Hit enter to search or ESC to close

Business insurance

iStock 863497390 v2

Cyber insurance

Today, technology is at the heart of almost every business, and data protection and network security are leading risk issues for all organisations.

Every day businesses are exposed to cyber risks including malware, viruses, hacker and phishing attacks, and simple user error. 

Cybercrime is big business and hackers don’t discriminate. Everyone with a website, computer, email, phone and an EFTPOS terminal is a target.

Who needs cyber insurance?

All businesses, regardless of industry or size, if you use technology to operate – you face a range of cyber risks.

Levels of exposure are further complicated through the outsourcing of business functions to third parties such as payroll processors, data back-up and cloud related services.

A business could be exposed to cyber risk if it:

  • Engages vendors, independent contractors or additional service providers
  • Gathers personal or corporate information
  • Uses electronic processes or computers
  • Uses online applications
  • Has an online presence and/or point-of-sale machines
  • Has employees, particularly any potentially disgruntled employees
  • Has remote working outside a central place of business

Updated anti-virus software, robust firewalls, backups and staff education are all important risk management tools. However, none of those measures provide 100% security. Some hackers take advantage of vulnerabilities in systems while others rely on a lapse in concentration from an owner or employee.

Cyber insurance is available to help your business recover from a cyber event such as a virus, ransomware or malware infection, a denial of service attack or a loss of data and breaches of privacy.

What cyber insurance covers

Cyber Insurance is designed to fill the gaps in traditional insurance programmes. Policies will generally respond to both your own losses and also your liability to others as a result of a breach in your network security.  While an insurance policy cannot prevent a breach of your network security it can assist should you suffer one.  

Cyber insurance will cover your own losses and costs incurred directly by you for:

  • Loss of business income
  • Forensic costs to ascertain the extent of the event
  • Extortion costs incurred in the threat of an event or a ransomware assault
  • Costs to restore the network
  • Costs to replicate/replace lost data
  • Public relations costs to minimise reputational damage

Cyber Insurance will cover privacy breach, and security liability as well a 3rd party costs that you, as the insured, become liable for:

  • Liability for third-party damages
  • Regulatory fines and penalties
  • Public relations costs
  • Forensics costs
  • Claims for compensation from customers or other third parties such as banks or suppliers, following an insured cyber event
  • Costs of investigations instigated by privacy regulators
  • Privacy reparations and penalties resulting from an event
  • Associated legal defence costs

One key benefit of a Cyber Insurance policy is 24/7 access to a response line supported by expert professionals. They will help you restore your network and minimise your exposure to loss and liability. Cyber insurance response panels include experts in data recovery, forensic engineering, crisis management, public relations and legal advice.

Help with cyber insurance

What would be the worst effect of a cyber attack your business? Lost revenue from being unable to sell goods or conduct your business? Damage to your reputation from of a breach of confidentiality and the possible liability associated with it? Or simply the significant costs associated with cleaning the network and getting it back up and running again? Would you know where to turn if you were struck by a cyber incident today?

Our cyber insurance specialists can advise you on the most appropriate cyber protection  policy for your business. Crombie Lockwood has access to a range of cost-effective cyber solutions for all size NZ businesses, including CyberSAFE, underwritten by Lloyd’s of London  

Businesses with revenue under $10m, can get an immediate quote for their cyber policy by answering only 3 questions.

 


 

curve1

Need to talk?

Call us now
0800 276 624
curve2
curve3

Find a broker

CLAIM EXAMPLES
Ransomware victim - professional services firm

The business found that its systems had been infected by ransomware malware. All IT services were outsourced to reputable firms and up-to-date anti-virus systems were in use. A branded backup product was making full image-based backups of the system every hour. Despite this protection, the malware encrypted 18 months of data. including the backup files. This data was locked for 6 days while every effort was made to restore it. Eventually, when all options had been exhausted, the ransom of 5 bitcoins had to be paid to restore the data.Costs were met by cyber insurance.

Phishing - data loss victim – technology company

The victim’s head office is based in New Zealand however it has sales staff based in USA. Just before a long weekend in the States, the New Zealand head office received an email from one of its senior staff in the USA requesting urgent transfer of US$35,000 for a significant deal that was closing imminently. A second email followed, chasing the payment and stressing the urgency. The criminals had clearly used social media engineering to profile the business and used this to target the right people in the firm. Unfortunately, the funds were paid but insurance was available to reimburse the victim’s loss (less their excess).

Virus infection -professional services firm

The victim had a network of 22 desktop workstations, two virtual servers and ancillary devices including printers. Anti-virus software installed on the servers was up to date and there was an overnight virus scan run once a week, although most desktops were switched off when it was scheduled. A virus was detected on the system infecting multiple computers and spreading through the network. Initial attempts to eradicate the virus were unsuccessful and eventually the only way to clean the system up was to wipe and re-install all the computers and devices on the network leaving the insured unable to use their system for several days. The victim was able to recover the costs of restoring the network from their cyber insurance policy.

Phishing - data loss victim – large membership association

The victim held details of several thousand members on its database. In a spear phishing attack, an association staff member received an email purporting to come from the body’s CEO. The email requested contact details for the members. Because the email looked authentic, the details were sent. As a result, the association was exposed to potential liability to its members for a privacy breach. It also faced reputational issues and costs associates with notifying both members and the appropriate authorities.