There is much discussion regarding the cyber risks facing businesses, organisations and individuals today and the protection required in respect of these risks have led to the development of cyber liability insurance. In looking at this we first need to define what we mean by cyber liability insurance.
What is cyber risks insurance?
This is a specialist type of insurance policy is designed to meet the needs of those who have a particular exposure to loss arising from the use of technology within their business. The detail of cover provided by an insurer in respect of cyber liability varies from policy to policy, but essentially the intention of the cover is to protect the policyholder against;
- their own losses (First Party Losses)
- claims made against them in respect of their legal liability for loss or damage arising from the policyholder’s use of electronic data technology. (Third Party Losses)
This is a broad definition but the actual cover provided by the policy can be far reaching and will include such aspects as;
- Property damage to hardware including breakdown
- Reconstitution of data costs as a result of loss or data corruption
- Business interruption replacing lost income following a reduction in turnover caused by an insured event.
- Extortion meeting the costs of mitigation of and extortion costs
- Regulatory defence costs and associated penalties
- Privacy breach – costs and damages associated with the unintentional breach of privacy or confidential information.
- Virus the costs and claims associated with the unintentional transmission of a virus, worm or trojan
- Unintentional breach of copyright
- Defamation – defence costs and awards
- Crisis and risk management including specialist public relations and security services to manage risks and mitigate losses
Cyber Risks Insurance vs Data Protection Insurance
It is commonly said that data protection insurance is another name for cyber liability insurance, this is fundamentally incorrect. It is true that “data protection insurance” would be included within the scope of the cyber liability policy but they are most certainly not the same thing.
In considering data protection insurance it is important to note the difference between insurance relating to the handling of data generally and the handling of data that is covered by the Data Protection Act.
In the United Kingdom the Data Protection Act 1998 imposes statutory duties regarding the handling of personal data of individuals. This legislation does not apply to other forms of data, for example the keeping of electronic records regarding a business. As a consequence of this any insurance that was tailored to the needs of the Act may in fact leave the policyholder exposed to uninsured claims with regard to data covered by the act.
In looking for data protection insurance you should be seeking cover in line with the definition given in 6.7.4 below “unintentional infringement of intellectual property rights (including copyright, trademark, service mark, moral rights, patent rights, registered design), breach of confidence or infringement of any rights of privacy;” which clearly includes data protection within a much broader definition.
Insurance against cyber risks?
Turning to the specific area of protecting against claims made against you in respect of your legal liability arising from the use or misuse of technology we have already seen that this cover can be provided under a cyber liability insurance policy but it is important to note that these cyber liability risks can also be protected under perhaps a more traditional policy.
The professional indemnity insurance policy protects the policyholder against claims made against them in respect of loss arising from a breach of professional duty and claims arising from cyber risks can often be included as standard with these policy covers.
This is an example of a definition of cyber liability as covered under a professional indemnity insurance policy;
Cyber Liability shall mean any Claim relating to:
6.7.2 malicious falsehood including slander of title and slander of goods;
6.7.3 unintentional false attribution of authorship or passing off or link to or framing of another page;
6.7.4 unintentional infringement of intellectual property rights (including copyright, trademark, service mark, moral rights, patent rights, registered design), breach of confidence or infringement of any rights of privacy;
6.7.5 misuse by any employee of the Insured’s electronic signature or external email;
6.7.6 the loss or theft of data for which the Insured are responsible or held to be responsible;
6.7.7 the Insured’s negligent transmission of a computer virus, worm, logic bomb or Trojan horse to anyone;
6.7.8 the Insured’s unintentional unauthorised collection, misuse or failure to correctly protect any data concerning any customer or potential customer of the Insured which is either confidential or subject to statutory restrictions on its use;
6.7.9 a third party’s good faith reliance on a Hacker’s fraudulent use of the Insured’s encrypted electronic signature, encrypted electronic certificate, email or website where there was a clear intention to cause the Insured loss or obtain a personal gain for the Hacker
and arising in consequence of:
a) the conduct of Professional Business transacted via the internet, extranet and/or via the Insured’s own website, web address(es) and/or via the transmission of email or documents by electronic means.
b) the content of the Insured’s email, intranet, extranet or website (including its domain name, metatags and hyperlinks and the marketing and advertising of the Insured’s Professional Business on the website),
c) alterations or additions made by a Hacker,
In many cases, cover of this nature as provided under the professional indemnity insurance policy may be adequate to meet the insurance needs of many professionals and businesses, especially if suitable arrangements are already in place in respect of protecting the policyholder against their own losses via office, commercial combined or other suitable first party insurance protection.
How do I buy cyber risks insurance?
This specialist class of insurance is available from a more limited and specialist range of insurers than other business insurance products. If you would like more information regarding cyber liability insurance please call us on 200 77076.