Cyber Risk Insurance

As a company’s digital presence expands — and as cyber criminals become more advanced — the cyber risks a business faces grow and become more sophisticated. Cyber insurance is critical to an organization’s overall cyber risk management strategy. It is intended to provide organizations with better protection against the financial risk posed by cyber security threats such as ransomware and data breaches.

Every year, transportation companies, industry, strategic fuel and energy facilities attract more and more attention from hackers. According to InfoWatch, attacks on corporate IT infrastructure are growing every year by 20%. Retailers gain access to a wealth of Customer information, including credit and debit card numbers. Most air tickets and travel packages are booked and paid for via the Internet, so this area is subject to risks associated with the creation of clone sites and phishing resources to steal money and banking card data from Customers.

Even with the most up-to-date security measures in place, cyber-attacks can happen. A cyber-attack can expose and leverage sensitive information. This makes data one of the most valuable (and vulnerable) assets an organization can hold. Cyber insurance helps companies assess and mitigate their risk of a security breach and protect against litigation and reputation loss if an attack occurs.

This policy may also help with other aspects of cyber incidents:

• Notification to those affected
• Restoration of information
• Data recovery
• Repairs to your company’s computer systems
• Legal fees and expenses related to the cyber incident
• Forensic investigations, etc.

Make sure you have an emergency plan in place.The best solution is to have a comprehensive approach to cyber risk management.

In addition to issuance a standard cyber risk insurance policy, the following steps can be taken and agreed with the insurer:

1. In addition to in-house IT professionals, for large companies as well as high-risk industries it makes sense to have a crisis services contract with a company specializing in cybersecurity and cybercrime investigations. Such companies can be included in the wording of cyber insurance policy. This can be extremely useful in a number of cases: when internal IT specialists cannot connect to IT system and promptly resolve a cyber incident, when the company's internal resources are insufficient due to the scale of the incident. Such companies also have more experience in investigating cyber incidents and attacks, as well as more information in this area and experience in responding to the incidents.

2. The policy will also cover legal advice as well as crisis PR to protect personal data from theft, computer hacking, human error and more. In this regard, we can discuss the possibility of including to the policy wording a pre-agreed list of legal and PR specialists for rapid response

3. In the event you need to cover BI (business interruption), clients typically require the involvement of forensic investigators, which can also be pre-arranged and specified in the policy wording.

Additionally, to prevent cyber incidents, along with other measures recommended by IT specialists, you can arrange pre-breach assessments, cyber risk quantification and cyber coverage gap analysis.

Any company that deals with data storage, data operations and data transfer is at risk.

Shippers, manufacturing companies, and FEC are attracting more and more attention from perpetrators every year.

According to IT analysts, attacks on enterprise IT infrastructure are growing by 20% every year.

Retailers and other companies that access large amounts of customer information, including credit and debit card numbers, are also at risk.

The travel and aviation industry are also under threat. For example, most airline tickets and travels are booked and paid for online. This comes with the risks associated with the creation of clone sites and phishing resources, leading to the theft of money and personal data (including bank card details) of clients. If we also take into account cases where malicious actors have stopped or disrupted airport operations, the scale of risk in this industry becomes even more significant.

Financial institutions, often banks and insurance companies, are also under great strain. The reasons are the same: it gives attackers access to substantial amounts of money, as well as to the personal data of a large number of customers, which can be sold on the darknet.

We have given general examples above. The list of industries where cyber risk insurance is very relevant is much broader.