With the increasing frequency of cyber attacks, many businesses are now purchasing Cyber Insurance to transfer cyber risk and to protect themselves in the event of a data breach or other cyber-related incident. But what is the difference between other business insurance and exactly what does cyber insurance cover? In this blog post, we’ll take a look at the types of coverage offered by cyber insurance policies, as well as some of the underwriting exclusions that you should be aware of.
What Is Cyber Insurance?
Cyber insurance is a type of liability insurance, that businesses can purchase to financially protect themselves from internet-based risks or cyber attacks. These risks can include cybercrime, data breaches, hacking attacks on your server or computer systems, and other types of cyber attacks. It is a risk management tool just like a normal business insurance. Sometimes it’s also known as cybersecurity insurance, cyber liability insurance or even data breach insurance.
Cyber liability insurance can cover policyholders the costs of recovery from an attack, including cost of data breaches, cybercrime, and other cyber attacks by hacker. This includes the cost of hiring a professional to clean up your website (IT Expert) or reputation (Public Relations firm) after an attack, as well as any legal fees you may incur. Some policies will also cover the cost of ransomware attacks. However, not all cyber insurance policies are alike, and some may not cover certain types of risks or provide enough protection.
In Singapore, business owners including SMEs (small business owners) can buy cyber insurance policies from insurers such as Sompo, Delta, Allied World, AIG, NTUC Income and many others. This means that there are many options available for business owners who want to protect themselves against online risks.
What Coverage Does Cyber Insurance Provide?
Businesses are increasingly vulnerable to cyber attacks, and cyber risk insurance can help to protect them from any potential cyber event like security breach or network security breach. This insurance can provide coverage for up to $2 million in damages for SMEs (small-to-medium sized enterprises) and they are the most common target of cyber attacks, so they are well suited for cyber risk insurance.
Cyber insurance provides coverage for a variety of risks, including first-party, third-party coverage, business interruption, defense costs, regulatory investigation and even ransom. To summarize, basically it covers 3 main costs:
A) Crisis Management: Cost to manage the incidents
- IT Expert
- Public Relation (PR)
- Restoration Costs
B) First-Party Coverage: Cost that impact the company directly
- Network Extortion / Ransom
- Business Interruption
C) Third Party Coverage: Cost that company liable to pay
- Regulatory Liability like PDPC (Personal Data Protection Commission)
- PCI DSS (Payment Card Industry Data Security Standard)
- Consumer claims / settlement
- Investigation Liability
On top of this, 2 more important items you need to take note of for cyber risk coverage:
1) Excess / Co-Insurance
Most, if not all, of the claims are subject to the policy excess for each claim and different insurers have different excess amount
2) Retroactive Date
Most, if not all, covers claims if the incident happens after policy inception date. Opt for “Unlimited” option, if available, as this will cover from Day 1 your company is incorporated as we won’t know if there’s any malware or trojan horse in the system before the policy inception.
What Does Cyber Insurance Not Cover?
Many people are hesitant to purchase cyber insurance because they don’t know what it covers and what it doesn’t cover.
First and foremost, cyber insurance does not cover every type of attack. Cyber risk insurance policies generally only cover attacks that result in financial loss or damage to the system itself. This means that data breaches caused by employee negligence (such as leaking sensitive information) are usually not covered. Additionally, some companies exclude coverage for viruses and other malicious code that was introduced intentionally (for example, through malware).
Most policies also exclude claims related to intangible assets such reputational damage. For example, if someone’s online reputation is damaged as a result of a cyber attack, their business may be unable to recover from this damage and it’s not part of cyber liability coverage.
If your policy does not have unlimited retroactive date and should the root cause of the cyber event like ransomware was planted before your policy inception date, then this policy will not pay out.
Cyber insurance is not all risks cover. For example, it does not cover terrorism or sabotage. Therefore, businesses should carefully assess their needs before purchasing this type of coverage.
Social engineering frauds: Social engineering frauds occur when criminals use deception tactics to steal personal information from victims. Cyber coverage policies usually do not cover losses related to social engineering fraud incidents.
How Much Does Cyber Insurance Cost?
The global average cost of a cyber insurance policy is $1.5 million. This means that the cost of a cyber insurance policy varies greatly from one country to another, and from one industry to another. However, the costs of a cyber risk insurance policy are generally higher than the costs of dealing with a data breach alone. For example, a ransomware attack can cost a company up to $100,000 in damages alone.
In the latest Singapore Cyber Landscape 2021 report published by CSA on 29 August 2022, cyber extortion alone has increased from 68 in 2019 to 420 in 2021. Another findings is the phishing URLs with a Singapore-link were detected, increase from 47,000 in 2020 to 55,000 in 2021. That is a 17% increase in just 1 year.
Generally in Singapore, the premium is based on the coverage amount (sum assured) and your company turnover. The higher the company turnover, assuming the higher chance of being targeted, thus the higher the premium. For SMEs, the premium starts from just $900/year for a $250,000 coverage.
Is Cyber Insurance Worth It?
Cyber insurance is a type of insurance that covers you against cyber threats. Cyber threats can include things like data breaches, ransomware, and malware.
One reason why cyber insurance is worth it is because it helps to cover the costs associated with data breaches. For example, if your company suffers a data breach that results in the theft of customer information, cyber insurance could help to cover the cost of repairing the damage done and compensating those impacted by the breach. It also covers legal expenses and public relations (PR) related to a data breach.
Another reason why cyber insurance is worth it is because it helps to protect you against ransomware and malware attacks. Ransomware and malware are two types of attacks that can have a devastating impact on businesses. By having cyber insurance coverage, you can help to mitigate these risks and protect your business from significant financial losses.
While cyber insurance does not cover everything, it provides an important layer of protection for businesses in case of unexpected events such as data breaches or ransomware attacks. If you’re considering whether or not to get cyber insurance for your business, please keep these benefits in mind.
Additionally, it is important to have a plan in place for preventing incidents before they happen. Cyber insurance should not be seen as a silver bullet that will solve all your problems; rather, it is an important part of a comprehensive strategy for protecting your data and assets via cyber security in place.
Who Needs Cyber Insurance
Cyber insurance is a type of insurance that covers businesses that transact online. This means that small and medium-sized businesses (SMEs) are most at risk, as they are typically more reliant on the internet for their business operations.
Coverage includes cybercrime, data breaches and online liabilities. For example, ransomware can be covered if data is encrypted and held to ransom. Data recovery can also be included in coverage, should something go wrong with data storage or retrieval. Business interruption can be covered in the event that an online transaction cannot be completed as planned due to a cyberattack or power outage. Legal expenses can also be included in coverage, such as proceedings taken by law firms after a cyberattack has occurred.
One important note about cyber insurance is that it does not cover offline businesses or human error/negligence. It also does not cover war damage or loss of life caused by cyberattacks. However, this type of insurance is still valuable for protection against potential losses related to cybercrime and data breaches.
To Sum Things Up
Cyber insurance is a necessary investment for any business in today’s digital world. It is an important type of insurance for businesses to have in order to protect themselves against internet-based risks. There are many options available for business owners who want to purchase cyber insurance, and it is important to understand the coverage that a policy offers and the types of risks that it covers. Cyber attacks can cause a lot of damage and cost a lot of money, so it is important to have the right kind of insurance in place to help cover the costs associated with these incidents.