Protect your business against the unknown costs of a data breach

Imagine for a moment that your company has come under attack by a skilled hacker. The hacker has accessed your customers’ names and contact information - and worse - your employees’ social security numbers. Additionally, the hackers have disabled your website, leaving you unable to take orders or collect the payments you need to stay in business.

Data breaches are now a fact of life, but how can businesses better manage the risks related to a data breach and reduce the significant cost that can result from them?

Cyber Liability Insurance cover has been most successfully used as a risk transfer option in those countries that have mandatory data breach notification laws. The best example of this is the United States, where 46 of the 50 states have mandatory requirements for data breach notification.

In the UK, the new General Data Protection Regulations (‘GDPR ‘) will impose significant obligations on companies that handle individuals’ personal data and the regulations will impact upon SME businesses and larger organisations alike. Whilst the GDPR do not come into force until mid-2018, companies need to start preparing for the changes now if they want to be ready to meet their new obligations and avoid heavy penalties in the event of a breach.

The Regulations will include mandatory notification of data breaches (as in the United States), and we anticipate will be the main driver for the purchase of Cyber Liability Insurance cover as the costs of notifying affected users can be extremely high.

As the expense of dealing with a breach gets higher - and the cost of dealing with mandatory notification is added - the option of using this particular insurance cover will be an attractive proposition for many businesses, in much the same way that existing business insurance policies for fire, flood and theft are a vital itinerary in the risk management toolkit.

So, what is cyber liability insurance cover?

The term ‘cyber liability insurance cover’ is often used to describe a range of covers - in very much the same way that the word ‘cyber’ is used to describe a broad range of information technology related tools, processes and services.

Currently, cyber liability insurance cover can include:

  • Crisis Response: Initial response by a cyber emergency response team including initial assessment of the risk and provision of advice on immediate action to take.
  • Incident Management Notification: Expert advice to ensure that you comply with the notification requirements under Data Security Law.
  • Defence: Legal forensic investigation and expert IT advice in connection with the defence of a claim against you for liability arising from the data breach.
  • Public relations: Expert PR advice and assistance in issuing initial press releases where required following the data breach.

Investigation & Restoration

  • Investigation: Legal forensic investigation and expert IT advice in connection with and as a result of a regulatory investigation of you arising due to the data breach.
  • Restoration: The restoring of email systems, online services and other IT software systems to the state they were in prior to the breach.

Awards, Fines & Credit Monitoring

  • Awards & Damages: Payments for damages and related costs awarded against you following a claim, once a regulatory investigation has found you legally liable.
  • Fines & Penalties: Payment for any fine, financial penalty or punitive award which has been issued by a statutory body, following a breach, as a direct result of your failure to comply with Data Security Law.
  • Credit Monitoring: Payment for the cost you incur with Equifax Credit Service for the provision of credit alert services to Data Subjects for a period of 12 months immediately following the breach.

Some of the elements of a cyber liability cover may be interconnected or overlap with cover from existing products, including those for business continuity, third-party supply chain issues and professional indemnity. Even if this overlap does exist, a decent cyber liability policy will ensure cyber risks are fully catered for.

How much will a Cyber Liability Policy cost me?

Mitchell Charlesworth Insurance Solutions can offer a Cyber Liability Insurance policy from as little as £113.44 per annum, dependant on the turnover of your business.

Please speak to Richard Gorst or Carrie Arnold for further advice.

Registered to carry on audit work in the UK and Ireland by the Institute of Chartered Accountants in England and Wales and authorised and regulated by the Financial Conduct Authority for investment business