ASIF NOOR, ACII CHARTERED INSURER (UK) Manager Marketing & Sales Security General Insurance Company Ltd. Lahore City Branch
Cyber insurance, also known as Cyber Liability Insurance or Cyber security Insurance, is a contract an organization can purchase to help reduce the financial risks associated with doing business online. In exchange for a fee (premium), the insurance policy transfers some of the risks to the insurer.
Cyber security policies can change from one month to the next, given the dynamic and fluctuating nature of the associated cyber-risks. Unlike well-established insurance plans, underwriters of cyber insurance policies have limited data to formulate risk models to determine insurance policy coverages, rates and premiums.
Origins of Cyber Insurance:
Cyber insurance emerged in the late 1990s as a result of the growing reliance on technology and the increase of cyber threats. Initially, it focused on data breaches and computer attacks, but over time, expanded to cover a broad range of cybercrimes, including ransom ware, cyber extortion, social engineering attacks, system failures and business interruptions from cyber security incidents.
Cyber insurance has its origins in errors and omissions (E&O) insurance, a separate form of insurance that protects against faults and defects in the services a company provides. E&O insurance is parallel to product liability policies for companies that sell physical or digital products. While some cyber insurance policies contain specific provisions for E&O, most providers sell these as separate and distinct policies.
E&O insurance doesn't cover third-party data loss, such as customer credit card numbers; customers needing such protection can purchase a cyber insurance policy that covers it.
Today, cyber insurance is essential for mitigating financial and reputational damage and ensuring a resilient digital environment.
Why is cyber insurance important?
The loss, compromise or theft of electronic data can have a negative effect on a business, including the loss of customers and revenue. Business owners could be liable for damages stemming from the theft of third-party data.
In 2011, hackers breached Sony's PlayStation Network, exposing the personally identifiable information (PII) of 77 million PlayStation user accounts. The breach prevented users of PlayStation consoles from accessing the service, an outage that lasted for 23 days. Sony incurred more than $171 million in costs related to the breach.
Portions of this cost could have been covered by a cyber insurance policy, but Sony didn't have one in place. A court case ruled that Sony's insurance policy covered damage to physical property only, leaving Sony to incur the full amount of costs related to cyber damages.
Cyber insurance provides the following benefits:
• Protection against cyber risks. Cyber liability coverage is important to protect businesses against the risk of cyber events, including those associated with terrorism. Cyber insurance can provide network security coverage and assist in the timely remediation of cyber attacks and incidents.
• Financial protection. Cyber insurance offers financial security against damage caused by cyber incidents. This includes expenses for investigations, credit monitoring services and potential legal responsibilities, among other costs associated with data breaches. I addition, it can provide compensation for business interruption, loss of revenue and computer system restoration.
• Legal support. Legal assistance is frequently included with cyber insurance, which helps businesses navigate the complicated legal system around cyber events. It can pay for the costs of legal counsel, legal compliance with regulations and prospective lawsuits brought about by data breaches or privacy violations.
• Peace of mind. Cyber insurance provides businesses and individuals with a sense of security by guaranteeing their financial stability in the case of a cyber crisis. This lets businesses concentrate on their core business operations without having to constantly worry about the possible financial and reputational consequences of a cyber attack.
• Highlights commitment to security. Cyber insurance coverage can make businesses and organizations stand out by highlighting their dedication to safeguarding client data and being proactively ready for cyber attacks. It also exhibits a commitment to cyber security, which can boost reputation and confidence among customers, stakeholders and partners.
How does cyber insurance work?
Cyber insurance policies are sold by many of the same providers that offer related business insurance, such as E&O, business liability and commercial property insurance. Most policies include first-party coverage, which applies to losses that directly affect a company, and third-party coverage, which applies to losses suffered by others from a cyber event or incident, based on their business relationship with that company.
Cyber insurance policies can help cover the financial losses that result from cyber events and incidents. In addition, cyber-risk coverage often helps with the costs associated with remediation, including payment for legal assistance, investigators, crisis communicators and customer credits or refunds.
Who needs cyber insurance?
While every organization's risk profile is unique, most companies could benefit from purchasing cyber insurance. A wide range of industries that are good candidates for cyber insurance include the following:
• Businesses of all sizes.
• Healthcare providers.
• Financial institutions.
• Government agencies.
• Educational institutions.
• Companies with high revenue.
• Software Houses etc.
Copyright Business Recorder, 2024