Skip to main content

A history of cyber insurance

28 June 2021

It seems that hardly a week goes by without some report of a cyber-attack or breach being reported in the media. These are usually only the high profile cases that we hear of too.

  • Did you know four in ten businesses (39%) reported having cyber security breaches or attacks in the last twelve months?1 
  • And this figure is higher at 65% among medium-sized businesses (50 to 249 employees). 
  • And 64% amongst large-sized business (250 employees or more).1

Businesses are facing threats such as extortion, electronic compromise or social engineering attacks to name but a few. And a huge 89% of businesses are potentially unprotected against cyber-attacks.2

Robert Morris, Account Director at Marsh Commercial, explores the history of cyber insurance. He also provides expert insight into whether your current cover may be leaving your business exposed.

History of cyber insurance

Is cyber insurance covered under your general insurance policy?

When a cyber event occurs, businesses without a bespoke policy may seek to determine whether any of their traditional insurance policies offer coverage.

Many traditional insurance policies have attempted to address cyber risks, including:

  • property; 
  • liability; 
  • professional indemnity; 
  • directors and officers; 
  • and traditional crime policies. 

Various “cyber bolt-on” covers have been added to these policies as well. This, along with the lack of any specific cyber exclusion clauses has raised false expectations that some coverage may apply.

However, often traditional policies will not specifically refer to cyber and insurers could theoretically refuse to pay claims for cyber losses in certain circumstances. If you have not already done so, 2021 should be the year that you seriously consider investing in a specialist standalone cyber insurance policy. If you’re worried about your current cyber liability insurance coverage contact your insurance broker.

What does specialist cyber security insurance cover?

Today, there are many insurance companies offering bespoke cyber insurance policies. The coverage under the policies does of course vary per provider but in general terms the policies are there to protect businesses against the:

  • loss; 
  • theft; 
  • destruction of a company’s digital assets; 
  • or funds. 

The main 1st party cyber covers provided under a policy are:

  1. Incident response. 
    This will generally cover all costs involved in responding to a cyber incident, including IT security and forensic specialist support. It also includes legal advice related to data security breaches and the costs associated with notifying individuals whose data has been stolen.
  2. Cyber extortion. 
    This covers costs incurred in responding to fraudsters who attempt to extort money by threatening a cyber-attack or by threatening to expose or destroy data after compromising the firm's network. This can also include ransomware, where the firm's data has been encrypted and can only be accessed again by paying a ransom demand to the attacker.
  3. System damage.
    This covers the costs for data and applications to be repaired and restored in the event that a computer system is damaged as a result of a cyber event.
  4. System business interruption.
    This cover aims to reimburse lost income and increased costs incurred due to interruptions in a business's operations as a result of an attack. It is similar to a traditional business interruption insurance policy. However, with the trigger being a non-physical event..
  5. Financial loss.
    Refers to attacks that involve theft of funds from a firm such as social engineering, false invoices, electronic compromise and also extortion as per above.
  6. Network security and privacy liability. 
    being traditional 3rd party covers for transmission of a virus to a client’s systems or failing to prevent an individual’s data from being breached.

Help to protect your business from cyber crime

Cyber insurance cannot and should not be seen as a replacement for a properly developed cyber security program. While a cyber liability insurance policy will serve you best in dealing with the many cyber exposures that exist today and in the future. It should complement your own cyber security efforts. Consider:

1. Cyber security training

Run phishing email campaigns to help employees recognise phishing attacks. 

2. Multi-factor authentication 

Any remote connection to the network or business applications, require a password as well as a second factor – typically a security code. This makes it more difficult for attackers to gain unauthorised access. 

3. Lock down remote desktop ports (RDPs) 

Close down RDPs, or if that’s not possible, enable multi-factor authentication on the port. Change the RDP from the default port and use a strong password.

Identifying flaws before an attacker can find them is critical. Remember, if you’re unsure about the level of cyber cover in your current insurance programme, contact your insurance broker. If you wish to discuss any of the points raised in this article, be sure to contact Robert.

 

Sources

 1. gov.uk/cyber-security-breaches-survey-2021

 2. abi.org.uk/cyber-insurance-payout-rates-at-99-but-uptake-still-far-too-low

 3. marsh.com/silent-cyber-how-you-can-cover-perils

Robert Morris

Robert Morris ACII is an Account Director in Edinburgh who specialises in the placement and servicing of Cyber insurance cover for professional practices.

Read more by Robert Morris

Real-world insight that we don't share anywhere else

Get access to exclusive help, advice and support, delivered straight to your inbox.

Try it

For people and businesses like you

Sign up to our newsletter for updates to your inbox

What are you looking for?

© Marsh Ltd t/a Marsh Commercial and Marsh Private Clients