Zurich – the ins and outs of cyber risks

Zurich Cyber Risk

Cyber risks

Zurich Cyber Insurance

Cyber insurer Zurich‘s Global Head of Special Lines Lori Bailey has published an article outlining the ins and outs of cyber risks.

See where cyber risks originate, how they accumulate and how they can derail mission critical aspects at every level of your business.

kh-image-the-ins-and-outs-of-cyber-risks

The consequences of cyber risks can disrupt critical business infrastructure and derail productivity at the operational level. Here’s a complete look at where they originate, what they target and their consequences.

Cyber Risk Sources

  • Human error accounts for 52 percent of cyber breaches, according to a study by CompTIA.
  • Creating resilience to cyber risks requires focus on educating and training employees

kh-image1-the-ins-and-outs-of-cyber-risks

CyberRisk Targets

  • Indirect targets of cyber encroachments are as significant as direct targets.
  • Access to financial information, for example, could put at risk the financial information of a private company that is a customer.
  • This underscores the need for a holistic view of cumulative cyber risks.

kh-image2-the-ins-and-outs-of-cyber-risks

CyberRisk Consequences

  • The consequences of cyber risks are not limited to lost data.
  • Transactions can fail; supplies or products can be misdirected.
  • Manufacturing can be halted or output faulty goods; safety issues can cause injuries.
  • Dissatisfied customers can turn elsewhere.

kh-image3-the-ins-and-outs-of-cyber-risks

Source: Zurich

Speak to one of Insure 247’s brokers on 1300 046 787

Please note Cyberliabilitycomparison.com.au Insurance News is an information service sometimes provided by third parties Insure 247 Australia doesn’t warrant the accuracy of any information contained therein, readers should make their own inquiry’s before relying on information in the stories Terms of Service

Cyber Insurance Comparison

Please note that any advice given has been provided without taking into account your objectives, financial situation or needs. It is also based on information we have obtained from you. You must ensure the information is accurate and complete. Otherwise, this advice may be based on the inaccurate or incomplete information. You should consider whether the advice is appropriate in light of your objectives, financial situation, and needs

 

Cyber insurance policies Top 11 questions to ask your insurer

Cyber Policy

 

With increasing awareness of cyber security risk issues there is now a vast array of information available which provides organisations with advice on how best to combat cyber security breach events. See for instance the recent paper from ASIC – Cyber resilience: health check. There is little information however on cyber insurance products and whether they should form part of an organisation’s cyber risk mitigation strategy.

So with more and more organisations taking up cyber insurance as part of a broader cyber security strategy, there are some key issues to bear in mind.

In no particular order, make sure you ask your insurer the following:

  • What are the minimum security requirements expected under this policy?

    Often policies will impose minimum security requirements before offering any sort of coverage. You can expect to be qualified by the insurer who will want to confirm “adequate” security controls are in place to begin with. If they’re not up to scratch your application will likely be refused.

    Insurers and brokers are often a good source of information and best practice. Ask your broker if they can refer experts who can assist with putting in place adequate security protocols, cyber compliance programs or undertake testing to assist an organisation to get up to speed.

  • Are there any additional measures you can put in place to reduce your premium?

    It may be worth considering putting advanced security measures in place to give your insurer additional comfort and more importantly reduce your premium. Your broker or insurer can advise on some “quick wins”. Ultimately however, you will need to weigh up the reduced premium against the cost and additional time and resources involved in implementing such measures.

 

  • What ongoing audit and compliance obligations are required?

    Most policies will require some form of regular audit as well as ongoing compliance reporting for the policy to remain current. Some insurers reserve the right to audit systems and security protocols that are in place. It is important that you and your team fully understand and can plan for these activities, as failure to meet the expected requirements may mean your policy will not respond when it needs to.

 

  • How do response and management protocols affect insurance obligations?

    Ensure you have clear response and management protocols, and that they are well understood by all relevant stakeholders. In the event of a security breach incident it is important you understand how this ties in with any existing insurance obligations. Even with all your policies and procedures in place, if they are not properly followed in the event of a claim this may be the difference between the policy responding or not.

 

  • What is the minimum downtime before the cyber policy will respond?

    Beware policies which only respond after a minimum downtime period. Cyber security breach events once triggered happen extremely quickly. If you have to wait 12 or 24 hours before calling on the policy to assist – it may be too late. Whilst you may have to pay extra for a reduced period it might be worth it in the end.

 

  • How does the policy fit with our existing insurance coverage?

    Beware any overlaps, but more importantly “gaps” between policies which will leave the organisation exposed.

 

  • How will the policy and its scope evolve over time?

    Technology is evolving so fast and hackers are generally at the forefront, picking up on new vulnerabilities and opportunities to ply their trade. You need to understand how the policy evolves over time to pick up and include additional risks as they become apparent. Is this something the insurer addresses once a year or is it ongoing?

    You also need to understand if these updates will result in a change in coverage and consider any additional costs that might be associated with amending the scope as well as any new exclusions which come with such changes. Ask your insurer if there are likely to be any changes which may affect your organisation’s risk profile.

  • What is the impact of a breach on your premiums?

    Understand the impact of a breach on premiums and any additional obligations which are likely to be imposed in the event a claim is made. Are there any benefits in not making a claim – will this reduce the premium at all?

 

  • Does the insurer understand your industry and its regulators?

Ensure the insurer understands your industry and any unique regulatory requirements which may apply. If an organisation is in a regulated space, it will be having ongoing discussions with the main regulator(s) to make sure it is aware of any relevant standards or other best practice which the regulator expects to be covered off. Brokers and insurers that claim to have particular experience in an industry should be doing the same to ensure they factor in “nuances” which may affect the policy.

  • What is the timeframe in which you must report a breach in order to use your policy?

Often breach events take months or in some cases years to discover. It may well be that by the time the breach is discovered, there is a reporting period exemption that affects you or the policy has expired. Some insurers will allow organisations to pay an “optional extended reporting period premium” to provide additional time in which they can notify of a claim arising during the period of the policy. This optional period is generally no more than 12 months however, so may not pick up on these “sleeper” events.

 

  • What regions/territories are you covered in?

    Insurers will typically not provide insurance cover for any action for damages brought in a court outside the policy’s specified territories. It is therefore crucial to ensure any territory limitations which may apply to a policy are considered and additionally, how claims affecting business conducted outside of Australia, will be impacted.

Finally carefully consider the policy terms and conditions. This generally goes without saying but “the big print giveth and the small print taketh away”.

What many organisations fail to realise is that there is room to negotiate on these issues – both the big and small print. Arm yourself with the right questions and do a little homework beforehand and you will be well placed to successfully navigate the cyber insurance conversation with your broker and insurer.

Dudley-Kneller

Dudley Kneller

Partner, Madgwicks Lawyers

 

Dudley Kneller is a technology lawyer with a specialty in cyber risk and strategic sourcing and supply projects. He has more than 18 years’ experience practicing across Australia, Europe and the UK, and has worked on projects based in a range of countries, including the Philippines, India, and Russia and throughout South America.

 

Dudley is listed as one of a group of leading Technology, Media, Telecoms Lawyers for Melbourne in Doyle’s Guide for 2015.

 

Speak to one of Insure 247’s brokers on 1300 046 787

Please note Cyberliabilitycomparison.com.au Insurance News is an information service sometimes provided by third parties Insure 247 Australia doesn’t warrant the accuracy of any information contained therein, readers should make their own inquiry’s before relying on information in the stories Terms of Service

Cyber Insurance Comparison

Please note that any advice given has been provided without taking into account your objectives, financial situation or needs. It is also based on information we have obtained from you. You must ensure the information is accurate and complete. Otherwise, this advice may be based on the inaccurate or incomplete information. You should consider whether the advice is appropriate in light of your objectives, financial situation, and needs

Insure Against Cyber Risk

In our continuing series on Cyber Risk, we thought it would be interesting to see what the potential cyber risk is with the new Australian Privacy Principles and its implications for small business.

Are we prepared

90 % of private companies don’t have insurance against cyber risk,  that’s one of the findings in Chubb 2013 Private Company Risk Survey. That means the uninsured companies will have to foot the bill if the are found liable for loss as a result of cyber crime, or data breach.

So if your cloud computing company is breached you may find your self ultimately liable for the loss of data .

Australian Privacy Principles

The National Privacy Princibles (NPP) will be replaced by the Australian Privacy Principles (APPs) on 12 March 2014 the change includes civil penalty regime for breaches of privacy. Click here for a copy of the privacy fact sheet

APP Privacy principle  8—cross-border disclosure of personal information, will require your clients information held on servers in countries is at least substantially similar to the way in which the Australian Privacy Principles protect the information.

Where is your data held? And how does your cloud company protect it?

You could simply call Salesforce, Google, Jive Software, Demandware or Xero and ask which country your data is stored in or backed up in, as long as that country meets the similar privacy standard to Australia your fine.

Steps that may help your company

  • Develop an Incident Response Plan (IRP)
  • Encrypt Portable devices
  • Assess cloud services providers’ data security
  • Get Cyber Liability Insurance

If you are still unsure, speak to a specialist, get them to review your potential risks and possible mitigation.

Steve Sloan
steve-sloan-insure247

Steve is a licensed insurance broker and marketer. He is an internet insurance pioneer in Australia.

Cyber Risk Trends

Where is your exposure
Cyber Threat

Any advice that may have been given is general advice only, please be aware that we have not taken into consideration your needs, objectives or financial requirements. Before deciding to purchase a financial product you should consider the appropriate Product Disclosure Statement to ensure the product is suitable for your needs.

First Published on GreatChoice

The importance of cyber insurance

Why is cyber insurance important?

Cyber-attacks or data breaches can take many forms, from deliberate attacks to technology issues or simple negligence. As modern business is reliant on computer systems and networks, a breach of data or a shut-down of service can have a major impact on your business with many small businesses unable to operate afterwards.

Cyber Insurance can help in the event of a breach

Small businesses are particularly vulnerable to cyber-attacks of all kinds and it can be very costly. Aside from the cost of notifying your customers, you may also face costs for PR, credit monitoring, investigations response and compliance related activity, compensation for affected customers and engaging experts.

Most of these costs aren’t covered by normal business insurance, which is why it is important to speak to your insurance broker to make sure you are covered in case of a breach or attack.

Information provided by Know Risk.

Click Here To Compare Cyber Insurers

[pardot-form id=”489″ title=”Cyber Insurance”]

Please note that any advice given has been provided without taking into account your objectives, financial situation or needs. It is also based on information we have obtained from you. You must ensure the information is accurate and complete. Otherwise, this advice may be based on inaccurate or incomplete information. You should consider whether the advice is appropriate in light of your objectives, financial situation and needs

 

What Is Cyber Crime

In basic terms, cyber crime is a blanket term for any type of activity of a criminal nature that is carried out using a computer and/or the internet.

Cyber crime includes all of the following:

  • Identity theft
  • Cyber stalking
  • Use of malware
  • Use of viruses
  • Computer and network hacking
  • Online scams
  • Phishing scams
  • Fraud
  • Information theft
  • Extortion
  • Identity theft

When you consider that almost all businesses have an internet presence or make use of the internet in their everyday business dealings, it becomes pretty clear that cyber crime presents a risk to even the smallest businesses. And criminals don’t necessarily need to hack your systems to commit cyber crime; if they manage to get their hands on a laptop, iPad or mobile phone belonging to your business (either because it has been stolen or left unattended), they have easy access to your information and are able to more easily commit their crimes.

What does cyber insurance cover?

Although policies will vary between insurers, a typical cyber insurance policy is designed to help you with both preventing breaches in the first place and dealing with them if and when they occur. Cyber insurance policies usually include the following:

  • The cost of restoring or recreating electronic data following a breach or leak
  • Forensic services to investigate a breach
  • PR coaching in the event a breach harms your business’s reputation
  • Assistance guarding against data breaches, hacking and employee error
  • Guidance on how to respond to a breach
  • Funds to cover the adverse financial effects related to a breach
  • Funds to cover any fines that might be payable following a breach

Source Knowrisk.com.au

Click here to Compare Cyber Insurance

[pardot-form id=”489″ title=”Cyber Insurance”]

Please note that any advice given has been provided without taking into account your objectives, financial situation or needs. It is also based on information we have obtained from you. You must ensure the information is accurate and complete. Otherwise, this advice may be based on inaccurate or incomplete information. You should consider whether the advice is appropriate in light of your objectives, financial situation and needs. Please read the Product Disclosure Statement and contact us if you require any clarification
QuotesOnline offering free business insurance quotes

Claims Scenarios

Cyber Insurance Claims

Lost Laptop

A laptop containing lists of customer and personal contact information is left on the bus, possible cyber claim.

Claim for client designs destroyed in virus attack

Customer designs are compromised after a work colleague opens an email that lets a virus into the network.

claims

Patient personal information

IT infrastructure has been accessed and a copy of all of your patient records may have been obtained.

Unauthorised sale/use of sensitive information

A Customer alleges that a failure of your IT system has led to financial information being obtained and ultimately leading to their credit rating being impacted. On investigation, an employee has copied these records and passing them on to a criminal gang who have been committing credit fraud.

Extortion attempt

You receive an extortion e-mail. It is clear that if you don’t comply with the demands, your business will be impacted.

[pardot-form id=”489″ title=”Cyber Insurance”]

Compare Cyber Insurance Quotes from leading Australian Insurers like AIG, Allianz, Brooklyn Underwriting, Chubb, Dual, Emergence and Zurich

Cyber Insurance Comparison

Please note that any advice given has been provided without taking into account your objectives, financial situation or needs. It is also based on information we have obtained from you. You must ensure the information is accurate and complete. Otherwise, this advice may be based on inaccurate or incomplete information. You should consider whether the advice is appropriate in light of your objectives, financial situation and needs

Lets Get You Covered

Insure 247 Australia

Lets Get You Covered

The Insure 247 Team is here to Help with your business insurance needs, our team of specialist are experts in small to medium enterprise (SME) insurance. As well as your business needs the team can also look after you and your family’s needs.

Evitz Nutritional Pty Ltd t/as Insure 247 Australia ABN 72 100 138 725is an Authorised Representative of Ausure Pty Ltd ABN 94 096 971 854 AFSL 238433

Is Cyber Insurance Compulsory?

Is Cyber Insurance Compulsory?

Cyber Insurance is not compulsory in Australia

The importance of cyber insurance

Cyber-attacks or data breaches can take many forms, from deliberate attacks to technology issues or simple negligence. As modern business is reliant on computer systems and networks, a breach of data or a shut-down of service can have a major impact on your business with many small businesses unable to operate afterwards.
Cyber Insurance can help in the event of a breach
Small businesses are particularly vulnerable to cyber-attacks of all kinds and it can be very costly. Aside from the cost of notifying your customers, you may also face costs for PR, credit monitoring, investigations response and compliance related activity, compensation for affected customers and engaging experts.

Mandatory breach reporting creates cyber-insurance imperative

[pardot-form id=”489″ title=”Cyber Insurance”]

Compulsory

If you are still unsure whether your policy covers this scenario speak to one of Insure 247’s brokers on 1300 046 787

1300-Insure

Please note Cyberliabilitycomparison.com.au Insurance News is an information service sometimes provided by third parties Insure 247 Australia doesn’t warrants the accuracy of any information contained there in, readers should make their own enquiry’s before relying on information in the stories Terms of Service

Compare Australian Cyber Insurers

Please note that any advice given has been provided without taking into account your objectives, financial situation or needs. It is also based on information we have obtained from you. You must ensure the information is accurate and complete. Otherwise, this advice may be based on inaccurate or incomplete information. You should consider whether the advice is appropriate in light of your objectives, financial situation and needs