Cyber Risk Insurance covers the losses relating to damage or loss of information from systems and networks. Such policies include significant assistance including management of the incident itself. When one gets such a policy, it is essential to understand if the policy covers only first-party risk or also third-party risks.

First-party insurance covers the assets of the business which includes:

  • Loss or damage to data or software programs which are the digital assets of an organization.
  • Network downtime causing severe business interruption.
  • Cyber exhortation: In such a scenario, a third party threatens to damage or release data if they are not given a ransom amount.
  • Customer notification expenses: In case when the customer personal data is compromised there is a legal or regulatory requirement to notify them about the privacy breach.
  • Reputational damage: Breach of data results in loss of intellectual property or customers which cause reputational damage to the organization.
  • Theft of money or digital assets: The theft in such a scenario can be of equipment or electronic theft.

Some insurance policy also gives cover against third party related crimes. Such a Cyber Risk Insurance policy covers:

  • Security and privacy breaches, and the investigation, defense costs and civil damages associated with the third-party.
  • Multi-media liability: It covers investigation costs, defense costs, and civil damages. Such cost and damages arise from defamation, breach of privacy. Negligence in the publication of information in electronic or print media is also covered in this.
  • Loss of third party data:
  • This includes payment of compensation to customers for denial of access
  • Failure of software or systems

Case: 1

Razmo Industries was in manufacturing and shipping business for many years. It had established a name for itself and was successful in acquiring new customers day by day. Since majority of the sales took place online, the company had a large database of the customer information including their personal information and credit card numbers.

One day, the IT team noticed that the company’s system had been compromised as hackers had got access to customer data by hacking the server. The account breach took place which included the names, email addresses, national ID numbers, and financial account information of 35,000 customers.

The company had acquired the Cyber risk insurance policy from a well-known insurance company. Ramzo industries informed the Insurance Company’s Hotline. An incident response manager was assigned for the situation.

After analyzing the insurance policy, the response manager helped the Ramzo industries to claim the following, according to its cyber risk insurance policy.

  • Privacy Liability: Breach of personal and corporate information.

The policy helped in claiming an amount of rupees 5,00,000 for defense and settlement cost for claims of individuals whose identity had been stolen.

  • Network Security Liability: Failure to protect Ramzo industries network from malware, hacking, unauthorized access.

Following were the costs which the policy claim settled:

  • Investigation costs: 60,000 rupees
  • Notification to affected individuals: 20,000 rupees
  • Identity theft monitoring services to affected customers: 25,000 rupees
  • Setting up a call center for inquiries: 25,000 rupees
  • Legal consultation fees: 28,000 rupees
  • Incident response manager fees: 15,000 rupees

Case:2

Suresh, an employee for a digital consultancy company was working in a digital marketing department. He used to handle the social media and other platforms of the company.

The company had outsourced many services from different service providers. One such service outsourced, was not up to the standards as the analysis and tracking of customers became difficult due to the poor service.

One day, Suresh, in his utter frustration sent an email to his boss which contained negative comments regarding a service provider. His boss forwarded the email to others within the organization and eventually the email was sent externally.

The email was seen by the service provider as the majority of the negative comments become viral. The service provider filed a defamation lawsuit for harming its reputation against the company.

The Cyber Crime Insurance Policy protected the digital consultancy company as follows:

Since it was a case of media liability due to defamation of the service provider, the defense and settlement costs for claims from service provider was 5,00,000 rupees.

Other costs which were settled by the Cyber Crime Insurance Policy were:

  • Crisis communication services
  • Public relations expert fees to minimize reputational impact

[cta id=”984″ vid=”3″]