A cyber insurance policy helps organisations to mitigate the risks related to a cybersecurity breach.
This policy offsets costs involved in recovering from a malware attack or a similar event.
Organisations can’t guarantee 100% security even after deploying the best cybersecurity protocols. Therefore, businesses should buy a cyber insurance policy. The rise in cyber-crimes also indicates that organisations increasingly need this cover.
But what does this policy cover?
A cyber insurance policy covers expenses related to first-party damages. It also provides coverage for third-party claims in the following scenarios:
Data breach and privacy management
The cyber insurance policy covers expenses related to the investigation, data subject notification and call management. It also takes care of remediation costs, credit checking for data subjects along with legal costs, and court attendance and regulatory fines.
Multimedia and media liability cover
This insurance covers third-party damages like the defacement of a website. It also takes care of intellectual property rights infringement.
Extortion liability cover
The cyber insurance policy covers losses due to the threat of extortion and professional fees incurred for dealing with the issue.
Network security liability
This may include third-party damages due to denial of access and theft of data.
In some cases, cyber liability covers may overlap with other policies like professional indemnity. However, a decent cyber insurance policy always ensures that cyber risks are adequately covered.
A Kolkata-based e-commerce firm got into trouble when a rogue employee misused confidential information of customers. Akshay, who had been issued a notice for termination, first stole names, addresses, social security numbers and other personal information of customers.
He then sold the information to his friend who in turn used it to obtain credit cards.
The company came to know of the theft when affected individuals filed a suit against the company. It also received several notices for identity theft.
The company management then contacted the cyber insurance providers. Investigations revealed that it was indeed a case of cybercrime.
The insurer paid the company Rs 1,75,000 as forensic expenses, the cost for engaging counsel for compliance assessment, and providing notiﬁcation and call center services to customers. It also covered Rs 50,000 spent for reimbursing banks for card cancellations and re-issuance.