Hit enter to search or ESC to close
Today, technology is at the heart of almost every business, and data protection and network security are leading risk issues for all organisations.
Every day businesses are exposed to cyber risks including malware, viruses, hacker and phishing attacks, and simple user error.
Cybercrime is big business and hackers don’t discriminate. Everyone with a website, computer, email, phone and an EFTPOS terminal is a target.
All businesses, regardless of industry or size use technology to operate, and therefore face a range of cyber risks.
Levels of exposure are further complicated through the reliance on outsourcing business functions to third parties, such as payroll processors and technology companies for cloud services and data back-ups.
A business could be exposed to cyber risk if it:
Updated anti-virus software, two-factor authentication, robust firewalls, backups and staff education are all important risk management tools. However, none of those measures provide 100% security. Some hackers take advantage of vulnerabilities in systems, while others rely on human error to gain access to systems via phishing or social engineering scams.
Cyber insurance is available to help your business recover from a cyber liability such as a virus, ransomware or malware infection, a denial of service attack or a loss of data and breaches of privacy. Policies can also help you recover from potential business income loss and minimise reputational damage after you’ve experienced a breach.
Cyber security insurance is designed to fill the gaps in traditional insurance programmes. Policies will generally respond to both your own losses and also your liability to others as a result of a breach in your network security. While a cyber liability insurance policy cannot prevent a breach of your network security it can assist should you suffer one.
Cybersecurity insurance will cover your own losses and costs incurred directly by you for:
Cyber insurance will cover privacy breaches, and security liability, as well as third party costs that you, as the insured, become liable for:
One key benefit of a Cyber Liability Insurance policy is 24/7 access to a response line supported by expert professionals. They will help you restore your network and minimise your exposure to loss and liability. Cyber insurance response panels include experts in data recovery, forensic engineering, crisis management, public relations and legal advice.
What would be the worst effect of a cyber attack to your business? Lost revenue from being unable to sell goods or conduct your business? Damage to your reputation from of a breach of confidentiality and the possible cyber liability associated with it? Or simply the significant costs associated with cleaning the network and getting it back up and running again? Would you know where to turn if you were struck by a cyber incident today?
Our cyber insurance brokers can advise you on the most appropriate cyber protection policy for your business. Crombie Lockwood has access to a range of cost-effective cyber solutions for all size NZ businesses, including CyberSAFE, underwritten by Lloyd’s of London
Businesses with revenue under $10m can get an immediate quote for their cyber security insurance by answering only a few questions.
The business found that its systems had been infected by ransomware malware. All IT services were outsourced to reputable firms and up-to-date anti-virus systems were in use. A branded backup product was making full image-based backups of the system every hour. Despite this protection, the malware encrypted 18 months of data. including the backup files. This data was locked for 6 days while every effort was made to restore it. Eventually, when all options had been exhausted, the ransom of 5 bitcoins had to be paid to restore the data.Costs were met by cyber insurance.
The victim’s head office is based in New Zealand however it has sales staff based in USA. Just before a long weekend in the States, the New Zealand head office received an email from one of its senior staff in the USA requesting urgent transfer of US$35,000 for a significant deal that was closing imminently. A second email followed, chasing the payment and stressing the urgency. The criminals had clearly used social media engineering to profile the business and used this to target the right people in the firm. Unfortunately, the funds were paid but insurance was available to reimburse the victim’s loss (less their excess).
The victim had a network of 22 desktop workstations, two virtual servers and ancillary devices including printers. Anti-virus software installed on the servers was up to date and there was an overnight virus scan run once a week, although most desktops were switched off when it was scheduled. A virus was detected on the system infecting multiple computers and spreading through the network. Initial attempts to eradicate the virus were unsuccessful and eventually the only way to clean the system up was to wipe and re-install all the computers and devices on the network leaving the insured unable to use their system for several days. The victim was able to recover the costs of restoring the network from their cyber insurance policy.
The victim held details of several thousand members on its database. In a spear phishing attack, an association staff member received an email purporting to come from the body’s CEO. The email requested contact details for the members. Because the email looked authentic, the details were sent. As a result, the association was exposed to potential liability to its members for a privacy breach. It also faced reputational issues and costs associates with notifying both members and the appropriate authorities.