Data security breaches, not “if it will happen” but “when it will happen”

Data security breaches, not “if it will happen” but “when it will happen”

The Information Age Is Changing Business Models And Insurance Needs

When it comes to a data security breach or privacy loss, it isn’t a matter of if it will happen as when it will happen. So when it does happen, you’ll need comprehensive protection from an insurer that specialises in handling cyber risks, offers a full suite of integrated insurance solutions to help minimise gaps in coverage, and understands how to tailor coverage to your business

The information age allows us to collect more data, store more data and extract information around the globe 24/7. This access to private and sometimes sensitive information can significantly increase a company’s vulnerability to cyber security threats – any of which can result in significant out-of-pocket and reputational costs that can devastate the bottom line.

How prepared is your organisation for:

  • Costs related to forensic investigations, and disaster recovery related to theft on non public privacy information or personal records?
  • An e-business interruption including expenses that result from a security failure or internet virus?
  • A cyber extortion threat?
  • Costs related to privacy notification, crisis management costs, credit monitoring?
  • A lawsuit stemming from a security failure or alleged technology error or omission that results in damages to customers?
  • A regulatory proceeding seeking fines or penalties as a result of actual or potential unauthorised access to private information?

The Costs Of Data Security Breaches Can Be Significant

  • The estimated annual cost of cyber attacks to the global economy is more than $400 billion.
  • The average cost per compromised record in 2014 was $154 (up to 59% of this amount can relate to direct costs associated with hiring forensic and legal experts, notification costs, credit monitoring and public relations).
  • Cyber attacks affected 5 million Australians at an estimated cost of $1.06 billion.
  • The average cost of a data breach to an organisation in 2014 was $3.79 million, a 23% increase from the previous year.
  • Having an incident response team, using encryption technologies, employee training and education all reduce the cost of a data breach.
  • Cyber attacks undermine confidence and damage and organisations its reputation leading to increased customer churn.

Gaps In Traditional Insurance

The World Wide Web has no boundaries and as business models evolve through the use of new technologies, so must traditional insurance programs and risk management practices. Businesses may be operating under the belief that their existing insurance policies are enough to cover their data security and privacy exposures. Unfortunately, this is not the case and traditional insurance policies may be inadequate to respond to the exposures organisations face today.

Consider these traditional policies:

General Liability policies typically trigger in response to Bodily Injury (BI) and Property Damage (PD) claims. A cyber attack usually will not involve either BI or PD. General Liability policies typically don’t offer any first-party costs.

Property / ISR policies typically respond to destruction or damage to tangible property resulting from a physical peril. The tangible loss then permits the business interruption and extra expense cover to respond. A cyber attack can cause no physical damage, yet the attack can shut down a business resulting in substantial expense costs and lost income.

Crime policies typically respond to direct loss from employee theft of tangible property and money or securities. Computer crime extensions usually exclude any third-party liability cover and don’t cover the loss of confidential information.

The Solution: CyberSecurity by Chubb

CyberSecurity by Chubb is a flexible insurance solution designed by cyber risk experts to address the full breadth of risks associated with doing business in today’s technology dependent world.

CyberSecurity by Chubb:

  • Combines third-party (cyber liability) and first-party (cyber expense) coverages into one policy.
  • Covers direct loss, consequential loss and legal liability resulting from cyber security breaches.
  • Is designed to easily integrate with your existing insurance program from Chubb and provides options for enhancing your cyber coverage based on your needs.

Coverage Highlights

Third-Party Cyber Liability Coverage For:

  • Privacy Liability, including suits by customers arising from system security failures that result in potential or actual unauthorised access to or dissemination of private information on the internet.
  • Content Liability, including suits arising from intellectual property infringement, trademark infringement and copyright infringement.
  • Reputational Liability, including suits alleging disparagement of products or services, libel, slander, defamation and invasion of privacy.
  • Conduit Liability, including suits arising from system security failures that result in harm to third-party systems.
  • Impaired Access Liability, including suits arising from a system security failure that results in your clients’ systems being unavailable to customers.
  • Privacy Regulatory Actions including defense cost, consumer redress funds and related Privacy Regulatory Fines.

First-Party Cyber Crime Expense For:

  • e-Business interruption, including first dollar Recovery Expenses.
  • e-Threat Loss, including the cost of a professional negotiator and ransom payment.
  • Privacy Notification Expenses, including the cost of credit monitoring services for affected customers.
  • Crisis Management Expenses, including the forensic experts costs and the cost of public relations consultants.
  • e-Vandalism Loss, even when the vandalism is caused by an employee.
  • Reward Expenses, including the cost of paying an informant.