2 minute read
What is Cyber Insurance and Why You Should Have It
WHAT IS CYBER INSURANCE
AND WHY YOU SHOULD HAVe It
CYBER EXPOSURES ARE AN ENDEMIC THREAT TO ALL BUSINESSES. MORE THAN EVER, WE ARE RECEIVING ENQUIRIES FROM NECA MEMBERS ON HOW TO PROTECT THEIR BUSINESS FROM CYBER CRIMINALS.
Managing cyber risk is no different. Even with the most secure cyber risk controls and employee training in place, data breaches, ransomware attacks and other cyber incidents can impact on your business and take a big toll. Cyber insurance needs to be part of an effective risk management strategy for every business.
Real claim examples
Let’s look at the impact of cyber events on small businesses, some of which are NECA members.
Social engineering and third-party liability
A subcontractor emailed a NECA member asking them to change the bank details for payment. The request was verified through the authenticated email address. What the member didn’t know, was that the subcontractor’s email had been hacked and $70,000 was paid to a fraudulent account. A cyber policy with social engineering can manage cost recovery and pay any unrecoverable losses. This is an example of a third-party claim for the subcontractor or a social engineering claim for the contractor.
Data breach
The insured’s IT system was hacked and the hacker used this access to request funds transfers from clients and the insured’s bank. The total payments made amounted to $500,000. The insurer appointed an IT Forensic Consultant to help recover $450,000 and paid the remaining $50,000 on the claim.
Ransomware attack
The insured’s system was hacked and cyber attackers prevented access to documents, including critical contract details and designs. The business contacted the insurer’s cyber incident response line and an IT forensic consultant was appointed to fix the damage and investigate if the hacker still had access. A law firm was also brought in for remediation and to investigate if the matter needed to be brought to the attention of to the Privacy Commissioner. Claims covered business interruption losses, forensics and legal costs running to $63,000. Had there been a privacy breach, the insurer may also cover fines and mandated notifications.
What does cyber insurance cover?
An effective cyber policy covers five main areas: 1. Third-party claims – claims from third parties following breaches to your system. This includes defence costs, investigations and cover for fines and penalties. 2. Business interruption following a cyber incident. 3. Remediation. 4. Social engineering and phishing – use of deception to manipulate individuals into divulging confidential or personal information and into making payments. 5. Cyber incident response hotline.
This is one of the most important features of a good cyber policy.
Cover requirements
Most cyber insurers will now only offer policies where a high level of cyber security protocols have been implemented in your business. These include: Two-factor authentication (2FA) or
Multi-factor authentication (MFA); Password protection on all devices; Latest security updates and patches installed; Embedded firewalls and anti-virus; Processes to verify changes to bank accounts; and A two-person approval process for payments over $2,000.
Protect your business
Over 400 members choose to insure their business through NECAGuard, an insurance offering that has been designed specifically for electrical contractors. To find out how you can obtain cyber insurance that will meet your needs, email necaguard@neca.asn.au or phone 1800 335 014 for more information.
