Bringing you live news and features since 2013
Bringing you news, views and analysis since 2013
Rainy day

26360

Do I really need cyber liability insurance?

RELATED TOPICS​

By George Ralph, RFA – Whilst popular in the US, here in the UK, cyber liability insurance is slowly gaining traction but hasn’t yet reached a level of widespread adoption. 

Possibly because firms in the US have clearer liabilities where customers’ data is concerned, with a mandate to notify all clients of the breach, in writing, whereas in the UK, the costs associated with a cybersecurity incident, or data breach are less clear, varying from industry to industry, and between firms of different sizes. The imminent GDPR could change things, but we have yet to see that happen.

All cyber insurance policies are different, offering many different features, so it’s worth taking the time to investigate thoroughly.

Cover can be first party, where you are covered for data loss, or damage, caused by malicious or accidental means, or third party, where you are covered for costs incurred by third parties, or employees, or both.

A typical policy will cover the cost of crisis management. This could include the expenses incurred by a firm to manage an incident from investigation, to remediation, legal costs, court fees and any fines imposed by the regulatory authorities. This is possibly why cyber insurance is more popular in the US, as firms there are mandated to notify customers in writing if they experience a data breach which could affect customer data. The cost of this alone can be huge, for firms with a large number of customers.

Many policies offer compensation for loss of income while business has been interrupted due to a cyber incident and some include hacker damage, with repair, restoration or replacement costs covered in the event of a data hack.
  
Some policies cover losses which have occurred as the result of an extortion scam. Although it is worth checking this, as there have been a number of high profile cases where insurers have not paid out, because the extortion did not happen on the computer network, but came as a result of a target email phishing scam, where a senior executive was targeted with a bogus email and subsequently transferred funds. 

Some policies offer network security liability which covers third-party damages as a result of denial of access, costs related to data on third-party suppliers and costs related to the theft of data on third-party systems.

In addition to financial compensation, many insurance companies will provide you with expert advice with a view to minimising your loss and the possible damage to your business. This could include specialist public relations support if a claim looks likely to damage the reputation of your business. Someone from the PR team is one of the key members of the cyber incident response team, so this could prove a valuable resource.

So, do alternative investment firms in the UK need to consider cyber liability insurance? With GDPR looming, yes. Firms could be fined up to 4% of their global turnover if they experience a breach of personally identifiable data, which could run into the millions. If you are considering insurance, you will need to do some thorough research first. Not all policies have the same level of cover and not all cover human error, which is one of the biggest causes of data breach. It could be argued that firms may be best placed investing more in training and awareness for employees, than in cyber insurance.

In fact, firms that invest in robust cybersecurity planning, with clear policies and procedures, multi layered security solutions and well trained staff who understand the risks around handling data, will not only be better protected generally, they will actually be preferred customers for cyber insurance companies and may be offered lower premiums. In regulatory terms, in the event of a breach, if a firm can demonstrate that they have taken reasonable steps to protect themselves, the fine imposed by the regulator could be less or even avoided altogether.

It’s important to remember that insurance cover is limited in scope and commands higher premiums as breaches increase in frequency. Cyber insurance cannot be a solution or defence in its own right. There is very little an insurance policy can do to prevent cybercrime. Firms should look to cyber insurance as complimentary to a robust cyber security strategy which incorporates threat intelligence, incident detection and a multi layered architecture which is geared towards prevention. Add this to regular employee training and these are still the best ways of ensuring that data remains safe. 

Latest News

Irish domiciled funds surpassed EUR4.3 trillion AuM (Assets under Management) at end-March 2024, a 15..
New analysis by London-based Nickel Digital Asset Management reveals 38 listed companies with a combined..
Bloomberg has announced that for the first time, its proprietary Bloomberg Second Measure (BSM) transaction..

Related Articles

Global ESG Investing
On May 15 Florida’s Republican Governor Ron DeSantis signed legislation that furthers his ongoing campaign to oppose the role of climate change and ESG factors in state policymaking...
On May 15 Florida’s Republican Governor Ron DeSantis signed legislation that furthers his ongoing campaign to oppose the role of..
Trends
The trend to buyout among the UK’s smaller defined benefit (DB) schemes continues with a slew of new sub GBP100 million deals announced this month alone...
The trend to buyout among the UK’s smaller defined benefit (DB) schemes continues with a slew of new sub GBP100..
Different flavours
In what is believed to be the first survey of its kind in the UK market, Nedgroup Investments, the investment-led, multi-boutique global asset manager with over USD20 billion under management, recently undertook a survey with 204 UK investment professionals, seeking insights into their perceptions and attitudes towards boutique asset managers...
In what is believed to be the first survey of its kind in the UK market, Nedgroup Investments, the investment-led,..
UK map
UK local government pension schemes (LGPS) are leading the charge on investment in private markets issuing tenders set to be worth billions of pounds in the coming years...
UK local government pension schemes (LGPS) are leading the charge on investment in private markets issuing tenders set to be..
Subscribe to the Institutional Asset Manager newsletter

Subscribe for access to our weekly newsletter, newsletter archive, updates on the site and exclusive email content.

Marketing by