What are the different types of losses covered by cyber risk insurance?
Cyber risk insurance covers losses relating to damage or loss of information from an establishment’s systems and networks. These policies include all kinds of assistance in managing such incidents. So, it is essential to understand if the policy covers only first-party risks or those associated with the third-party too.
Cover for first-party assets
The policy covers for damage of the digital assets of an organization — data or software programmes. It also includes losses due to network downtime causing a severe business interruption.
Some of the other incidents are a third-party threatening damage or release of data if a ransom is not paid. It also covers expenses for notifying customers if personal data is compromised. This is a legal or regulatory requirement.
Moreover, the policy covers data breach and loss of intellectual property causing loss of reputation. It also covers theft of money via online modes and loss of digital assets or equipment.
Cover against third-party crimes
Cyber risk insurance covers security and privacy breach. This includes costs related to the investigation and legal procedures to handle civil damages associated with the third party.
It also covers multi-media liability like expenses and damages related to defamation and breach of privacy. The other incidents include negligence in the publication of information in electronic or print media and loss of third-party data. Finally, it pays for payment of compensation to customers for denial of access to data and failure of software or systems.
Case Study – I
Razmo Industries is in the manufacturing and shipping business for years. It has made a name for itself and successfully acquired customers.
A majority of the company’s sales takes place online. Therefore, the company has a large database of customer information, personal details and credit card numbers.
Unfortunately, the company falls prey to a hacking attack and loses customer data like names, email addresses and national ID numbers. The attack compromises the financial account information of 35,000 customers.
Razmo Industries then alerts the cyber risk insurance policy insurer. The incident response manager analyses the policy and helps the company make the right claims.
Privacy Liability: Breach of personal and corporate information
The cyber risk insurance policy helps the company claim Rs 5,00,000 as defence and settlement cost. This is meant to compensate individuals whose personal information has been compromised.
Network Security Liability
This claim is related to the failure to protect the company’s network from malware, hacking and unauthorised access.
The policy provides Rs 60,000 cover as investigation cost and Rs 20,000 for sending notifications to affected individuals. It also allocates an additional Rs 25,000 as a claim for services to monitor identity theft and Rs 25,000 for setting up a call centre for inquiries. The policy also gives Rs 28,000 as a legal consultation fee and Rs 15,000 as the fee for hiring an incident response manager.
Case Study – II
A digital consultancy social media executive, Suresh, writes to his boss about a service provider’s poor services. He says the issue was hampering analysis and tracking of customers.
Suresh’s boss then forwards the email to other departments and also shares the communication on twitter. The message goes viral and over 10,000 persons respond.
The service provider learns about this tweet and files a defamation suit claiming harm to its reputation. The company’s cyber-crime insurance policy insurer provides Rs 5,00,000 as cover for compensating the complainant.
This policy also provides an additional amount for crisis communication services. It also covers the fee paid to the public relations expert for protecting the company’s reputation.