Cyber Liability Insurance
Discussion
It's annual insurance renewal time.
The commercial combined policy renewal is slightly down (Pennies). Everything else is thereabouts with existing insurers
My broker has suggested cyber liability insurance which seems like a good idea, we use Shopify for just under 50% of our turnover.
As I alone deal with the money, I'm reasonably confident about invoices with altered bank details, as we deal with regular suppliers, but I do worry about dodgy attachments that come to the online side, though not had one yet
How much cover is sensible? as a percentage of turnover, suggestions please
The commercial combined policy renewal is slightly down (Pennies). Everything else is thereabouts with existing insurers
My broker has suggested cyber liability insurance which seems like a good idea, we use Shopify for just under 50% of our turnover.
As I alone deal with the money, I'm reasonably confident about invoices with altered bank details, as we deal with regular suppliers, but I do worry about dodgy attachments that come to the online side, though not had one yet
How much cover is sensible? as a percentage of turnover, suggestions please
I feel that Cyber (I avoid including liability, as it's not necessarily cover for your liability), whilst certainly a useful cover for some and not necessarily missold as such, is being sold on the immaturity of the product, people identifying another area of insurance to discuss and possibly up/cross sell and the scaremongering surrounding GDPR etc.
It's worth asking your broker who it is that they'd be providing their policy through. After all, in the event of an incident, your cover is only as good as the support behind it and in this kind of area, you'd be worthwhile engaging an insurer who provides dedicated claims support (rather than providing the costs associated with a claim) so that you can be back up and running soonest. There are some particularly good insurers out there but it's worth bearing in mind that with the product itself being so young, covers can vary and it's not as "like for like" as some general commercial insurances are.
To give you an idea of the variances:
Some insurers are claiming they will pay fines/penalties - but this cannot necessarily occur as fines/penalties are not meant to be insurable
Some insurers provide cover for you losing third party monies due to you being duped - this is quite rare
Some insurers provide "cyber crime" but all may have their own definition of what the cyber event in question is
From your post, it seems as if you're concerned about hitting an attachment, which is malicious, which then effects your own systems? Do you rely on your systems to work, will it cause an interruption and possible loss of income/profit? Are you concerned about ransomware infecting your system through an attachment? All of these are very much "first party" i.e. issues that would affect you and is normally covered under a cyber policy.
If I were you, I'd be discussing real world examples with your broker and identifying if the insurer they're putting forward (bear in mind a lot of insurers are now attempting to jump on the bandwagon for this type of cover and offering bolt-on policies to existing general commercial policies) can meet your expectations.
Good luck, a bit of a minefield but an interesting one to keep up with!
Forgot to add, worth speaking to insurance_jon on here, believe his offices are local to you, too.
It's worth asking your broker who it is that they'd be providing their policy through. After all, in the event of an incident, your cover is only as good as the support behind it and in this kind of area, you'd be worthwhile engaging an insurer who provides dedicated claims support (rather than providing the costs associated with a claim) so that you can be back up and running soonest. There are some particularly good insurers out there but it's worth bearing in mind that with the product itself being so young, covers can vary and it's not as "like for like" as some general commercial insurances are.
To give you an idea of the variances:
Some insurers are claiming they will pay fines/penalties - but this cannot necessarily occur as fines/penalties are not meant to be insurable
Some insurers provide cover for you losing third party monies due to you being duped - this is quite rare
Some insurers provide "cyber crime" but all may have their own definition of what the cyber event in question is
From your post, it seems as if you're concerned about hitting an attachment, which is malicious, which then effects your own systems? Do you rely on your systems to work, will it cause an interruption and possible loss of income/profit? Are you concerned about ransomware infecting your system through an attachment? All of these are very much "first party" i.e. issues that would affect you and is normally covered under a cyber policy.
If I were you, I'd be discussing real world examples with your broker and identifying if the insurer they're putting forward (bear in mind a lot of insurers are now attempting to jump on the bandwagon for this type of cover and offering bolt-on policies to existing general commercial policies) can meet your expectations.
Good luck, a bit of a minefield but an interesting one to keep up with!
Forgot to add, worth speaking to insurance_jon on here, believe his offices are local to you, too.
Edited by DizzyN on Tuesday 26th March 14:32
Some good advice although on the Cyber Essentials I would be looking at a much higher limit than £25k, the costs can quickly rack up if a claim/assistance was required. I'd suggest keeping an eye on your broker suggesting CFC as they seem to be ahead of the game for the wording and covers, Hiscox are good having recently updated the offering and also provide online courses if this appeals.
I work in the PI side of insurance and the Cyber/Crime side of things has grown considerably over the past few years....still trying to get my head around it!
I work in the PI side of insurance and the Cyber/Crime side of things has grown considerably over the past few years....still trying to get my head around it!
BREMBOV6 said:
Some good advice although on the Cyber Essentials I would be looking at a much higher limit than £25k, the costs can quickly rack up if a claim/assistance was required. I'd suggest keeping an eye on your broker suggesting CFC as they seem to be ahead of the game for the wording and covers, Hiscox are good having recently updated the offering and also provide online courses if this appeals.
I work in the PI side of insurance and the Cyber/Crime side of things has grown considerably over the past few years....still trying to get my head around it!
Agreed on both CFC (MGA rather than direct insurer but an extremely competent claims service) and Hiscox, the insurers to be looking out for in this area. The main part to avoid is adding "Cyber" by way of a section or add-on to your existing commercial insurance, say what Aviva do, as it's not quite the same.I work in the PI side of insurance and the Cyber/Crime side of things has grown considerably over the past few years....still trying to get my head around it!
Brembo, are you in Underwriting or Broking if you don't mind me asking? Always curious when I see insurance bods on here.
BREMBOV6 said:
Some good advice although on the Cyber Essentials I would be looking at a much higher limit than £25k, the costs can quickly rack up if a claim/assistance was required. I'd suggest keeping an eye on your broker suggesting CFC as they seem to be ahead of the game for the wording and covers, Hiscox are good having recently updated the offering and also provide online courses if this appeals.
I work in the PI side of insurance and the Cyber/Crime side of things has grown considerably over the past few years....still trying to get my head around it!
Aren't we all!I work in the PI side of insurance and the Cyber/Crime side of things has grown considerably over the past few years....still trying to get my head around it!
Agreed re: CFC - up until very recently I would only offer CFC as an option in respect of Cyber. I will say the product Angel released at the back end of last year strikes me as a good cheaper alternative now though.
I arranged some cover for an IT Consultant last month with CFC - he's got the £25k AIG policy because he's done Cyber Essentials but didn't feel that was enough. Plus, for him, he was worried about a third party claim - that AIG policy only covers first-party losses iirc.
There are 3 parts to Cyber Insurance generally:-
First party (e.g. damage as a result of viruses and hacking, extortion)
Third Party (Cyber Liability)
Crime (Theft of money as a result of hacking etc)
I don't know what business you're in but don't underestimate the importance of Liability cover. Will deal with things like reporting data breaches to the ICO, the effects of someone suing you through a data breach etc.
First party (e.g. damage as a result of viruses and hacking, extortion)
Third Party (Cyber Liability)
Crime (Theft of money as a result of hacking etc)
I don't know what business you're in but don't underestimate the importance of Liability cover. Will deal with things like reporting data breaches to the ICO, the effects of someone suing you through a data breach etc.
if you go the cyber essentials route and want a free tool to help with going through the process - https://www.titania.com/customers/bonus-tools/risk...
note: i'm bias, but we created the tool in collaboration with UK Gov back in 2016. Hope it helps!
note: i'm bias, but we created the tool in collaboration with UK Gov back in 2016. Hope it helps!
DizzyN said:
Agreed on both CFC (MGA rather than direct insurer but an extremely competent claims service) and Hiscox, the insurers to be looking out for in this area. The main part to avoid is adding "Cyber" by way of a section or add-on to your existing commercial insurance, say what Aviva do, as it's not quite the same.
Brembo, are you in Underwriting or Broking if you don't mind me asking? Always curious when I see insurance bods on here.
I'm in the broking side. How about you? Brembo, are you in Underwriting or Broking if you don't mind me asking? Always curious when I see insurance bods on here.
Gassing Station | Business | Top of Page | What's New | My Stuff