Hit enter to search or ESC to close

Cyber insurance

iStock 863497390 v2

Cyber insurance

Today, technology is at the heart of almost every business. As a result, data protection and network security are leading risk issues for all organisations.

Every day businesses are exposed to cyber risks including malware, viruses, hacker and phishing attacks, and simple user error. 

Cybercrime is the modern digital-age form of crime, and hackers don’t discriminate. Everyone with a website, computer, email address, phone and an EFTPOS terminal is a target.

Who needs cyber insurance?

All businesses, regardless of industry or size use technology to operate, and therefore face a range of cyber risks.

Levels of exposure are further complicated through the reliance on outsourcing business functions to third parties, such as payroll processors and technology companies for cloud services and data back-ups.

A business could be exposed to cyber risk if it:

  • Engages vendors, independent contractors or additional service providers
  • Gathers personal or corporate information
  • Relies on computers and other electronic processes
  • Uses online applications
  • Has an online presence and/or point-of-sale machines
  • Has remote working outside a central place of business

Updated anti-virus software, two-factor authentication, robust firewalls, backups and staff education are all important risk management tools. However, none of those measures provide 100% security. Some hackers take advantage of vulnerabilities in systems, while others rely on human error to gain access to systems via phishing or social engineering scams. 

Cyber insurance is available to help your business recover from a cyber liability such as a virus, ransomware or malware infection, a denial of service attack or a loss of data and breaches of privacy. Policies can also help you recover from potential business income loss and minimise reputational damage after you’ve experienced a breach. 

What does cyber insurance cover?

Cyber security insurance is designed to fill the gaps in traditional insurance programmes. Policies will generally respond to both your own losses and also your liability to others as a result of a breach in your network security.  While a cyber liability insurance policy cannot prevent a breach of your network security it can assist should you suffer one.  

Cybersecurity insurance will cover your own losses and costs incurred directly by you for:

  • Loss of business income
  • Forensic costs to ascertain the extent of the event
  • Extortion costs incurred in the threat of an event or a ransomware assault
  • Costs to restore the network
  • Costs to replicate/replace lost data
  • Public relations costs to minimise reputational damage

Cyber insurance will cover privacy breaches, and security liability, as well as third party costs that you, as the insured, become liable for:

  • Liability for third-party damages
  • Regulatory fines and penalties
  • Public relations costs
  • Forensics costs
  • Claims for compensation from customers or other third parties such as banks or suppliers, following an insured cyber event
  • Costs of investigations instigated by privacy regulators
  • Privacy reparations and penalties resulting from an event
  • Associated legal defence costs

One key benefit of a Cyber Liability Insurance policy is 24/7 access to a response line supported by expert professionals. They will help you restore your network and minimise your exposure to loss and liability. Cyber insurance response panels include experts in data recovery, forensic engineering, crisis management, public relations and legal advice.

Why you should buy cyber liability insurance

What would be the worst effect of a cyber attack to your business? Lost revenue from being unable to sell goods or conduct your business? Damage to your reputation from of a breach of confidentiality and the possible cyber liability associated with it? Or simply the significant costs associated with cleaning the network and getting it back up and running again? Would you know where to turn if you were struck by a cyber incident today?

Our cyber insurance brokers can advise you on the most appropriate cyber protection policy for your business. Crombie Lockwood has access to a range of cost-effective cyber solutions for all size NZ businesses, including CyberSAFE, underwritten by Lloyd’s of London  

Businesses with revenue under $10m can get an immediate quote for their cyber security insurance by answering only a few questions.


Cyber insurance specialists

Our cyber insurance specialists are based around New Zealand to help businesses understand and assess their cyber risks, how they could be impacted by a cyber threat and provide advice on the right insurance for those risks.

Contact us

Ransomware victim - professional services firm

The business found that its systems had been infected by ransomware malware. All IT services were outsourced to reputable firms and up-to-date anti-virus systems were in use. A branded backup product was making full image-based backups of the system every hour. Despite this protection, the malware encrypted 18 months of data. including the backup files. This data was locked for 6 days while every effort was made to restore it. Eventually, when all options had been exhausted, the ransom of 5 bitcoins had to be paid to restore the data.Costs were met by cyber insurance.

Phishing - data loss victim – technology company

The victim’s head office is based in New Zealand however it has sales staff based in USA. Just before a long weekend in the States, the New Zealand head office received an email from one of its senior staff in the USA requesting urgent transfer of US$35,000 for a significant deal that was closing imminently. A second email followed, chasing the payment and stressing the urgency. The criminals had clearly used social media engineering to profile the business and used this to target the right people in the firm. Unfortunately, the funds were paid but insurance was available to reimburse the victim’s loss (less their excess).

Virus infection -professional services firm

The victim had a network of 22 desktop workstations, two virtual servers and ancillary devices including printers. Anti-virus software installed on the servers was up to date and there was an overnight virus scan run once a week, although most desktops were switched off when it was scheduled. A virus was detected on the system infecting multiple computers and spreading through the network. Initial attempts to eradicate the virus were unsuccessful and eventually the only way to clean the system up was to wipe and re-install all the computers and devices on the network leaving the insured unable to use their system for several days. The victim was able to recover the costs of restoring the network from their cyber insurance policy.

Phishing - data loss victim – large membership association

The victim held details of several thousand members on its database. In a spear phishing attack, an association staff member received an email purporting to come from the body’s CEO. The email requested contact details for the members. Because the email looked authentic, the details were sent. As a result, the association was exposed to potential liability to its members for a privacy breach. It also faced reputational issues and costs associates with notifying both members and the appropriate authorities.