How vulnerable is your business?
Your business could be vulnerable to a data breach or loss of vital business services if you: hold sensitive customer details such as names and addresses or banking information, are reliant on computer systems to conduct business, have a website or subject to a payment card industry (PCI) merchant services agreement or store data in the cloud or rely on cloud based services.
Cyber and data risks insurance is designed to support and protect your business if it experiences a data breach or is the subject of an attack by a malicious hacker that affects its computer systems. It provides comprehensive cover, simplicity, reputation protection and a trusted partner in the event of a claim.
The best cover for your business:
Ransomware - Cyber extortion
Protection if a hacker tries to hold your business to ransom by covering the ransom you have paid, as well as the services of a leading risk consultancy firm to help manage the situation.
Insurers offer practical support in the event of a data breach (electronic or otherwise) including forensic investigations, legal advice, notifying customers or regulators, and offering support such as credit monitoring to affected customers.
Cyber business interruption
Provides compensation for loss of income, including where caused by damage to your reputation, if a hacker targets your systems and prevents your business from earning revenue.
Reimbursement for the costs of repair, restoration or replacement if a hacker causes damage to your websites, programs or electronic data.
Expert support to mitigate reputational damage. In the event of a data breach, prompt, confident communication is critical to help minimise the damage to a company’s reputation. Crisis containment is included with a leading public relations firm who can provide expert support, from developing communication strategies to running a 24/7 crisis press office.
What is my exposure?
As businesses become ever more reliant on technology and hold more and more data, the risks from suffering a loss related to problems with computer systems or from holding sensitive customer data like bank account information or other personal/sensitive details, continues to grow. This can lead to costs from handling a data breach, lost revenue, a damaged reputation, and legal and regulatory costs, not to mention the associated business disruption.
What’s the definition of a ‘record’?
For the purpose of cyber and data, we define a ‘record’ as the details of an individual that a company processes, regardless of how many times that information is handled. For example, if you buy goods from an online retailer five times in one year, it would count as one record. Experience shows that there is a direct relationship between the number of data subjects affected by a data breach and the costs of the breach. The volume of records therefore provides the best guide to the likely cost of a cyber and data claim.
I’m a small company, why do I need to buy insurance?
There’s a black market where records are sold and bought, and hackers are only getting savvier. Research conducted shows that 45% of all businesses were hit by at least one cyber-attack over the last 12 months* and the threat is only becoming more common.
My IT department is confident we are secure, do I need a policy?
Large corporations have entire departments devoted to IT security, and they suffer data breaches. A simple oversight like not updating software, not setting appropriate user authentication procedures for third-party vendors, losing an unencrypted laptop, or a rogue employee with malicious intent, can all lead to a breach.
I outsource my payment and card processing.
I don’t have payment card exposures do I? According to the PCI Compliance Guide, PCI compliance applies to all organisations or merchants that accept, transmit, or store any cardholder data, regardless of their size, or number of transactions. Merely using a third-party company does not exclude a company from PCI compliance. It may cut down on the risk exposure and consequently reduce the effort to validate compliance but it doesn’t mean a merchant can ignore PCI compliance.
My data is stored in the cloud, so liability rests with them? Not exactly. It would be in your best interest to carefully review your cloud contracts with legal counsel. Even if the risk is reduced, the liability may still fall on the shoulders of the insured. You can outsource the service but not the responsibility.