Understanding Our Insureds

//Understanding Our Insureds
Understanding Our Insureds 2017-05-10T04:26:05+00:00

Cyber insurance is a new purchase for many clients, and as such there are often questions as to why they should make the investment in this product. Emergin Risk has been fortunate enough to engage with many of these clients and address some of these issues with them. Below, please find some of the more common concerns clients have had, and our thoughts regarding these issues:

Insured Concern

EmergIn Risk Response:

  • The best defence is prevention, and a robust IT security infrastructure is a key component, but headline events have named some of the most secure government agencies and global corporates – unfortunately no one is safe
  • Cyber insurance is not a tool for replacing good cyber security and governance
  • A comprehensive cyber solution should integrate with your IT management and IT security protocols to provide a service solution and risk transfer mechanism to support you just in case…
EmergIn Risk Response:

  • Cyber insurance propositions are the only products designed with data and system security and integrity at its core
  • Cyber propositions extend well beyond the insurance policies and work to align insureds with vendor support to help manage any and all cyber events

Some other insurances, might inadvertently pick up section of cyber coverage, but are not comprehensive and are untested when/if there is a claim (click here for more detail)

EmergIn Risk Response:

  • Everyone’s data is of interest to someone, and while traditional cyber criminals might not be trolling for your data, your competitors and even employees might find value in your data
  • These products cover much more than just data breaches – and in deciding whether you should purchase cyber insurance, you need to consider all the potential cyber events you could face. That is, if a privacy breach seems unlikely, what are your other operational exposures in the event of a business interruption or cyber extortion event?
  • You should also consider how you interact as part of a wider supply chain. If criminals don’t specifically want your information, how does accessing your network potentially allow them to piggyback into another target’s network?
EmergIn Risk Response:

  • While cyber insurance has been around since the late 90’s, the product has experienced many evolutions, and has only been adapted for mainstream purchase in recent years. As such, many industries are still exploring how cyber insurance products could potentially integrate with their current risk management processes
  • Cyber insurance will continue to become a more mainstream proposition, which means being an early adopter puts you ahead of unforeseeable risk
EmergIn Risk Response:

  • Business interruption, data or software damage, privacy breach, crisis management, cyber extortion, etc. – there is no way to truly know the impact of a cyber event until one has occurred
  • Cyber insurance should be interwoven with appropriate risk management protocols and risk transfer thresholds. As such, to see a return as a large global corporate, cyber insurance should be seen as a risk transfer mechanism to offset the financial implications of a material cyber event. Whereas a small company could look to use a cyber solution to align with an expert vendor panel, and could realise a quicker return on insurance spend
EmergIn Risk Response:

  • Cyber is an issue for any company that collects, stores, and transfers data and/or uses systems to drive deliverables (goods and services) to clients
  • Cyber events and privacy breaches certainly get more headlines in the US given their mandatory notification requirements, however US companies are not the only organisations who suffer cyber breaches of network system failures
  • As far as regulation goes, the US is certainly of concern; however, other geographies are pushing their own cyber legislation across all sectors or on an industry basis
EmergIn Risk Response:

  • Cyber is a challenge for all companies, especially smaller entities:
    • The reputational implications of losing a client’s data can have a much more severe impact for a small local company, vs. a data breach at a large corporate.
    • Further, any interruptions to trade due to network interruption, could push your smaller client base to look for alternative sources of goods and services
  • The implications could be much more sever as a smaller company could find it difficult, financially, to manage through a time of adverse trade due to a cyber event
EmergIn Risk Response:

  • That you know of… many cyber events go unnoticed. And, if they are not detected at the perimeter, it is much more difficult to identify a vulnerability after the breach has occurred
  • The integration of technology with business process, and the increasing need to “do more with less” makes it very difficult to manage evolving cyber threats. So even if you have not suffered a cyber event today, the constant evolution will only make you more susceptible tomorrow.
EmergIn Risk Response:

  • As the data controller you could be liable for all data you collect and store, regardless of where it sits
  • Outsourcing your IT infrastructure to the right contractor will certainly help to ensure that you have the appropriate redundancies in place to help facilitate business continuity
  • However, once you outsource you no longer have control of your data storage or infrastructure and your recourse, in the event of a privacy breach or network interruption, could be limited to the contractual sums (which tend to only cover the reimbursement of fees)
  • Your liability for a privacy breach (of data for which you are the controller) at an outsourcer and/or a business interruption event at a critical IT infrastructure host are both insurable within cyber policies