Cyber Risk is now one of the main exposures business owners face today. With the growth and reliance on technology, cyber events are also becoming more frequent and the number of claims far greater.
In this article, we will dive into how much cover you should have for your business. Before we do so, it is important to understand the structure of a Cyber Policy and what some of the various costs could be following a breach.
IT vendors:
How much will it cost for an IT Company to delete the malware and reboot the system?
Ransomware:
Was there an extortion attempt and a demand for cash?
Legal fees:
In order to interpret the Privacy Act requirements, what will it cost to engage a Privacy Lawyer? Will there be further legal defence costs?
Forensic breach response providers:
Forensic Accountants will need to be appointed to quantify the amount of data that was breached, and also the financial impact on the business.
Business interruption:
What was the loss in revenue following the breach?
Crisis Communication Costs:
Does the business require a Public Relations company to avoid any reputational harm?
Stolen funds:
What amount of money was stolen or misdirected?
Notification costs:
How much will it cost to notify the affected individuals whose information was breached?
Regulatory Fines:
Should there be a serious breach of the Privacy Act, the Office of the Australian Information Commissioner (OAIC) can fine individuals up to $500,000 and body corporates up to $10,000,000.
Privacy Liability:
Are you legally liable to pay damages for the costs incurred by your Customers?
As you can tell, the incurred costs following a significant breach could easily be in the millions!
Currently, the cost of Cyber Insurance is still relatively cheap. We therefore recommend Companies’ purchase as much as they can afford to obtain.
We are also starting to discover that Insurers’ are not willing to provide much more than $5million capacity per policy. Therefore, if a higher limit is required, we are able to use a secondary Insurer to provide the necessary cover.
Each company should have a good understanding of what the potential damages to their business could be. Could your IT system be back up in running within 24 hours, or will it take 24 days? Is your Customers’ information encrypted? Is your Business Continuity Plan regularly updated?
Should you wish to discuss your Cyber risk further, please feel free to contact one of our experienced team members here at Trident.