Cyber Risk Ιnsurance
Until now, corporates were looking to insure their tangible assets as well as their personnel against potential risks, in order to ensure their viability. The modern way of communication, the globalization and the speed of development of the internet, the internet of things and the big data, now bring the corporates facing another modern risk, that of the attack on their electronic data. For this reason, Cyber Risk Insurance is necessary for corporates.
We often hear that a group of hackers created malware or threatened a corporate that would gain illegal access to their files, usually aiming of extorting money, tarnishing the company’s reputation, stopping their operations in order to suffer financial damages, and more.
The new European Regulation, GDPR679/ 2016 that is applicable from 25/5/2018, regarding the compliance and measures for the protection of personal data by companies that hold personal data, provides claims from third parties in case of leakage of personal data on the Internet, up to 4% of a company’s annual turnover and/or a fine.
Cyber Risk Insurance offers:
- Legal advice
- Own Losses in the finances of a company
- IT services
- Risk Management Tool
In addition, beyond companies providing technical support to corporates, special anti-virus software, firewalls, remote servers, etc., another way of protecting and securing corporates from online attacks has been created. For this reason, special insurance policies have been created for Cyber Risk Insurance for corporates, in order to protect their electronic data and their financial balance sheet, in case they receive an electronic threat or attack.
Cyber Risk Insurance offers coverage of the company’s financial implications and access to teams of experts who have dealt with a number of incidents. Access to teams of experts can help and minimize financial damage and reputational damage that can occur in a short period of time.
The risks faced by a corporate are:
- Economic consequences
- Loss of income
- Personal insult / Insult of social agenda
- Send/ receive malware or viruses that cause delete of data, corruption of data
- Work interruption
- Service denial attacks
- Defamation / corporate reputation crisis
There are 2 myths about the danger of cyber attacks. It is considered by many, that there are no such attacks in Greece because there is a large bureaucracy and there are stamps and genuine signatures. These two myths have come to an end as the well-known bureaucracy with thousands of papers and tangible documents in libraries no longer exists. Everything is now done electronically and all documents are stored electronically on our electronic devices. As for the stamp, there are now electronic stamps and electronic signatures to make life easier for all of us so that we can do any work from the comfort of our computer.
As we have noticed lately, teleworking has found its place in our daily lives. From the comfort of our home, we now have the luxury of working without any restrictions and performing at work as if we were in our offices. In our personal computers now, there are files and data that concern the company that we work for, customers, suppliers, partners, and more. This results in an increased risk of a cyber attack.
With Cyber Risk Insurance a company is covered in terms of:
- Hacker attack costs
- Money lost from customer accounts illegally
- Third-party liability (in case of loss of personal data)
- Immediate IT intervention
- Reputation that can be lost
- Crisis management
Speaking of a personal data breach, it is meant the accidental or legitimate destruction, loss, alteration, prohibited dissemination, or access to personal data.
Cyber Risk Insurance does NOT cover:
- Bodily Injuries
- Material Damages
- Deception by an employee of the company
It should be noted that in a Cyber Attack Insurance policy, there is always a pre-agreed amount of deductible, which varies depending on the company and the respective insurance policy. By deductible amount we mean the amount of money that the company is required to pay, in the event of the occurrence of the covered risk, and the insurance company will compensate the insured company from that amount onwards, until the loss is covered or the coverage limit is reached.
As far as Cyber Risks concerned, they are a “silent risk”, that can be an individual event that has global consequences, and thus the company that is interested to be insured is always checked – evaluated.
In the event that a company is attacked by a cyber attack, the potential risks it faces are:
- Lack of access to its systems resulting in high cost of lost man-hours and risk of prolonged downtime.
- Inability to make a sale resulting in loss of sales and breach of service agreements
- Consequences in the supply chain of third companies, so they will also have a problem in production and there will be a breach of contractual obligations.
- Unforeseen costs such as production costs, consulting costs, data recovery or replacement, need for electronic infrastructure repairs.
- Corporate reputation crisis, which is a cost to the company, increased competition, consumer annoyance, loss of existing contracts, but also future work, obligation to provide discounts to existing customers, which equates to loss of significant revenue.
- The average share price drop due to such an attack is 5%.
- Cost of investigations that will need to be done such as internal investigations, audit authorities, shareholders.
Cyber Risk Insurance is suitable at companies that mainly:
- Maintain a corporate website
- Maintain an electronic client database
- They use ‘cloud computing’ to store database
- Are based on technological systems for their operation
- They keep sensitive information in electronic files
- They provide the ability to sell online (e-shop)
Finally, regarding the coverage provided for Cyber Risk Insurance are the following:
- Natural data destruction
- Sabotage of employees with data loss
- Data corruption due to virus / hacking
- Interruption of work due to system breach incidents
- Virus / malware transmission
- Immediate treatment / incident costs
- Coverage of extortion costs in order not to leak personal data (in money or cryptocurrencies)
- Expenses of negotiators in case of threat / blackmail
- Legal advice
- Coverage of data recovery / recovery costs
- Restoration of the company’s brand reputation after an incident
- Costs of reporting the incident under the GDPR regulation
- Loss of corporate information
- Administrative sanctions – fines
- Responsibility for publishing media content (Media Liability)
- IT technical services
- Coverage of a fine in case of loss of personal data based on GDPR
- Expenses and services for managing incidents of system breach and loss of confidential information
- Extraction of money by Phishing method
- Cyber crime costs
- Liability of the company against third parties whose data were leaked
- Expenses for interruption of the company’s operations due to violation of electronic systems
- Digital media coverage
- Loss of profits
- Incident notification costs
How the premium of a Cyber Risk Insurance contract is calculated?
The cost of the insurance premium of a Cyber Risk Insurance policy dependes on: the annual turnover of the company, the amount of insurance limit desired by the company, the type of the insured company, the protection measures taken by the company, etc.
Indicatively, for a company with an annual turnover of up to € 1,000,000 and coverage limit up to € 100,000, the premium starts from € 580 per year, while for a company with an annual turnover of up to € 5,000,000, which desires coverage limit up to € € 1,000,000, premium starts at € 2,850 per year (premium has been calculated with the Cyber Edge – AIG program).
For more information regarding Cyber Risk Insurance contact us
Combination of cyber risk insurance with business insurance.
For entrepreneurs that want to have full coverage of their business from any possible risk, coverage from cyber attacks can be combined with business insurance.
For more click here.
For shipping companies, there is specialized Cyber Insurance coverage that covers both offices and ships. For more information please contact us.