Cyber Insurance: the cost of not getting it


Computer crime metaphor, hand in black gloves on a computer.

When it comes to thinking about cyber attacks many small businesses believe that it won’t happen to me.  After all I am just a small business, with not much to steal.  However when it comes to cyber crime, size isn’t important, hackers will take any data they can, and sometimes it’s much easier to get into the systems of a small business. Businesses of all sizes are increasingly vulnerable to cyber-attacks – the need for cyber insurance is really heating up.

There have been some of high profile cyber attacks in recent times that targeted major brands. One of the most recent being the Ashley Madison breach which saw the personal details of 30 million users stolen, held to ransom and then later published online.

Even eBay has had brush with cyber crime, when  hackers managed to steal personal records of 233 million users. Usernames, passwords, phone numbers and physical addresses were compromised. Fortunately financial information was stored separately and not stolen but this still left eBay users vulnerable to identity theft and brought risk to eBay’s reputation.

It is not just big business that is vulnerable to cyber attack, in fact small business is just as vulnerable to cyber crime, with almost 30% of Australian businesses experiencing a cyber attack of some form. This costs the economy billions of dollars and that figure is rising.

So what makes mall businesses so attractive to a hacker? Cyber criminals target small to midsized businesses so they can exploit known weaknesses in the software in which their databases or websites are built on.  They can then extract valuable data and they either on sell the data or demand payment to restore a company’s website or database. The thieves are in frequently in search of personally identifiable information and card payment information.

Take for example the online retailer with turnover of $5m and 15 staff. Their website was defaced and included a link to a competing retailer’s website when hackers gained access to personal information of their customers and overtook their website.

Or the law firm with turnover of $2m and 8 staff. The insured’s server and client records were locked by Ransonware software. The Insured was only able to get the files released after paying a ransom of $50,000 to hackers.

But cyber risk is not just about hackers.  It also covers staff who accidentally make public confidential information, insider theft as well as theft or loss of a device.   Like the sports drug testing consultant who left his laptop at a sports ground.  He was able to claim $70,000 for Business Interruption, notification costs and as defence costs for the breach of privacy.

This is why cyber insurance should considered, as it provides protection against the expense and legal costs associated with data breaches. Having cyber can help mitigate a number of ways a business can be impacted financially:

  • Brand reputation– this is likely to be one of your most import assets, so you will need to protect and potentially repair any damage.
  • Interruption to business– this could include temporary downtime while the issue is investigated, lost income due to system downtime and potential loss of sales.

Network downtime can mean a large expense in implementing a new system, including software costs, infrastructure and people.

Having a Cyber Insurance policy can provide you cover for:

  • Compensation claims
  • Investigations/Forensics
  • Fines & Penalties (Associated with the new Privacy Act)
  • Defence
  • Credit Monitoring
  • Cyber Extortion
  • Data Restoration
  • System Repair
  • Notification
  • Public Relations
  • Business Interruption

The online retailer was paid $800,000 for loss of income, the ransom demand including consultants costs to advise on handling and negotiation of the ransom, and costs to restore the network as the hackers refused to release the files despite ransom payment.

The law firm was paid $150,000 for the loss of income, the ransom demand including consultants costs to advise on handling and negotiation of the ransom, and costs to restore the network as the hackers refused to release the files despite ransom payment.

Cyber insurance is available for first-and third-party losses, which in means that if your business has customer or vendor relationships and processes customer-sensitive (non public) information, you need it

Why do I need cyber in addition to my other policies?

It’s more than likely that your other business cover won’t respond to a cyber or data breach. You should also note that cyber insurance will also help cover regulatory defence, penalties and fines.

Isn’t cover pricey?

Like most insurance, premiums vary by insurer, the type of cover selected and your risk profile.  A policy with $100,000 cover could cost as little as $350 per annum.

Take a cyber leap forward and find out about Cyber Insurance today.


About the author:

This article was provided courtesy of BizCover