liability policies can include the following*:
- Business interruption costs: a data breach interrupts your normal workflow, requiring you to re-task employees and redirect resources to address the issue. This can negatively impact the completion of core business and therefore on your revenue
- Investigation and data recovery costs: Every data breach comes about because of a vulnerability in your system. Discovering this vulnerability will cost money as you engage forensic analysts to help you find where/how hackers got in
- Fines and penalties: You may be required to pay a fine in recognition of your inability to adequately protect customer data. These penalties have been strengthened under the Federal Government’s new Notifiable Data Breaches scheme
- Extortion costs: The rise in use of speciality software called ransomware that locks legitimate users out of their systems until they pay the person who installed the software is something every business should be aware of6
- PR and crisis management costs: As a minimum, your business may need to retain the services of a PR firm to help you respond to and control blowback from the data breach. This is often recognised as a necessary part of the process
- Claims by affected third parties: compensation claims against you by people who have been affected by a data breach
Looking to purchase cyber liability insurance? Compare with iSelect and BizCover
*Please note that all insurance is subject to the terms and conditions set out in the policy wording or Product Disclosure Statement. The information set out above is general only and should not be relied upon as advice.
iSelect’s partnered with BizCover Pty Ltd (ABN 68 127 707 975: AFSL No.501769) to help you compare small business insurance policies. iSelect earns a commission from Bizcover for every product sold through the website or contact centre. iSelect and BizCover do not compare all brands in the market, or all products offered by all brands. iSelect does not arrange products from the brands we compare for you directly, but iSelect will refer you to our trusted partner, Bizcover Pty Ltd who can.
Any advice provided in this article or on iSelect’s website is of a general nature and does not take into account your objectives, financial situation or needs. You need to consider the appropriateness of any information or general advice iSelect gives you, having regard to your personal situation, before acting on iSelect’s advice or purchasing any product. You need to consider if the insurance product is suitable for you. Please read the Financial Services Guide before buying any insurance policy.