Our Views:
Cyber Insurance
What is cyber insurance?
Smart organisations manage cybersecurity within their overall risk management strategy. Cyber insurance may be considered as one of the tools available for use in risk management to help specifically mitigate technology risk. Cyber insurance (sometimes known as cyber-liability insurance) is a formal policy or contract between an insurer and an organisation intended to mitigate risk exposure by offsetting the potentially devastating costs related to computer or network-based incidents. Risk transference is a technique typically used for high impact but low likelihood risks, and with cyber insurance organisations hedge their cyber risk by paying a premium to transfer this risk to a third party (the insurer). Cyber insurance is designed to fill the gap that traditional insurance policies don’t cover and is often triggered by attacks such as ransomware and business email compromise (BEC).
Cyber insurance, in various forms has been around since the 1990s, however in recent years the demand for this type of insurance has grown due to the increasing amount of financial loss experienced by organisations as a result of cyber-attacks. The global cyber insurance market is now estimated to be valued at $33.4 billion by 2027, according to Global Data.
Why would you consider purchasing cyber insurance?
As a result of widespread digital transformation, cybercrime has become a sophisticated and fast-growing threat. Recent well publicised data breaches in New Zealand and beyond have demonstrated how the loss of personal data may have far-reaching implications for an organisation, its customers, and its teams. The variety of incidents also shows how no industry is immune to these attacks.
The impact from the loss of personally identifiable information (PII), sensitive data, proprietary information and intellectual property is significant. When this data falls into the hands of a criminal or competitor it can severely disadvantage an organisation. Equally the large expenses associated with downtime or loss of revenue when handling a cyber incident can prove to be an existential threat to many organisations. A cyber-attack can financially harm your organisation in many ways, including:
- Lost income and productivity
- Regulatory fines or additional cost associated with compliance
- Brand and reputation damage
- Third party liability
- Crisis management expenses
- Legal defence expenses
Having cyber insurance will not stop an attack, but it will help a business recover and minimise any potentially catastrophic failures. As a result, many organisations are turning to cyber insurance as a means of protection against some of these negative impacts.
Who needs it?
Organisations of all sizes and across all industries collect, create, and hold information; and rely on technology to operate. Therefore, most organisations may benefit from cyber insurance. Assessing the unique cyber risk profile of your organisation is vital however for understanding how and how much cyber insurance may play a role in your overall risk management strategy. An organisation may be particularly exposed to cyber risk if it:
- Frequently handles large financial transactions.
- Relies on vendors, independent contractors, and service providers.
- Gathers and stores personal or sensitive information.
- Has a high degree of dependence on electronic processes.
- Has an online presence.
- Enables remote working.
- Must comply with New Zealand or international privacy legislation.
- Must comply with Payment Card Industry Security Standards or other specific industry-based requirements.
Continue reading our views on cyber insurance and more in our premium edition of the bulletin. Click here to join.
About the Bulletin:
The NZ Incident Response Bulletin is a monthly high-level executive summary containing some of the most important news articles that have been published on Forensic and Cyber Security matters during the last month. Also included are articles written by Incident Response Solutions, covering topical matters. Each article contains a brief summary and if possible, includes a linked reference on the web for detailed information. The purpose of this resource is to assist Executives in keeping up to date from a high-level perspective with a sample of the latest Forensic and Cyber Security news.
To subscribe or to submit a contribution for an upcoming Bulletin, please either visit https://incidentresponse.co.nz/bulletin or send an email to bulletin@incidentresponse.co.nz with the subject line either “Subscribe”, “Unsubscribe”, or if you think there is something worth reporting, “Contribution”, along with the Webpage or URL in the contents. Access our Privacy Policy.
This Bulletin is prepared for general guidance and does not constitute formal advice. This information should not be relied on without obtaining specific formal advice. We do not make any representation as to the accuracy or completeness of the information contained within this Bulletin. Incident Response Solutions Limited does not accept any liability, responsibility or duty of care for any consequences of you or anyone else acting, or refraining to act, when relying on the information contained in this Bulletin or for any decision based on it.
Incident Response Solutions 