Cyber Liability – Am I covered under my traditional Office or Commercial Combined policy?

 

Traditional Office or Commercial Combined policies are there to provide businesses with cover for Material Damage losses to the building and the machinery, stock, fixtures and fittings within your office (including furniture, plant, fixed IT equipment etc.) and portable gadgets and technical equipment away from the office (including laptops, tablets, projectors etc.).

 

These policies provide a certain level of cover for computer related claims following a material damage incident, such as accidental damage, breakdown/failure of computer equipment, loss/damage to computer records hardware, loss of data and reinstatement of data. It includes all fixed electronic business equipment in your office such as PCs, printers, servers, software and phones and also for the electronic and specialist business equipment you regularly take out and about such as laptops, digital cameras, mobile phones, tablets and projectors.

 

However, while existing insurance policies such as Office, Combined, Business Interruption or Professional Indemnity may provide some elements of cover against computer related risks, they will not provide cover for the likes of computer virus damage, fraud, hackers, stolen data, reputational damage and intellectual property theft. Cyber Liability Insurance policies are there to supplement your existing insurance arrangements, particularly if you:

  • hold sensitive customer details such as names and addresses or banking information
  • rely heavily on IT systems and websites to conduct their business
  • process payment card information as a matter of course

 

Here are a few reasons why cyber risk exposures aren’t covered by other policies:

 

  • Data isn’t considered to be tangible property so it’s excluded under an Office /Combined policy
  • A computer virus or malware or DDoS (Distributed Denial of Service) attack resulting in lost business income wouldn’t be insurable under a traditional business interruption section of the Office or Combined policy because it doesn’t qualify as a direct physical loss
  • Extortion expenses, incident response expenses, regulatory proceeding expenses are also not covered under any traditional liability section of the Office or Combined policy
  • Commercial general liability also excludes damages arising out of the loss or corruption of electronic data

 

Cyber damage can be physical and virtual, first party (yours) and third party (your clients’). Here’s what can go wrong….

 

Virus transmission: Your business could be liable if a malicious program originates from you and damages a client or a third party’s systems

Intellectual property theft: Your secret, valuable design for that new product/building/brand, for example, are fair game to Johnny Hacker – and available to the highest bidder

Reputation damage: Social media can turn a minor customer complaint into a major PR disaster quicker than you can say ‘Twitter storm’

Libel and slander: Email means communicating at the push of a button. Which potentially means pushing the wrong button and sending the wrong email to the wrong person.

Data breach: It doesn’t always have to be the loss of customers’ financial data that causes the biggest problems. It could be employee details or commercially sensitive information. There’s third party liability here in addition to your costs of finding out what went wrong and fixing it

Business interruption: Hardware breaking down, software that refuses to work or firefighting a hacker attack can easily put a stop to your day to day operations. That means lost revenue.

 

Generally Cyber Risks fall into first party and third party risks and Cyber Liability Insurance products exist to cover either or both of these types of risk.

 

First-party insurance covers your business’s own assets. This may include:

  • Loss or damage to digital assets such as data or software programs
  • Business interruption from network downtime
  • Cyber exhortation where third parties threaten to damage or release data if money is not paid to them
  • Customer notification expenses when there is a legal or regulatory requirement to notify them of a security or privacy breach
  • Reputational damage arising from a breach of data that results in loss of intellectual property or customers
  • Theft of money or digital assets through theft of equipment or electronic theft

 

Third-party insurance covers the assets of others, typically your customers. This may include:

 

  • Security and privacy breaches, and the investigation, defense costs and civil damages associated with them
  • Multi-media liability, to cover investigation, defense costs and civil damages arising from defamation, breach of privacy or negligence in publication in electronic or print media
  • Loss of third party data, including payment of compensation to customers for denial of access, and failure of software or systems

Remember:  A traditional Office or Commercial Combined policy will not provide your business with cover against computer virus damage, fraud, hackers, stolen data and intellectual property theft. This is where a Cyber Liability Policy can assist.