Nowadays more and more devices and pieces of equipment are being connected to the internet or are being run by complex computer systems. With our increasing dependence on these systems and technology in general come a new set of risks that you may not yet have thought about let alone have insurance for!
So what cyber risks does a typical business face?
We've said it before every business has a different set of risks but to be fair there's two common principles to assessing any businesses cyber exposure.
- Your businesses reliance on the system
- The type of information it stores or processes
These two factors help define what your cyber risk looks like and this can range from a breach of your data storage notification and restoration costs, through to the failure of a system like your CRM, invoicing or project management software causing downtime and lost income.
The scenarios above may seem scary but when you start to consider that these risks can be everychanging and can be suffered at the hands of an unknown party you're probably starting to come to grips with why cyber risks are one of the fastest growing exposures and consistently rank in the top 5 risks that global leaders are worried about.
What we fail to mention above is that the above are seen as first party risks (meaning they only financially affect you) and that this isn't even you starting to worry about claims made by a third parties, statutory and other liability exposures created by it.
Surely it's not that much of a risk?
While it's a fairly new risk for most businesses some insurers have been gathering claims data and providing cover for over five years in New Zealand. That's produced some interesting stats:
- More than 50% of NZ SME's experience IT security attacks at least once a year.
- 70% are affected by viruses, malware and scams.
- 83% of lost smartphones resulted in compromised business data.
What you might find interesting is even from the above stats the claims have a variety of triggers from virus and malware through to organised attacks and even something as simple as losing your phone!
Where does Cyber Insurance fit into my Insurance Programme?
Business owners are realising the risk to their data and are beginning to request policies with enhanced coverage. This means that after looking at your exposures you'll need to go over your current insurance programme to identify its weaknesses in this area. Here's some of the common policy gaps we've found in the "traditional insurances":
- Professional Liability - Broadly worded PI polices are tied to “professional services" and may have a requirement for there to be an act of negligence
- General Liability - Bodily Injury/Property Damage has potential exclusions and/or limitations
- Crime - Requires intentional acts to trigger and only covers money, securities and tangible property
- Kidnap and Ransom - No coverage without a “cyber extortion” amendment
- Property / Material Damage - Data is not considered tangible property
- Business Interruption - Requires a trigger under the property policy
While it is a fairly new type of insurance, Cyber Insurance is needed to plug the gaps left by the "traditional" insurances.