Cybersecurity have slowly made its way to become an important part of any business. Recent scandals, with security breaches in governments and large firms have put on the spotlight the need to invest in this area as sensible data keep stored in digital databases. This investment should not only goes towards leveraging new ways of security, but also setting up insurances to cover what can be stolen.
A new study, carried out by Mactavish, a UK’s insurance governance, says there has been a surge in businesses buying specialist cyber insurance, but it warns the immaturity of this market means there are significant flaws in the majority of these policies.
The company, which advises organisations of all sizes on their insurance requirements, and which has worked with a quarter companies in the FTSE 100, has recently launched a new Cyber Risk Consulting Practice. This helps clients to understand their exposure to cyber risks, and to source appropriate insurance cover for these. It has recently reviewed dozens of ‘off-the-shelf’ cyber insurance policies and identified seven significant common flaws:
- Cover can be limited to events triggered by attacks or unauthorised activity – excluding cover for issues caused by accidental errors or omissions
- Data breach costs can be limited – e.g. covering only costs that the business is strictly legally required to incur (as opposed to much greater costs which would be incurred in practice)
- Systems interruption cover can be limited to only the brief period of actual network interruption, providing no cover for the more significant knock-on revenue impact in the period after IT systems are restored but the business is still disrupted
- Cover for systems delivered by outsourced service providers (many businesses’ most significant exposure) varies significantly and is often limited or excluded
- Exclusions for software in development or systems being rolled out are common and can be unclear or in the worst cases exclude events relating to any recently updated systems
- Where contractors cause issues (e.g. a data breach) but the business is legally responsible, policies will sometimes not respond
- Notification requirements are often complex and onerous
Bruce Hepburn, CEO of Mactavish said: “There are a number of new cyber insurance policies being launched, but despite a sharp increase in cyber incidents this market is very immature and in many respects untested. Perhaps some of these policies have been rushed to market by insurers eager to capitalise on the growing cyber risks facing organisations, and their desire to spend significant amounts of money to protect themselves against this.
“Very few claims have been made on these new cyber insurance policies, but my bet is that many will be disputed, or settlements will be much lower than clients expected. However, this can be avoided if organisations first understand the cyber risks they face, and then secure a bespoke policy to meet their needs.”
Hernaldo Turrillo is a writer and author specialised in innovation, AI, DLT, SMEs, trading, investing and new trends in technology and business. He has been working for ztudium group since 2017. He is the editor of openbusinesscouncil.org, tradersdna.com, hedgethink.com, and writes regularly for intelligenthq.com, socialmediacouncil.eu. Hernaldo was born in Spain and finally settled in London, United Kingdom, after a few years of personal growth. Hernaldo finished his Journalism bachelor degree in the University of Seville, Spain, and began working as reporter in the newspaper, Europa Sur, writing about Politics and Society. He also worked as community manager and marketing advisor in Los Barrios, Spain. Innovation, technology, politics and economy are his main interests, with special focus on new trends and ethical projects. He enjoys finding himself getting lost in words, explaining what he understands from the world and helping others. Besides a journalist, he is also a thinker and proactive in digital transformation strategies. Knowledge and ideas have no limits.