04 Oct UNDERSTANDING THE DIFFERENCES BETWEEN CYBER & CRIME INSURANCE?
Cyber and computer crime is one of the leading risks facing businesses globally, with smaller businesses being particularly vulnerable. In Kenya alone, cybercrime costs the economy up to Ksh 20 Billion annually.
When cybercriminals infiltrate a network, hold data hostage, or acquire sensitive data, the company they steal from can be exposed to huge losses. It takes just one successful cyber-attack to cause significant financial and reputational damage to your business.
It is therefore imperative for businesses to put cyber security on their agenda by not letting their core online systems to be compromised. Secondly by safeguarding their digital assets and the private information of their clients and employees with the right insurance.
There are two types of insurance available and it is important to understand the difference between cyber and crime insurance policies.
CRIME AND CYBER COVERAGE: MAKING SURE YOUR COMPANY IS COVERED
As cyber insurance becomes the norm for many companies, there is growing confusion concerning the differences between crime and cyber coverages.
In Short: Crime policies cover the direct loss of your funds, whether through maleficence, employee dishonesty or social engineering whereas cyber policies cover economic damages arising through a failure of network security or privacy controls which may cause indirect losses.
Even as cyber criminals and their tactics become more complex, the majority of cyber and cyber-crime attacks are executed via social engineering.
Employees remain the greatest area of concern, whether via willful acts or negligence. Significant risk arises specifically from employees who are the target of social engineering scam
CRIME CLAIM EXAMPLE:
An unknown party impersonates the insured’s bank, contacts the insured’s funds transfer administrator, and convinces them to activate a computer link back to the fraudulent bank. This then allows the impersonator to contact the insured’s real bank, pretend to be the insured, and have wire transfers issued that ultimately end up with a foreign bank resulting in loss of $30,000.
CYBER CLAIM EXAMPLE:
Several employees of a hospitality company discover when filing taxes that their taxes had already been filed. The company engages a “breach coach” and a forensic expert for technical analysis. The investigation determines an HR executive inadvertently downloaded malware that extricated W2 information impacting over 10,000 past and present employees. The company provides written notification to all effected parties and provides two years of complimentary credit monitoring, and engages a PR firm to assist with talking points and management of social media.
MAKING THE BUSINESS CASE FOR CYBER INSURANCE
Any organization that stores and maintains customer information or collects online payment information, or uses the cloud, should consider adding cyber insurance to its budget. Also consider the proliferation of devices that now connect to business networks – there are simply more opportunities for malicious folks to access an organization’s assets
Cyber Insurance therefore provides an important fall back plan for the business.
Regarding costs, cyber insurance coverage and premiums are based on an organization’s industry, type of services provided, data risks and exposures, security posture, policies and annual gross revenue.
Getting started. A good first step is to create a cyber-risk profile for your company, and to create a list of expenses you want to have covered in the event of an incident. Then, you can determine an estimate for third-party costs.
Talk to us today.
We have the expertise to assist you assess the full spectrum of your cyber risks and develop an insurance program to address them in a cost effective manner.