Contact us

1300 GOCYBER (1300 462 923)

Call or email us today!

Contact details:

Message:

Your message has been sent successfully. Close this notice.

Cyber Insurance Quote Form

Limit of Liability

Company Details

Do you process, transmit or store more than 10,000 financial transactions per year?

Yes No, less than 10,000

Do you use and keep up to date firewalls and anti-virus protection for all systems?

Yes No

Do you use third parties to complete audits of your system and security on a regular basis?

Yes NO

Are all portable devices password protected? (mobile phones, laptops, tablets, etc)

Yes No

Do you have encryption requirements for all data including portable media?

Yes No

Do you have back-up and recovery procedures for business critical systems, data and info assets?

Yes No

Do you outsource any part of your network, including storage?

Yes, we use third party providers. No, all managed in house

Do you store sensitive information on web servers?

Yes No

Do you know of any loss payments, fines or penalties being made on your behalf?

Yes No

Are you aware of any matter which might give rise to a claim or loss under such insurance?

Yes No

Have you suffered any loss or claim but not limited to a regulatory, governmental or administrative action brought against you, or any investigation or information request concerning any handling of personal info?

Yes No

The applicant or any subsidiaries have any knowledge of any loss payments, fines or penalties being made on behalf of any applicant or any person proposed for coverage any cyber policy or similar insurance?

Yes No
Your quote request has been sent successfully, one of our brokers will contact you today! Close this notice.

Business Insurance Quote

Contact details:

Sections

Property & Contents

Yes, please quote No, thank you

Public & Products Liability

Yes, please quote No, thank you

Cyber Liability

Yes, please quote No, thank you

Theft & Money

Yes, please quote No, thank you

Computers & electronic equipment

Yes, please quote No, thank you

Business Interruption

Yes, please quote No, thank you

Machinery Breakdown

Yes, please quote No, thank you
Your quote request has been sent successfully, one of our brokers will contact you today! Close this notice.
8 years ago · by · 0 comments

Choosing the right cyber insurance policy.

Digital Lock-breach-ransomware

Cyber Insurance differentiation

The start of 2017 has seen a nearly constant media trail covering cyber attacks and discussing the risks involved with hacking for businesses small to large and critical infrastructure networks. Yahoo is still in damage control and desperately trying to stop the value of their current buyout with Verizon from slipping any further. Verizon is rumored to pull out of the monstrous takeover for mainly cyber security and reputation concerns.

Many business owners are beginning to recognize the risk and impacts coming their way as a result of media coverage and internal discussions but are still unsure of the specifics regarding cyber insurance. With many options available and a broad range of difference between some insurer details it is easy to take the cheapest stand alone policy or rely on a ‘cyber extension’ added onto another existing insurance policy. For example, adding a $200,000 sub-limit onto a directors & officers or management liability policy. While these options may suit some businesses at this stage, we recommend asking yourself the following questions to assess your companies cyber insurance policy requirements.

What was disclosed in the proposal?

Most businesses are familiar with insurance proposal forms or applications. How a business discloses their operations has great impact on the insurance policies written based on these details. The duty of disclosure states that any misrepresentations, omissions or incorrect statements in the application are grounds for withdrawal of the policy or a claim being declined. Organisations being left to weather the storm due to incorrectly disclosed activities is nothing new and has been argued by insurance providers on countless occasions.

Questions regarding turnover, staff numbers, products, assets, etc are all standard and easily answered but cyber insurance proposal forms have been asking questions surrounding data retention, internal security protocols, penetration tests and audits, privacy policies and more which have been raising eyebrows lately. Some proposal forms are asking which third party vendors are being used (cloud, email & network service management) and if their security procedures are in line with industry security compliance requirements.

Taking the time to discuss the proposal requirements with a counsel of staff and broker will no doubt help to ensure accurate information has been disclosed for your industry specific business situation.

Is this the right broker?

Having a broker with a keen interest in cyber security and your industry is key, we recently discussed the importance of having a cyber-savvy broker, here.

Arranging the most appropriate policy depends on accurate information from your staff and the best advice from your broker. Your adviser should be aware of industry specific litigation precedents as cyber insurance policies are still relatively new in court precedents and terms vary between insurance providers. Knowing the market differences in policy coverage from providers and how to negotiate tailored terms for your unique business needs is also important to keep in mind when assessing your broker. This will help to reduce gaps in cover which would be costly at claim time.

In the event of a claim, you want to be confident your business will be taken care of promptly and professionally. The majority of policies have approved third party vendors which will be used should a claim incident arise but knowing the best attorneys, security analysts, forensic investigators and other response providers is something your broker should be aware of and strive to recommend.

Cyber Insurance Australia Logo

Protect your business with Cyber Insurance Australia.

What are the gaps in coverage?

For most business insurance policies there are certain industry specific clauses and endorsements which if not reviewed can cause large gaps in policy cover, cyber insurance is no different. Understanding and regularly disclosing the risks your business faces will help your adviser make the best amendments and decision for cover.

Some insurers are offering a cyber liability sub section of cover which can easily be added onto a preexisting management liability or directors and officers policy. These additional sections usually have very restricted policy ‘triggers’ and a lower limit of liability than is in line with the national cyber attack average cost of around $276,323. As a result Cyber Insurance Australia recommends arranging a stand alone cyber insurance policy with a sufficient limit of indemnity. That may be the average cost but some organisations claim costs have certainly eclipsed this figure as can be seen in recent claim examples, here.

First party costs are a standard part of these polices however third-party costs can be excluded. There have been a number of data breach class action law suits against organisations not just from disgruntled members of the public who have had information leaked, there have been a handful of B2B client’s whose own business livelihood relies on services offered by the first party organisation. In this example, Amazon’s widely used web servers  were effected by a large storm which in turn caused a business disruption to a number of high profile clients such as Westpac, Dominos, Menulog and Foxtel Go. Under a traditional business interruption policy this disruption would not be covered  leaving businesses to cover their own expenses.

Having your broker understand how your business operates in the digital world is necessary for accurate cover, the 2016 US case against P.F. Changs illustrates the importance of a greater level of industry knowledge required from insurers and brokers. The restaurant chain requested cover for PCI-DSS assessments but were not able to prove that request was correctly covered in their cyber insurance policy. As a result, Changs was not covered for over $2 million in fees, assessments and included the costs of notifying consumers, replacing cards and reimbursing fraudulent charges. These costs could have been avoided by a carefully worded amendment to the policy terms in line with the clients operations.

It is important to note that crime policies can potentially answer the call from a cyber event but these policies may not cover the complex and unknown details associated with cyber attacks. For example, human error is still the number 1 cause for malware attacks. In a recent US court of appeals decision,  the court agreed with the insurer’s denial of cover due to the exposure being human failure to investigate and not a direct result of the malicious email. The decision sets a dangerous precedent for Australian businesses relying on existing policies to cover themselves.

Cyber Insurance Australia recommends reviewing policies annually to cover new business activities and threats as even the best policies should be reviewed regularly.

What will activate the cyber insurance policy?

Nightmare stories of insurance companies declining to cover something which the business owner thought was part of their policy is nothing new. The first question usually asked to your broker or adviser is always “are we covered?”. Understanding when and why your insurance policy will kick in and what is left uncovered is important and should always be discussed with your broker. We recommend having a meeting between your information security staff and your potential broker regarding industry specific risks and business operations to confirm any possible gaps in cover.

With the recent mandatory data breach notification bill being passed, one of the important questions is weather the policy has cover for suspected breaches and associated investigations or strictly confirmed breaches. Investigating a potential breach and reporting to the appropriate government body can be costly and time consuming. Due to the new breach law it is best practice to investigate any suspected breach at length as the bill states any business caught not to be reporting a breach can be fined between $360,000 and $1.7 million.

Confirming if the policy is occurrence based or only applies upon discovery of a breach is on of the most important factors when reviewing cyber insurance cover. Yahoo and a range of high profile organisations have been victims of massive data breaches but even at such a large corporate level these breaches were only discovered a shocking years later when investigating a different suspected breach.

Cyber Insurance Australia Logo

Protect your business with Cyber Insurance Australia.

 

Comments

Not found any comments yet.

Leave a reply

Your email address will not be published, and your website url is not required.

Take care of your business

Insurance for
your business future

Call us today for specialist business insurance packages.

Company information

Naga Risk Solutions Pty Ltd ATF Naga Investment Trust T/As Cyber Insurance Australia (CAR 1250594 | ABN 59 378 032 992

Corporate Authorised representative of Community Broker Network Pty Ltd | AFSL 233750 | ACN 096 916 184

Financial Services Guide (FSG), Privacy Policy, Complaints & Dispute Handling (FSG), Insurance Brokers Code of Practice (FSG)

Contact details

E-mail address:
contact@cyberinsuranceaustralia.com.au

1300 GOCYBER

1300 462 923

Available 8:30am - 5:00pm

PO Box 1677, Milton LPO
Milton
Brisbane, QLD 4064

Join our monthly newsletter for:

Enter your email and stay up to date,

Subscribe to our monthly newsletter!