When we deal with clients on marine exports and imports, we know we are dealing with a very old insurance product stemming back to the 16th century, when countries were trading in goods like ivory & spices. Even these types of policies are still governed by the Marine Insurance Act 1909. Yet, whilst the exposures of marine losses are largely the same as they have been for over 100 years, new risks are emerging that threaten most businesses of today, and the newest risk of today is cyber crime.
In early March 2014, a number of amendments to the Privacy Act 1988 came in to effect, designed to toughen the Act and significantly increase the obligations on organisations that collect or deal with personal information. This comes as a response to the growing global trend that is cyber crime. Consider your own business and its reliance on computer software, electronic data storage, internet sales processing, website & social media operations as well as email correspondence. Then consider the impact of a cyber crime event such as server hacking, corruption or theft of important data and information, manipulation or ransom of stolen data or corrupted servers. How would your business respond?
Risks of old still revolve around fire, explosion, storm, physical theft and malicious damage. Insurance cover for these risks is readily available, but risks associated with cyber crime, despite it being around since mainstream computers were relied upon by business, has not had insurance readily available, until now. There are a number of extensions of cover under a Cyber Liability policy, and depending on the specific policy, these can include:
- Forensic investigation costs following a suspected data breach
- Costs for notifying individuals potentially affected by a suspected data breach
- Credit monitoring services for individuals who are affected by a data breach
- Costs to restore data, services and programs after a hacking event
- Payment for ransom monies following extortion and ransom demands
- Business Interruption – cover for lost revenue and downtime as a result of a hacking event or data breach
- Protection for civil penalties and compensatory awards levied by regulators
- Liability arising from online multimedia content, transmission of viruses etc.
Notification and monitoring costs can be up to $180 per record – i.e, a database of 1,000 people that requires notification and monitoring services due to hacking can cost you up to $180,000. Add to this forensic investigation costs (typically $50,000 – $100,000), civil fines and penalties – and this can quickly become a business crippling event!
The amendments to the Privacy Act, including mandatory notification laws for data breaches, means that businesses are not only exposed to the hacking event and downtime, but also to regulators and the significant costs associated with rectification, notification and monitoring services after a hacking event.
Every business that deals with customer information, or has an online presence, or uses email services will have various cyber risk exposures – an effective risk management program ought to at least consider incorporating a Cyber Liability insurance policy to protect against some of these exposures.