Cyber Coverage


Overview

Our Cyber Practice has been created to address the growing exposures that companies face from their digital operations – there is almost daily media coverage about the subject and most people (1 in 5 in the UK allegedly) has or knows someone who has been a victim of online fraud or theft. It is estimated the cost of commercial data theft and identity fraud alone rose to Euro 350 billion last year.

 

 

However senior management in many corporations have been slow to implement measures to protect the balance sheets of their business from these exposures and that includes transferring some of the risks they face to Insurers.

CSInsurance has been working closely with the London Market over the last year to establish a range of insurance options available to their clients and we list below a summary of the types of coverage we are able to provide.


THIRD PARTY CYBER: 

Cyber Media Liability
Legal liability to third parties for defamation, product disparagement and infringement of intellectual property rights arising from an insured’s cyber media activities. For example digital content including but not limited to an insured’s website and social media outlets. 

Privacy Liability
Breach of data an insured is deemed to be responsible for (third parties and employees), either stored on an insured’s network or a third party custodian (i.e. a cloud provider). 

Breach of Confidentiality
Same as privacy liability but for corporate information or trade secrets in the custody of an insured or a third party custodian (i.e. a cloud provider). 

Cyber Security Liability
Liability to third parties as a result of the inability to access an insured’s network, damage to third party networks as a result of an unauthorised access, computer virus or denial of service attack.

Breach of Payment Security Liability
An insured’s legal liability to pay damages in respect of a breach of a written contract between an insured and any entity or individual that governs the storage and processing of credit card information including any breach of the PCI DSS (Payment Card Industry Data Security Standard). 

Regulatory Actions and Fines
An insured’s legal liability to third parties to pay regulatory compensation awards, civil penalties or fines (only where insurable in law) and the regulatory defence costs in connection with a investigation, defence or appeal of an any investigation following a covered claim on the above third party cyber liability insuring clauses.

FIRST PARTY CYBER: 

Cyber loss or Damage
The costs incurred including forensic investigation costs to restore an insured’s network or the information stored on an insured’s network. 

Business interruption and extra expense
BI coverage as a result of the reduction in business income arising from unauthorised access, operational error, computer virus or a denial of service attack to an insured’s network. 

Cyber Extortion
Extortion money paid by an insured to a third party extortionist (following Underwriter’s consent) and the forensic investigation costs due to the imminent and probable danger of: 
•    Loss or damage to an insured’s network
•    Loss of an insured’s money
•    Data breach
•    Defacement of an insured’s website 

...following a credible threat made to an insured by an extortionist.

PR Expense
Expenses approved by an Underwriter required to respond to adverse or unfavourable publicity resulting from a covered loss. 

Notifications Costs
Data breach notification costs to comply where it is legally required to do so or where there has been a suspected or confirmed data breach where notification is not legally required. 

 


Recommendation

We would therefore encourage you to review what coverage, if indeed anything, is provided by your current insurance policy(ies) and we would welcome the opportunity to help you in this process.

It is vitally important for organisations to start addressing this subject if they haven’t already – while many do not believe that they could ever be exposed to the level of costs of a cyber attack (and the subsequent remediation measures) incurred by Talk Talk (over £35m) they should be aware that upcoming EU Data Protection Regulation is likely to fine those companies who have had the personal data of others stolen as a result of a cyber attack and will force those companies to incur the expense of notifying each and every individual whose data they held of the breach.