As our network and system infrastructures get more complex, so are the ways hackers infiltrate them. That explains the rising need for cybersecurity as the number of hacking cases is escalating at an alarming rate. The 2014 report from the Centre for Strategic and International Studies documented that cybercrime costs Singapore a hefty S$1.25 billion yearly.
So, what can we do to recoup the losses after an attack? This is where cyber insurance comes into the picture. A cyber insurance policy is as essential to companies as life insurance policy is to individuals. It protects businesses and users from Internet-based risks and risks related to information technology infrastructure and activities. Risks of such nature aren’t included in traditional commercial liability policies.
Traditional Commercial Liability Policies
Traditional commercial liability policies only provide commercial liability coverage and property coverage — the former protects a company from third-party losses, while the latter protects companies from first-party losses. Furthermore, cyber loss is not considered as a triggering event under such policies, thus it is either specifically excluded or capped at a very low limit.
Cyber Insurance Policies
Also known as cyber liability insurance coverage, cyber insurance is developed to help companies mitigate cyber risk exposure and offset costs incurred after a cyber related security breach.
Cyber insurance typically covers expenses related to both first parties and claims by third parties. Below is a list of common reimbursement expenses:
- Investigations that are necessary to find out the cause of the cyber breach, manage damages and prevent the same type of breach from recurring. Such investigations may involve third-party security firms and law enforcement agencies.
- Some cyber insurance policies cover human errors due to negligence, as well as monetary losses caused by network downtime, business interruption, and data loss recovery. Costs involved in managing a crisis that may involve repairing reputation damage are also claimable.
- Privacy and notification is another area cyber insurance insurers handle. This includes required data breach notifications to customers and affected parties that are mandated by law. Credit monitoring for customers whose information was or have been breached is also included.
- Legal expenses associated with the release or leak of confidential information and intellectual property, legal settlements and regulatory fines will also be taken care of by the insurer. This includes costs of cyber extortion. A common type of cyber extortion is ransomware.
Need for Cyber Insurance Policies
Companies especially SMEs may not be able to afford costs incurred to resolve a cyber loss should its risk management strategy fails to address a cyber breach. Such loss can potentially lead to bankruptcy. It is, therefore, critical for companies to transfer cyber risks to an insurance company or insurer that offers cyber insurance policies.
The premium of cyber insurance policies differs based on coverage. Generally, the premium for consumer cyber insurance policy starts at approximately S$150 per headcount, with a coverage of S$25,000 for each claim, or cap at S$50,000 per annum. For a commercial cyber insurance policy, the premium starts at S$1,000 per annum and the claim limit falls between S$250,000 and S$2 million.
As traditional commercial liability policies do not address privacy breaches and cyber crimes, it pays to seek help from cyber insurance insurers to help mitigate and recoup losses caused by cyber crimes or attacks. Companies, especially SMEs, should work with an appointed insurer for added protection from such unforeseen attacks.
About the Author
I am an Internet, Security, and Data Center Industry veteran and executive who has worked for several Internet startups to Fortune 150 in many different capacities from technical to business level roles.
Unless otherwise noted, opinions expressed are solely my own and do not express the views or opinions of my employer.
This is an article I contributed on Singapore Business Review (published 27 Oct 2017)