Cyber Risk Insurance

Страхование киберрисков

What is it for

Предназначение киберриски

In today's dynamic risk landscape, marked by geopolitical volatility, the impact of global pandemic and other risks, awareness of cyber risk has surged, not only among cyber professionals but also across the C-suite. It is good practice to intensify scrutiny of company’s cyber control maturity which requires a comprehensive and articulate approach to cyber risk management.

Cyberattacks have widespread and often immediate impacts across an organization’s operations, assets, and revenue streams. As such, businesses require innovative solutions to transfer cyber risk and to accelerate recovery in the wake of an event.

Cybersecurity today is no longer simply a technology risk for the IT department to handle. A cyber breach can affect an immediate impact across an organization’s operations, assets, and revenue streams affect company’s ability to operate and cost millions. It can also have far-reaching consequences that affect company’s reputation and brand long after the breach itself is resolved.

Gardia takes an integrated, comprehensive approach to cyber risk management to help you manage people, capital and technology risks across your enterprise. Any plan that fails to consider each of these dimensions will likely fall short.

We launched one of the industry’s first cybersecurity insurance programs in Russia. Since then, we’ve been helping clients navigate this rapidly growing area of risk through detailed scoring and analytics, and insights gathered from years of experience.

With data now one of the most valuable (and vulnerable) assets an organization can hold, we help our clients understand the nuances of cyber threats, how those threats might evolve, and how to mitigate their risk of a security breach. If an attack occurs, we have solutions that protect against litigation, reputation loss, and remediation.

Предназначение киберриски
What is Cyber Insurance?

As a company’s digital presence expands — and as cyber criminals become more advanced — the cyber risks a business faces grow and become more sophisticated. Cyber insurance is critical to an organization’s overall cyber risk management strategy. It is intended to provide organizations with better protection against the financial risk posed by cyber security threats such as ransomware and data breaches.

Every year, transportation companies, industry, strategic fuel and energy facilities attract more and more attention from hackers. According to InfoWatch, attacks on corporate IT infrastructure are growing every year by 20%. Retailers gain access to a wealth of Customer information, including credit and debit card numbers. Most air tickets and travel packages are booked and paid for via the Internet, so this area is subject to risks associated with the creation of clone sites and phishing resources to steal money and banking card data from Customers.

Even with the most up-to-date security measures in place, cyber-attacks can happen. A cyber-attack can expose and leverage sensitive information. This makes data one of the most valuable (and vulnerable) assets an organization can hold. Cyber insurance helps companies assess and mitigate their risk of a security breach and protect against litigation and reputation loss if an attack occurs.

This policy may also help with other aspects of cyber incidents:

  • Notification to those affected
  • Restoration of information
  • Data recovery
  • Repairs to your company’s computer systems
  • Legal fees and expenses related to the cyber incident
  • Forensic investigations, etc.
What is it for

Make sure you have an emergency plan in place.The best solution is to have a comprehensive approach to cyber risk management.

In addition to issuance a standard cyber risk insurance policy, the following steps can be taken and agreed with the insurer:

1. In addition to in-house IT professionals, for large companies as well as high-risk industries it makes sense to have a crisis services contract with a company specializing in cybersecurity and cybercrime investigations. Such companies can be included in the wording of cyber insurance policy. This can be extremely useful in a number of cases: when internal IT specialists cannot connect to IT system and promptly resolve a cyber incident, when the company's internal resources are insufficient due to the scale of the incident. Such companies also have more experience in investigating cyber incidents and attacks, as well as more information in this area and experience in responding to the incidents.

2. The policy will also cover legal advice as well as crisis PR to protect personal data from theft, computer hacking, human error and more. In this regard, we can discuss the possibility of including to the policy wording a pre-agreed list of legal and PR specialists for rapid response

3. In the event you need to cover BI (business interruption), clients typically require the involvement of forensic investigators, which can also be pre-arranged and specified in the policy wording.

Additionally, to prevent cyber incidents, along with other measures recommended by IT specialists, you can arrange pre-breach assessments, cyber risk quantification and cyber coverage gap analysis.

Who can insure

Any company that deals with data storage, data operations and data transfer is at risk.

Shippers, manufacturing companies, and FEC are attracting more and more attention from perpetrators every year.

According to IT analysts, attacks on enterprise IT infrastructure are growing by 20% every year.

Retailers and other companies that access large amounts of customer information, including credit and debit card numbers, are also at risk.

The travel and aviation industry are also under threat. For example, most airline tickets and travels are booked and paid for online. This comes with the risks associated with the creation of clone sites and phishing resources, leading to the theft of money and personal data (including bank card details) of clients. If we also take into account cases where malicious actors have stopped or disrupted airport operations, the scale of risk in this industry becomes even more significant.

Financial institutions, often banks and insurance companies, are also under great strain. The reasons are the same: it gives attackers access to substantial amounts of money, as well as to the personal data of a large number of customers, which can be sold on the darknet.

We have given general examples above. The list of industries where cyber risk insurance is very relevant is much broader.

Cyber Insurance: The Why and When

For the past decade, digital transformation initiatives have revolutionized how business is done. That process has accelerated as organizations adapt to rapidly evolving customer preferences and lead to benefits such as deeper customer engagement and significant efficiency gains.

However, these trends may have also expanded an organization’s vulnerability to cyber-attacks. New applications, Artificial Intelligence (AI), cloud-based infrastructure, the deployment of Internet-of-Things, devices at the network edge and software-defined networking using the public internet are just some of the new surface areas for potential exploitation. As the universe of possible attack vectors grows, the likelihood is that someone will find a way to penetrate one or more of these system components.

The need for cyber insurance solutions has never been greater than it is today, and the factors for an organization to consider are a blend of economic, technological and strategic.

Best of GARDIA:

in resolving issues
Лучшее в Гардия