This article has been submitted by Towergate
Cyber security has become a hot topic of late, with large-scale security breaches encouraging businesses to take measures to protect their data. While the in-house technical team can put some protective pillars in place, in this digitally-savvy world, cyber security insurance is certainly worth consideration. The good news is that about 80% of cyber & data attacks can be defeated by following basic security controls. However, there are the ramifications to be considered, that exposure to these risks can cause such as business interruption, income loss, damage management and repair, and the possibility of reputational damage if IT equipment or systems fail or are interrupted.
A change in legislation
A recent report issued by UK Government revealed that 60% of small businesses had suffered a data breach in the past twelve months. A further 16% of small businesses experienced a ‘denial of service’ attack; effectively making their computer systems unusable. As an eventuality that would cripple most businesses, UK Government are now making cybersecurity for certain-sized businesses mandatory.
The General Data Protection Regulation (GDPR) will apply in the UK from 25th May 2018, and will place significantly more legal liability on businesses’ if they are responsible for a breach of ‘personal data’.
More frequently businesses are considering more specific and specialised insurance to help manage the consequences of these risks.
To help us understand the types of insurance cover available we asked Insurance Brokers Towergate to explain the difference between a standard Crime insurance policy and a Cyber & Data Liability policy.
It used to be so simple before the internet era…If your employee stole cash from your business or forged a cheque, a crime policy would cover it. If a non-employee broke into your business and stole money from the safe, a business combined would take care of the loss, under the peril of theft. But the world we once knew has changed, and continues to evolve both socially and technologically….and it’s moving more quickly than ever.
Our businesses now depend upon technology and that reliance is expanding, as is cyber & data or ‘data’ theft and therefore our need to insure this evolving risk. What if that same employee stole your customer’s credit card information or sold on sensitive information? What if your computer network were hacked and your customer’s patented business information you were contractually obligated to protect was stolen? Would your crime policy still respond? The answer is, unlikely, hence why cyber & data liability insurance can be just as important as crime insurance to keep you and your reputation protected.
A crime insurance policy is designed to protect an insured business’ assets from theft by both employees and other third parties. Defined as a first party coverage, the policy is triggered if the insured sustains a direct loss because of theft. It includes standard insuring agreements such as employee theft, forgery or alteration, theft on premises or in transit, counterfeit currency, computer fraud, funds transfer fraud and credit card fraud. It is very specifically designed to cover money, securities or other tangible property.
Cyber & Data liability policies are designed to insure loss of intangible property and the costs of rectifying systems damage. Think of your employee’s HR records, your company’s copyrighted material, formulas or documentation, your client’s personal information etc.
These are not tangible items, and thus not covered under a standard crime policy as mentioned above. The cyber & data liability policy also contains some first party coverages designed to directly reimburse you for specific costs and expenses associated with a breach.
Still unclear as to why do you need both? Each insurance policy serves a purpose in protecting your business’s assets, but neither covers all of the exposures. So in simple terms: –
Crime covers the fraudulently taking of money or property and Cyber & Data covers your IT system and data.
The truth remains that no ‘standard’ policy exists. And even though it may appear that crime exposures are addressed and covered in a cyber & data liability policy and vice versa, be wary of the exclusions, coverage triggers, and definitions. It is very likely that what may
appear to be duplicate cover is far from it.
Given the significance of these particular risks and to consider could you be doing more to protect your business speak to Justin Newton www.towergate.co.uk.
Towergate is a trading name of Towergate Underwriting Group Limited
Registered in England No.4043759 .Authorised and regulated by the Financial Conduct Authority