Cyber insurance: We’ve got you covered… sort of.

Insurance is a must to mitigate many business risks. Fire, flood, employee liability, and so on. One of the newer risks is cybercrime. Banks and other financial institutions make tempting targets for cybercriminals, who can walk away with millions, unnoticed until it’s too late.

Cyber insurance products form a bright spot in an otherwise dull insurance market. Managers are starting to recognise the risks, and take out policies, believing the company to be covered. However, it doesn’t always work the way they expected.

As one example, a US bank lost $2.4 million to cybercrime in two incidents (May 2016 and January 2017), and its insurer paid out – but only a mere $50,000.

The hackers had used phishing techniques to plant malware in the bank’s servers, stolen user names and passwords, and then stolen (on two separate occasions) over $2 million through fraudulent ATM transactions. The insurance company classified both incidents as a single event, and covered by
the debit card rider (maximum claim $50k, with excess of $25,000), rather than the cybercrime loss liability of $8 million with a $125,000 excess, since the cybercrime rider specifically excluded any card or ATM related losses.

It is not only the direct losses which cost money. For example, Houston City Council in Texas has recently taken out a cybercrime policy, taking other consequential costs into consideration. This policy will cover not only the costs of recovering lost data, but also the cost of a crisis response, including
investigations, and the cost of legal claims which may arise as the result of such cyberattacks with a total maximum pay out of $30 million. Such a comprehensive policy should make it easier for the organisation to survive a cyberattack.

When insurance is not enough

Of course, the best plan is not to rely solely on the insurance, but to formulate a Cyber Incident Response Plan (CIRP) which will (a) make it more difficult for the cybercriminals to attack successfully, and (b) if a malicious threat actor does slip through your defences, your organisation can respond effectively
and promptly with minimum impact.

Partnering with specialists such as First Response not only allows you to create your CIRP and to define recovery procedures and set roles and responsibilities, but also to maintain full compliance with GDPR – and in the event that a breach does occur, your personal Incident Response specialist will be available to advise and help, by determining how the breach occurred, what, if any data has been stolen and what needs to be done to repair and prevent any kind of reoccurrence.

And who knows, it may even reduce your insurance premiums.