Sceptical about cyber insurance and its role in your risk management plan? You’re not alone – until you get attacked. When the very survival of your business is under threat, cyber insurance gives you someone to turn to.
Cyber risk is universal; every company is attempting to mitigate it somehow. With risk mitigation initiatives, you rightly demand bang for your buck. Standalone cyber insurance is one of the most inexpensive components of your risk management planning.
Buying a cyber policy is one of the most cost effective risk management options and can result in significantly reduced spend on more expensive professional indemnity cover.
Cyber insurance coverage highlights
1. Multi-expert rapid response, 24/7
A big difference between cyber and other insurances is the proactive approach. Compare it with home contents insurance for example: when a flood hits, you arrange rectifying the problem yourself, buy new carpets yourself and wait, fingers crossed, for the insurance company to pay you back.
Cyber insurance isn’t like that.
Buying cyber cover gives you rapid response technical and legal support from the first indication of trouble, 24/7.
You call one number and your expert panel manages the response from there, sending you;
- Forensic IT trouble-shooters with skills beyond what most companies have ready access to
- Specialist IT lawyers who deal with similar crises frequently
- Experienced crisis management PR consultants.
- Combined expertise and contacts will help mitigate damage to your reputation, from the moment you alert them.
2. Paying for the financial fall out afterwards
In addition to rapid incident response, cyber insurance is also there to pick up the tab for costs incurred as result of a breach.
A cyber-attack generates significant and varied financial liabilities, beyond the scope of what might be covered by crime or P.I. policies.
Two examples of after-the-fact liabilities:
a) GDPR requires all persons affected by the breach be notified in timely fashion. even quite small companies could find themselves with a bill of 10s or 100s of thousands of pounds
b) There is every chance you could be sued for your cyber breach. Sony, for example, recently elected to settle out of court on a huge class action suit. That suit was from employees and ex-employees, so it’s not only your customer database you have to worry about.
Cyber insurance would be ready to pay legal costs, settlements and risk mitigation expenses in response to a breach.
3. Reimbursing monetary losses from phishing
When a phishing attack means your funds go missing, cyber insurance is equipped to reimburse you.
Criminal coders are usually one step ahead of the cybersecurity community.
The weakest link in your cyber defence is your employees. However much training you give, it is still statistically quite likely someone will click on a link and live to regret it.
These two facts of life mean that phishing is a threat you can only ever reduce, however much you spend on antivirus, antimalware and firewalls.
4. Business interruption cover
When your business is unable to trade due to a cyber-attack, cyber insurance will cover missed profits for that period.
We hope this is a moot point, due to the expertise of our rapid incident responders in getting you back to business-as-usual quickly. But under the terms of a well-worded cyber policy, you will be covered for business interruption, just for extra peace of mind.
5. Pre-planned interaction with policies you already have
A common buying problem covering a risk twice across two polices. Or equally common, failing to bridge a gap between policies, where a massive exposure lurks.
For example, the interaction and overlap between professional indemnity, crime and computer and cyber insurance policies causes much confusion – and many a nasty surprise.
Many clients ask for our help to rebuild their risk portfolio into something more robust – and often, more affordable than existing solutions too.
Howden like to think holistically. If you let us look through your existing policies we can prevent you paying too much, to get too little.
It’s a myth that cyber is expensive – when you understand what you are buying it offers unrivalled value, safeguarding your business where it is most vulnerable
- Online tools to assess how your business stands up against the UK Government’s Cyber Essentials cybersecurity benchmarks and GDPR.
- Cybersecurity training for your staff (depending on which insurer you choose)
- A full cybersecurity audit (depending on which insurer you choose)
Two sensible add ons to standard policy terms are:
Social engineering / financial transfer cover
When your staff are manipulated into handing over your funds to criminals - for example by a cloned email, forged PDF invoice or another low-tech stratagem - many policies do not automatically cover this. We can arrange to extend your protection to include coverage for this everyday risk.
Physical damage emanating from a cyber breach
Sometimes a cyber-attack can kill hardware forever. Most policies let you extend the cover to pick up the costs damage to property, offering a like-for-like replacement.
Who provides the cover?
We enjoy privileged access to over 40 insurance providers all of which have deep experience in global cyber and tech professional indemnity risks.
How do I claim?
When your policy is set up, you’ve given access to an incident response panel.
Your panel consists of legal firms, forensic IT consultancies and crisis PR agencies.
You have a 24/7 hotline direct to the incident response lead. They are the first person you call as it is them who orchestrate the combined emergency response.
Howden stays in the loop throughout the initial response, assisting wherever needed.
Howden co-ordinates the claim management directly afterwards. We work swiftly to expedite your claim and get it paid quickly, to ameliorate the damage to your cash-flow.
Your IT guy does not have it covered
One of the biggest myths is cyber security is that if you have a good tech team, you’re safe.
Investment in technology has not prevented heavyweight players like the FBI and CIA being hacked. How does your IT budget stack up against theirs?
If you think you won’t be targeted, remember much malicious software is indiscriminate. Self-replicating malware is able to find its next victim autonomously.
Cyber insurance is the only option that helps you pick up the pieces after the attack.
Reject the illusion of protection and get the real deal
We can arrange a comprehensive deal that will bring calm to your boardroom and confidence to your employees.
A well thought out combination of cyber, tech professional indemnity - and for some companies, intellectual property cover -can offer much more than relying on a singular policy.
Maybe you already have policies, crime for example. Does that offer you all the protection you need? You should check your limits, terms and conditions and claims triggers before it’s too late. Or ask us, we’d be happy to investigate and suggest solutions.
Kathryn is responsible for Howden’s Cyber offering, working with a number of businesses to manage Cyber risk and implement the right risk transfer solutions. Kathryn is an ACII qualified Chartered Insurance Broker - and with over 10 years’ experience in the industry, there isn’t much she hasn’t seen.Get in touch