In March 2011, a Dallas based marketing firm responsible for handling e-mail lists for some major Fortune 500 clients was the victim of a cyber attack. An estimated $100 million to $4 billion worth of data had been stolen in the attack. The financial fallout left the company reeling, losing most of their customers to a compromised reputation.
In 2010, the U.S. Securities and Exchange Commission issued guidance which stated that companies need to disclose the nature of a “material” cyber attack and the subsequent cost to shareholders along with a “description of relevant insurance coverage”. Every company dealing with data needs cyber insurance but most don’t know that such a thing exists till they need it. Cyber Insurance is on the cutting edge of the global insurance industry. 2012 is going to witness a thoroughly significant rise in its demand.
Why is cyber insurance necessary?
The first point of concern is that standard insurance covering a company which primarily deals in data and electronic information is ineffectual. Standard insurance covers tangible damages to property and assets whereas data is completely intangible. After a U.S. District ruling, insurance companies started considering data as intangible property. To cover such abstract assets a special market for cyber insurance was created.
What is covered?
• Virus liability: Provides coverage in case legal action is taken against the insured by someone claiming to have had his data infected by a virus received from the insured’s system.
• Loss of data coverage: The policy provides coverage and pays for the cost of replacing or recovering data loss incurred by the insured.
• Content liability: Covers everything ranging from domain name disputes, lawsuits against content posted on the company website on various grounds, right down to copyright claims.
• Data breach coverage: Covers the cost of restoring and recovering data and the cost of crisis management services such as credit monitoring and restoration. It also covers the cost of law suits filed against the company by victims of the data breach.
• Cyber extortion coverage: Cyber extortion can take many forms ranging from ransomware to denial of service attacks (DoS). This type of coverage pays for the ransom money to recover the data and for hiring electronic forensic services to track down the perpetrator.
• Lost Income Coverage: Pays for the loss of revenue incurred by the policy holder while his system had been rendered defunct or had to be shut down due to a cyber attack. Most insurers would require the services to be down for a stipulated period of time to qualify for this coverage.
• Regulatory civil action coverage: Provides coverage in case the insured is facing fines imposed by a governmental body for the violation of federal regulations due to disclosure of data without implied consent.
• Errors and Omissions Coverage: Although O&M (Operations & Management) policies have been around for a while; it has found its way into cyber insurance and covers failures caused by the insured’s software.
How much does it cost?
Since cyber insurance is a fairly new type of coverage, there is negligible data on major incidents of cyber crime. Most incidents go unreported since companies refuse to let the public know about security breeches out of fear of having their reputation tarnished.
Armed with little data that is available to work with, underwriters and agents are faced with formulating coverage policies for a very complex risk. There are no set patterns or standardized rules to drawing up a cyber insurance policy. Depending on how the insured maintains internal security, prices can range between $7,000 and $35,000 per million dollars of coverage.
Your company’s network system may be equipped with the latest firewall and the most complex encryption system, but analysts say that there are no guarantees as far as online data security is concerned. A cyber attack or a data breach poses a continual and enormous risk for companies dealing primarily with intelligence and information. As the awareness of this threat grows exponentially, companies are taking steps to extenuate such risks by buying cyber insurance.
• Data breach coverage: Covers the cost of restoring and recovering data and the cost of crisis management services such as credit monitoring and restoration. It also covers the cost of law suits filed against the company by victims of the data breach.
• Cyber extortion coverage: Cyber extortion can take many forms ranging from ransomware to denial of service attacks (DoS). This type of coverage pays for the ransom money to recover the data and for hiring electronic forensic services to track down the perpetrator.
• Lost Income Coverage: Pays for the loss of revenue incurred by the policy holder while his system had been rendered defunct or had to be shut down due to a cyber attack. Most insurers would require the services to be down for a stipulated period of time to qualify for this coverage.
• Regulatory civil action coverage: Provides coverage in case the insured is facing fines imposed by a governmental body for the violation of federal regulations due to disclosure of data without implied consent.
• Errors and Omissions Coverage: Although O&M (Operations & Management) policies have been around for a while; it has found its way into cyber insurance and covers failures caused by the insured’s software.
How much does it cost?
Since cyber insurance is a fairly new type of coverage, there is negligible data on major incidents of cyber crime. Most incidents go unreported since companies refuse to let the public know about security breeches out of fear of having their reputation tarnished.
Armed with little data that is available to work with, underwriters and agents are faced with formulating coverage policies for a very complex risk. There are no set patterns or standardized rules to drawing up a cyber insurance policy. Depending on how the insured maintains internal security, prices can range between $7,000 and $35,000 per million dollars of coverage.
Your company’s network system may be equipped with the latest firewall and the most complex encryption system, but analysts say that there are no guarantees as far as online data security is concerned. A cyber attack or a data breach poses a continual and enormous risk for companies dealing primarily with intelligence and information. As the awareness of this threat grows exponentially, companies are taking steps to extenuate such risks by buying cyber insurance.Blog Category