Occasionally abbreviated to CLIC, cyber liability insurance cover is a broad term used to describe a wide range of covers, much like the word cyber itself has rather broad connotations.
Currently, examples of issues covered by CLIC include:
• Data breach/privacy crisis management cover. For example, expenses related to the management of an incident, the investigation, the remediation, data subject notification, call management, credit checking for data subjects, legal costs, court attendance and regulatory fines.
• Multimedia/Media liability cover. Third-party damages covered can include specific defacement of a website and intellectual property rights infringement.
• Extortion liability cover. Typically, losses due to a threat of extortion, professional fees related to dealing with the extortion.
• Network security liability. Third-party damages as a result of denial of access, costs related to data on third-party suppliers and costs related to the theft of data on third-party systems.
Due to the sweeping nature of the cover, some of these elements can end up overlapping with cover from existing products, such as business continuity, third-party supply chain issues and professional indemnity. That said, even without overlapping cover in place, any decent cyber liability policy will ensure all cyber risks are covered.
Who is at risk of cyber attack?
Cyber risks are now a fact of life, and near guaranteed in the modern world. In a few years’ time, the old saying about death and taxes may need to be amended to include data breaches!
If your company uses computers and deals with electronic data, you face these risks whether you know about them or not. The risks themselves change little between small and large businesses, but the vulnerabilities of the businesses do.
For example, a common misconception among small businesses is that because they are so small, they are safe. No criminal would bother attacking such a small business, right?
Unfortunately, that simply isn’t true. The 2011 small business study by the National Cyber Security Alliance found that 40% of all cyber attacks are directed at firms with fewer than 500 employees.
These small businesses are often more open to attack as they have less robust security for their systems, and no audited response initiatives (possibly because they are too expensive). They present juicy targets to criminals, and can even be used as a backdoor entrance to a larger business to which they’re connected.
On top of this, smaller companies may have no access to forensic, legal and PR experts after a security failure. As a result loss of revenue, inability to cover operational expenses and reputational damage can be devastating for them.
On the other side of things, larger businesses don’t have it much easier.
Their higher profile makes them a far bigger target, and their sheer size often means they carry more data, leading to more records being stolen and more costs to deal with the fallout afterwards.
They also have issues smaller companies don’t, such as being vulnerable to third party and shareholder class actions.
Finally, a larger business means employees become harder to monitor, which can lead to data or even hardware being stolen. The theft of commercially crucial data can be much harder to resolve in more complex organisations, and therefore take more time.
What are the direct and indirect costs of cyber crime?
The direct costs of cyber crime are damaging in themselves.
Loss or damage to digital assets such as data or software can lead to costs in restoring, recreating or replacing them.
Business interruption is a genuine threat, as without crucial data, your operation simply may not be able to function.
On top of that, the damage that could be done to your reputation could be anywhere from inconvenient to crippling, as it only takes one incident caused by the cyber attack to sour a customer’s view of you, leading to a loss of both customers and future income.
All that would be bad enough, but unfortunately, there’s more. On top of the direct costs, there are several indirect costs that could lead to your business suffering yet more losses if uninsured.
If you are the victim of a security breach on your network, transmit any malicious code, or if you breach any third party or employee privacy rights or confidentiality, you may be subject to defence costs and/or civil damages.
If this happens, you may also end up being investigated by any regulator as a result. Whether or not they end up finding you at fault, you will face investigation and defence costs, as well as potential fines should you be held accountable. In the majority of cases, responsibility is on the data owner (you), rather than any data processor you may outsource to.
And finally, there are the logistical costs involved with informing your customers of a security or privacy breach, including legal, postage and advertising expenses. This can sometimes even be a legal or statutory requirement.
How can I protect myself, and my business?
The easiest way to do this is to call us on 0800 281 453. We can assess the vulnerabilities of your business and suggest appropriate levels of a policy to ensure you are covered against this new threat. The costs are often more affordable than you might estimate, and the call itself is free. If you already have a policy, giving us a call could still be worthwhile, as we can ensure your current policy covers everything it should, to save you a nasty surprise should the worst happen.