Cyber Liability Insurance (CLI).
• What is it?
• Why is it relevant?
• How could it help me?
All three are very good questions and all deserve an answer. This article will cut down the trees and allow us to see the wood, hopefully.
Let us begin by analysing the nuts and bolts of the problem. When people (and unfortunately some Insurance Brokers) think about hazards and perils they tend to think about solid, tangible risks. Is my office built next to a river? Is my house made from cardboard? Should I buy that piece of land adjacent to the active volcano? The risks associated with these examples are obvious; you can actually picture in your head your office flooding, your house blowing away or your investment melting.
Unfortunately, not all levels of risk are as easy to categorise and hidden risks can often be equally as terminal. Ask yourself a simple question, do you value your knowledge, data and privacy and perhaps more importantly that of your clients as highly as you value your computer or the walls that house your business? Put simply, your computer is just an expensive box. It is used to store information just like a filing cabinet. It is the information within the box that gives it its true value.
This is where CLI comes into its own. The biggest difference between cyber crime and physical crime is that it is indiscriminate. When a burglar decides he needs property to sell, he selects a target, breaks in and steals. He has a goal. When a hacker decides to steal, he writes or purchases the virus, selects thousands of targets at once, steals everything he can get his hands on regardless of value and assess’ his gains afterwards. It is a scatter gun approach to theft. This is why it is so dangerous, you can be targeted at any moment from anywhere in the world. It isn’t personal. You may not think that your business could come under attack, what could they gain? Well this is exactly the point, the attackers don’t care. They can sell your address book and client list for a few pounds. Steal thousands of address books and you earn thousands of pounds, it is purely economics. The difference is, while they earn a few pounds from your information, the potential loss to your business could be catastrophic. Once sold, yours and your clients’ information is on the open market, viewable to anyone that wants to find it.
Why do you do what you do? There is the potential for your life’s work to be out there, getting picked over by absolutely anybody. It is a risky business that with the correct planning can be avoided.
The great thing about CLI is that it has a few tricks up its sleeve. As with many policies it covers you for all kind of eventualities. We have discussed the pitfalls of cyber attacks and although very real and common they do sound rather dramatic.
Now, armed with this knowledge, let us take a look at the fiscal implications.
The Ponemon Institute conducted in-depth interviews late in 2011 with 49 U.S. companies in 14 industries that had experienced the loss or theft of customers' personal data. I present some of the key findings:
• The average total cost of a data breach: $5.5 million.
• Lost revenue per breach: $3 million
• Post-data breach costs: $1.5 million (everything from help desk, remediation, customer discounts and more)
The per-record figures - which are based on fairly large quantities (typically 100,000+ records) - can give IT managers at least some sense of the cost associated with data breaches, scaled to the size of the enterprise and the number of threats typically faced.
NetDiligence published a study of 137 events between 2009 and 2011 that resulted in insurance companies making payouts on cyber liability claims. Average payouts:
• Legal settlement per event: $2,100,000
• Legal defence per breach $582,000
• Total average insurance payout costs per event: $3.7 million
I have used these American examples for a reason; cyber liability is not a new phenomenon on the other side of the pond. The risk of attack is growing in the UK and I don’t think it will be long before we start to see a correlation between UK and US losses. You purchase a policy to protect yourself in the present and in the future so there is no point in sugar coating the potential financial loss.
On the subject of money, I bet you are wondering how much it would cost to get covered. Well, like all policies you get what you pay for. But at Hallsdale we have access to some truly fantastic products, offering comprehensive cover to all levels of business. We can tailor a policy to your needs. Ok, what have we learned? There is a tangible threat. You could get attacked. You could lose considerable amounts of business.
CLI covers other eventualities too!
• Left your laptop on the train?
• Hard drive corrupted?
• Defamation on your website or in your email?
• PR Repair?
All of the above are covered. It is a very well rounded form of insurance and could benefit your business in more ways than you know.
Our opinion? The risk is there and unfortunately it is growing. It is worth adding a CLI policy to your portfolio, you never know when you are going to need it and it could save you an awful lot of time and money in the long run.