How Much Cyber Insurance is Enough?

19 December 2019

 

If, like me, you think that paying more will guarantee greater safety then you may well be right.

I put an emphasis on may.

Because cyber coverage is still largely unknown by consumers and difficult to place by underwriters.

If, as a business, you do not know how to identify your own threat risks, then can you really trust your insurers?

Broadly speaking, there are three areas most companies would consider cyber insurance for:

1)         Breaches of business-to-customer (B2C) e-commerce or a breach at a physical retail store.

2)         Protection of intellectual property, trade secrets and the personally identifiable information (PII) of employees and recover from a breach into a manufacturing facility.

3)         An Internet of Things (IoT) event.

Now, according to the experts, there is limited value proposition in cyber insurance for B2C cases. So, for a nation of consumers, this will ring alarm bells.

Meanwhile, for intellectual property, it is difficult to provide a financial value for what could potentially be lost because of variables such as who the attacker is, whether they are a nation-state or if they are simply a competitor looking to gain an upper hand. Perish the thought!

But the IoT events are becoming the most talked about within the cyber insurance industry, but just how does it plan on addressing the growth of IoT devices and the risk of cyber-related events targeting connected manufacturing facilities around the world? These include some of the most routine, day-to-day transactions which, when taken in that context, is easy to see why it overshadows a sector such as retail and commerce above.

Given it essentially covers all business types and sectors, companies need to put a value to a cyber event and explain it in a way that will make business sense so they can explain it to the insurance company. This is not always easy, and so a thorough risk assessment and threat management plan needs to be incorporated by professionals and cyber experts.

Fortunately, there are cloud-based enterprise risk management products out there that can help companies determine specific values to a security breach as it combines modern analytics with the Factor Analysis of Information Risk (FAIR) methodology.

FAIR breaks an event down into two discrete categories:

  • Primary loss, which includes downtime and response and replacement costs.
  • Secondary loss, which takes into consideration fines (such as those due to come in under the EUGDPR next year), reputation loss, reimbursement of money stolen and the cost of credit monitoring services.

Naturally, such products would require time and cost to be fully workable.

But the important point here is that all businesses need to understand their risk profile, and particularly those that do business in or with countries with higher than normal levels of fraud and cybercrime, like Russia and Eastern Europe.

Companies also need to use available tools to get a better sense of what a breach will cost.

Contact us for Cyber Security Advice Liverpool Wirral, Merseyside and Across England & Wales

For further advice on cybersecurity threat management planning, contact Aaron Pearson at Three Graces Legal on 0151 659 1070 or email This email address is being protected from spambots. You need JavaScript enabled to view it. or This email address is being protected from spambots. You need JavaScript enabled to view it..

 

Make a free enquiry, call now

0151 659 1070




Please let us know your name.



Please enter a valid telephone number



Please let us know your email address.



Please let us know your message.



Invalid Input

Invalid Input
I understand that by submitting my query to you, my personal data (name, email address and contact number) will be processed by you in order to contact me and assist me with my query. I confirm I have read and understood the Privacy Notice and I consent to you processing my data for the purpose of contacting me to assist me with my query.




This article is provided free of charge for information purposes only. It does not constitute legal advice and should not be relied on as such. No responsibility for the accuracy and/or correctness of the information and commentary set out in the article, or for any consequences of relying on it, is assumed or accepted by any member of the law firm.

How can we help you?

To find how our friendly and knowledgeable solicitors can help you, contact us today.

Make a free enquiry - Call now - 0151 659 1070