A cyber insurance policy also known as the cyber liability insurance or cyber risk insurance coverage helps organisations to mitigate risk by offsetting costs involved with recovery after a cyber-related security breach or similar event takes place.
Most sophisticated organisations can deploy the best cybersecurity protocols in place and still cannot guarantee 100% security. However, businesses can ensure this protection with a cyber insurance policy. The rise in cyber-crimes indicates that businesses are seeking a need for cyber insurance.
But what does this policy cover? Cyber insurance includes expenses related to first-party damage as well as claims made by third parties in the following scenarios:
Data breach and privacy management:
The insurance company covers the costs associated with the management of an incident related to cyber-crime. The covered expenses here include the cost of:
- Data subject notification
- Call management
- Credit checking for data subjects
- Legal costs
- Court attendance and regulatory fines
Multimedia and media liability cover:
This insurance covers the third-party damages including specific defacement of website and intellectual property rights infringement.
Extortion liability cover:
The cyber insurance policy also covers the losses due to a threat of extortion and the professional fees related to dealing with the extortion.
Network security liability:
This may include the third-party damages as a result of the denial of access, costs related to the theft of data on third-party systems etc.
In some cases, some of the cyber liability covers may overlap with other policies like professional indemnity, but a decent cyber insurance policy always ensures that the cyber risks are adequately catered for.
Akshay was an employee of a Kolkata based firm selling products online. Their online portfolio mainly included clothing and apparel for men and women. Akshay who was not being sincere in his work was issued numerous warnings from his seniors earlier. In spite of getting warnings, Akshay neglected work and continued with his casual approach.
The management finally decided to take firm actions against Akshay’s behaviour and terminate him by giving a notice period of seven days. Upon learning that he will be discontinued after the notice period, in response, Akshay stole the names, addresses, social security numbers and other personal information from customer files from the database.
Continuing with his bad ethical behaviour, he, in turn, sold the information to his friend. His fraudulent friend used all the information to obtain credit cards.
The whole situation came to light when the affected individuals whose personal information was being used to obtain fake credit cards filed suit against the company. The online company received several notices from their customers for identity theft.
As soon as the matter of filed suits against the online company for identity theft raised, the senior management contacted the insurance providers from whom they had taken the cyber insurance policy. The insurance company investigated the matter and concluded that it was indeed a matter of cybercrime.
The insurance company spent 1,75,000 rupees for performing forensics, engaging counsel for compliance assessment and providing notiﬁcation and call centre services to its customers. It also spent 50,000 rupees reimbursing a variety of banks for costs associated with card cancellations and re-issuance charges.