1 SECURITY, CYBER AND NETWORK INSURANCE SECURING YOUR FUTURE
2 Businesses today rely heavily on computer networks. Using computers, and logging on to public and private networks has become second nature to us in our personal and professional lives, and our IT systems are central to our ability to do business. THE RISK We all constantly produce and save data, surf the net, upload content, and send s daily. It is difficult to recall how we were ever able to manage without such technologies and the benefits they bring. With all of the advances in technology, many companies struggle to secure networks, keep information confidential and avoid major issues. Cyber risks are not limited to large E-commerce companies and those undertaking transactions over the internet. Any organisation that stores personal data, is reliant on computer or telephone networks, holds digital information or uses the internet can face these exposures. ASK YOURSELF How do I store confidential third-party information securely? How am I protected if a member of my staff decides to steal data, misuse information, commit fraud or just makes a mistake? What stops my business being hit like the bigger firms that I see in the press getting attacked? What are the most valuable things my business has? (customer data, intellectual property rights (IPR), reputation etc.) If I had a security breach tomorrow, how would I know and what would I do? Do I have appropriate coverage in place to handle unexpected downtime? Could I get all the data back if I lost a server, laptop, member of staff, filing cabinet etc?
3 THE COST Cyber-crime costs GBP 27bn a year in the UK alone. Hackers are increasingly targeting smaller, softer, less reactive targets since these provide a lower-risk alternative and since 2010 around 40% of all targeted attacks have been directed at small and medium enterprises (SME), compared to only 28% directed at large companies. Therefore it may be a costly mistake to believe you re fully covered by other insurances. The gaps in more traditional insurance could include: PROPERTY Property insurance is usually restricted to loss of physical property. By its nature, data is not necessarily a physical asset, and cannot be deemed to be covered under a traditional Property policy. Computer equipment and hardware is deemed to be physical property, however it is susceptible to specialist causes of damage (changes in temperature in a server room, loss of power, software related issues) which may not be covered by Property insurance. SCaN PROTECT COVERS: Failure of Computer Hardware Loss of Data BUSINESS INTERRUPTION To be indemnified under Business Interruption insurance, the damage must be physical. Traditional Business Interruption insurance will not uphold a claim where the interruption is due to the temperature of a server room, a software malfunction, virus or other unauthorised access. The more traditional Business Interruption insurance will also not respond to a loss of data resulting in a business interruption claim. SCaN PROTECT COVERS: Business Income & Extra Expense
4 THEFT The theft of data is not covered under a standard Theft insurance. As in intangible asset, data is not seen to be an insurable loss under this specific type of cover. Generally, Theft insurance requires forced entry to insure a loss, and as data can be stolen remotely, there will be no physical sign of an unauthorised incident. Theft insurance would usually exclude theft by an employee. If the insured were to take out Full Theft cover, they take out the requirement for forced entry; however the intangible asset of data is not covered. SCaN PROTECT COVERS: Loss of Data Business Income & Extra Expense CRIME The intention of Crime insurance is to cover theft of monies or tangible assets by employees; however data is not a tangible asset and would usually be excluded under Crime insurance. Even with a Computer Crime extension, cover is normally restricted to the rectification costs only (i.e. restoration or recollection of data) with no consequential losses covered. SCaN PROTECT COVERS: Loss of Data Business Income & Extra Expense Privacy Breach Expenses TERRORISM Terrorism insurance is related only to the extortion of physical assets, and physical damage thereof. The extortion of data, software and / or IT systems would not be covered under Terrorism insurance. SCaN PROTECT COVERS: Cyber Extortion Expenses
5 PROFESSIONAL INDEMNITY / ERRORS & OMISSIONS For a traditional Errors and Omissions (E&O) insurance to respond to a claim there must be some form of negligence on the insured s part. In relation to the insured s professional activities, they must be seen to have been negligent, and to have caused financial loss to a third party. Professional Indemnity insurance also excludes claims made as a result of criminal or deliberate acts of the insured or its employees. SCaN PROTECT COVERS: Disparagement, Plagiarism & Infringement Right to Privacy & Breach of Confidence Unauthorised Access & Virus Transmission Privacy Breach Expenses GENERAL LIABILITIES General Liability insurance often excludes liability in relation to electronic data and usually excludes criminal or deliberate acts, and will not cover expenses, following a privacy breach. SCaN PROTECT COVERS: Disparagement, Plagiarism & Infringement Right to Privacy & Breach of Confidence Unauthorised Access & Virus Transmission HOW DO BREACHES OCCUR? 81% utilized some form of hacking 7% employed social tactics 10% involved physical attacks 69% incorporated malware 5% resulted from privilege misuse Source: Verizon Data Breach Investigations Report
6 THE SOLUTION SCaN PROTECT can provide cover in 8 distinct but interrelated sections to YOU (1st Party Claims) and YOUR CLIENTS (3rd Party Claims). You can buy a combination of covers, so if a particular element does not apply to your business, you can simply leave it out Claims made by YOU (1st Party) 1. Failure of Computer Hardware 2. Loss of Data 3. Business Income & Extra Expense Claims made by YOUR CLIENTS (3rd Party) 4. Disparagement, Plagiarism & Infringement 5. Right to Privacy & Breach of Confidence 6. Unauthorised Access & Virus Transmission Additional Costs 7. Cyber Extortion Expenses 8. Privacy Breach Expenses 24 HOUR ASSISTANCE EXPERT SUPPORT We understand your business relies on effective, safe and secure information technology systems to succeed in today s competitive market. So any IT emergency, large or small that disrupts your IT systems will cost lost sales, lost production or even lost reputation. That s why SCaN PROTECT gives you 24 hour assistance delivered by some of the country s top legal, claims management, technical and data restoration experts.
7 24/7 EMERGENCY ASSISTANCE Every SCaN PROTECT policyholder has access to a 24/7hour emergency helpline on: +44 (0) As soon as you call, your emergency will be assessed, your insurance cover confirmed, and top experts put to work to resolve your emergency and restore your IT services. The SCaN PROTECT 24 Hour Emergency Assistance service is delivered by Charles Taylor Adjusting, one of the world s leading international loss adjusters in close association with international law firm, Ince & Co. The team work with other leading industry experts to manage your claim, restore your systems and protect your business from further loss. HOW DOES IT WORK? Every claim is different, so we don t offer a one size fits all service. Subject to your cover and limits of indemnity Charles Taylor Adjusting will package and manage an emergency assistance service to fit your needs. Here are just a few examples of how it could work for you. Your IT network is lost through fire or theft or other incident: Technical teams will be on site as soon as possible, replacing hardware and rebuilding systems. You will be supported by the crisis management team and expert claims handlers to minimise the disruption to your operations. A computer virus or cyber-attack disrupts your systems: Technical experts will investigate and appoint experts to restore your systems. The legal team will ensure that you have access to top lawyers to resolve any disputes and the claims management team will assist you 24/7 to get your business back up and running as quickly as possible. A system failure leads to massive loss of customer data: Data restoration experts will immediately start work to rebuild your databases, while the crisis management experts and claims management teams will work closely with you to minimise loss and restore your operations. Any accusations of breach of privacy by your customers will be promptly managed by an expert legal team. A computer hacker threatens to hold your business to ransom: Expert extortion management negotiators will take over the management of your case, supported by technical experts who will investigate and secure your systems against further attack.
8 1ST PARTY CLAIMS FAILURE OF COMPUTER HARDWARE THE COVER This section provides cover for loss of, or damage to, computer hardware. Only restoration or replacement of physical property is covered under this section. Hardware leased, rented, loaned to another is not covered, and the hardware must not be left in the open. CLAIM SCENARIO The malfunction and failure of point-of-sale computer equipment meant that a retailer had to replace a large amount of hardware at their data centre at a significant cost. LOSS OF DATA THE COVER This provides cover for costs incurred in connection with the loss or corruption of data, and the restoration of that data. The causes of the data loss and/or corruption include: Network security breach, including hacking and Distributed Denial of Service (DDoS) Unauthorised use of the computer system Computer virus Accidental damage or destruction of data media Human error CLAIM SCENARIO An engineering firm lost the potential revenue from a new innovation in propeller design, when the digital designs were stolen in a hack attack and the propeller was brought to market by another manufacturer.
9 BUSINESS INCOME AND EXTRA EXPENSE THE COVER A vital element, the Business Income and Extra Expense section helps the organisation to survive the impact of the loss of business income suffered due to the failure of computer systems. CLAIM SCENARIO A software error and system malfunction leaves a City Council unable to issue traffic tickets. The estimated cost was GBP 1.5 million. A supermarket chain suffers a system failure due to faulty hardware and data corruption. The Point of Sale system fails, as does the automatic stock ordering process, leaving the shelves empty and representing a major loss in revenue. ONE PC IS AFFECTED BY CYBER-CRIME EVERY 4.5 SECONDS WORLDWIDE.
10 3RD PARTY CLAIMS DISPARAGEMENT, PLAGIARISM AND INFRINGEMENT THE COVER A company may become inadvertently liable to pay damages or incur costs where it is accused of one or more of the above activities, perpetrated through the use of their computer systems and websites. CLAIM SCENARIO Company A pays Company B GBP 450,000 to settle an action relating to an that incorrectly alleged Company B was about to be investigated by the Department of Trade and Industry. An on-line retailer was sued for using a logo, images and product description without permission. RIGHT TO PRIVACY AND BREACH OF CONFIDENCE THE COVER As more information is acquired and stored, breach of privacy or confidence is of increasing concern. This section provides protection against liability arising from such breaches. Cover is included for: Invasion of privacy Infringement of data protection legislation Unauthorised use of confidential information CLAIM SCENARIO A letting agent suffers a data breach and is being sued by tenants who have received letters in the name of the letting agent asking them to send rents to a new account. A company employee of a printing firm sends a confidential price list from supplier A to supplier B allowing supplier B to target supplier A s clients offering lower prices.
11 UNAUTHORISED ACCESS AND VIRUS TRANSMISSION THE COVER A virus finding its way into your computer system can have a devastating effect. Similarly, the transmission of a virus to a third-party can have the same effect on their computer system. In addition, companies who rely on your computer system to function for the continuance of their business can be severely affected should they be unable to access your computer system through a failure or denial of service attack. CLAIM SCENARIO A manufacturer is unable to order parts from a key supplier as the supplier s extranet has suffered a denial of service attack. The manufacturer failed to complete orders on time. A marketing company infected by a virus suffers a mail server failure after receiving an containing a virus from a business associate. HIGH-TECH CRIMINALS ARE RACKING UP OVER 100 ATTACKS PER SECOND WORLDWIDE.
12 ADDITIONAL COSTS CYBER EXTORTION EXPENSES THE COVER This section covers you in the event that your data, systems or other Cyber-related information are under threat of extortion. Insurers may pay monies to: Terminate a Cyber-extortion threat Deal with or mitigate the threat Details of this cover must be kept confidential and cooperation with law enforcement is essential. CLAIM SCENARIO A hacktivist group threatened an online aggregator with a Distributed Denial-of-Service (DDoS) attack unless payment was made.
13 PRIVACY BREACH EXPENSES THE COVER When a network or Cyber incident occurs, it can have a devastating effect on the reputation of the company and the confidence of its customers. This section provides funds in the event of an incident to enable you to hire expert assistance to mitigate the effect of the incident. In the event of a data breach the cost of notification of that breach to all relevant parties will also be covered. Cover is provided for: Crisis management expenses Customer notification expenses Forensic costs Legal expenses PCI Security Standards Council fines CLAIM SCENARIO An insurance broker writes to 51,000 UK customers after the loss of a back-up tape containing details on over 500,000 customers 40% OF ALL TARGETED ATTACKS HAVE BEEN DIRECTED AT SMALL AND MEDIUM-SIZED BUSINESSES
14 FINEX GLOBAL SPECIALIST KNOWLEDGE FINEX Global is a division of the leading global insurance broker Willis Ltd, with teams of experts providing specialist advice and services to our clients. Cyber issues are multi-disciplinary, spanning network security, online media, intellectual property, personal privacy, enabling technology, etc. Each component has its own risks and our approach produces a coordinated and comprehensive response. EXCLUSIVE WORDING SCaN PROTECT is an exclusive wording to Willis that has been designed in conjunction with a major Cyber insurer - ACE European Group Limited. We aim to provide our clients with a superior service, competitive premiums and Cyber insurance cover that goes beyond the off the shelf policy typically offered to SMEs. EXPERT CLAIMS TEAM With over 10 years experience dealing with Cyber insurance, our dedicated claims experts have in-depth knowledge of the claims process. We are committed to assisting our clients in getting their claim resolved promptly and with the minimum amount of disruption.
15 NEXT STEPS If you are concerned about Cyber risks, contact us and arrange an initial consultation to start mapping out your risks: Darryl Brophy T: +44 (0) E: Martin Berry T: +44 (0) E: Gillian Gee T: +44 (0) E:
16 Statistics used on pages from Cyber Security & Information Assurance, Statistics used on pages 5 & 7 are based on the 539 organisations responding to Information Security Breaches Survey 2010, PwC. Statistic used on page 9 from Symantec s Threat Awareness Survey. Willis Limited, Registered number: England and Wales. Registered address: 51 Lime Street, London, EC3M 7DQ. A Lloyd s Broker. Authorised and regulated by the Financial Conduct Authority /08/13
CYBER/ NETWORK SECURITY FINEX AUSTRALIA ABOUT US >> We are one of the largest insurance brokers in the world >> We have over 180 years of history and experience in insurance; we currently operate in over
Small businesses: What you need to know about cyber security Contents Why you need to know about cyber security... 3 Understanding the risks to your business... 4 How you can manage the risks... 5 Planning
THE FUTURE OF CYBER-SECURITY _ THREATS AND OPPORTUNITIES Global Corporate Venturing Cyber-security is growing as the digital world continues to expand. In this five-part supplement, Global Corporate Venturing
CYBERSECURITY A Resource Guide for BANK EXECUTIVES Executive Leadership of Cybersecurity CEO LETTER I am proud to present to you the CSBS Executive Leadership of Cybersecurity Resource Guide. The number
Post Office HomePhone and Post Office HomePhone with Broadband Terms and Conditions PostOffice.co.uk Job No: 256661 Client: Post Office Campaign: HomePhone & Broadband Proof No: 01 Publication: A5 Leaflet
Pay Monthly Terms Terms and conditions for the supply of Orange Network Services 1. Definitions The following words and expressions shall have the following meanings: Accessories: Account: Products approved
TELSTRA CYBER SECURITY REPORT 2014 Security insights, trends and impact to Australian organisations EXECUTIVE SUMMARY The internet presents a world of social connectivity, economic growth and endless opportunities
Standard terms and conditions For small and medium enterprises (SMEs) including micro businesses. Effective from 31 March 2014 Helping our customers. We re on it. 1 Contents Section 1 Taking over premises
ENERGY MARKET REVIEW 2014 CYBER-ATTACKS CAN THE MARKET RESPOND? For the first time, cyber risk has made it into the top ten global business risks in the Allianz Risk Barometer survey 2014 Top 10 Global
2013 INFORMATION SECURITY BREACHES SURVEY Technical Report Survey conducted by In association with INFORMATION SECURITY BREACHES SURVEY 2013 technical report Commissioned by: The Department for Business,
Data Breach Response Guide By Experian Data Breach Resolution 2013-2014 Edition Trust the Power of Experience. 2013 ConsumerInfo.com, Inc. Table of Contents Introduction 3... Data Breach Preparedness 4...
in depth report Managing digital risk Trends, issues and implications for business about lloyd s Lloyd s is the world s leading specialist insurance market, conducting business in over 200 countries and
T s And C s. General terms and Effective conditions April 2012 Effective April 2015 It s Ours. a What s Inside Here. General provisions 1 1. What are these terms about? 1 2. When can our terms and product
Network Security and Privacy: Risk Management and Insurance to address Legal Exposures and Financial Statement Protection 2013 Update by Kevin P. Kalinich Gobal Practice Leader, Cyber Insurance Aon Risk
Convincing Your CFO That Network Security Is An Investment by Keith Bromley First Edition Copyright 2015 Ixia. All rights reserved. This publication may not be copied, in whole or in part, without Ixia
ICC CYBER SECURITY GUIDE FOR BUSINESS ICC CYBER SECURITY GUIDE FOR BUSINESS Acknowledgements The ICC Cyber security guide for business was inspired by the Belgian Cyber security guide, an initiative of
General Terms and Conditions These are the General Terms and Conditions (incorporating the General Terms, the Specific Account Terms applicable to specific accounts and the Westpac Electronic Banking Services
Cyber and Data Security Risks and the Real Estate Industry by: Joe Fobert Real Estate and Retail Industry Practice Leader Real Estate Practice Group, AIG Property Casualty M. Leeann Irvin Director Issue
Information Security Policy The purpose of this Policy is to describe the procedures and processes in place to ensure the secure and safe use of the federation s network and its resources and to protect
Computer security guidelines A self assessment guide and checklist for general practice 3rd edition istockphoto.com/marcela Barsse Computer security guidelines A self assessment guide and checklist for
A REPORT BY HARVARD BUSINESS REVIEW ANALYTIC SERVICES Meeting the Cyber Risk Challenge Sponsored by ABOUT ZURICH INSURANCE GROUP Zurich Insurance Group (Zurich) is a leading multi-line insurance provider
Data Protection Act 1998 Guidance on the use of cloud computing Contents Overview... 2 Introduction... 2 What is cloud computing?... 3 Definitions... 3 Deployment models... 4 Service models... 5 Layered
Cyber security and fraud: The impact on small businesses Federation of Small Businesses Telephone: 020 7592 8100 Facsimile: 020 7233 7899 Website: www.fsb.org.uk Cyber security and fraud: the impact on
Your Current Account Terms NatWest Personal & Private Current Account Terms Personal & Private Current Account Fees & Interest Rates Helping you get the most from your Personal & Private NatWest Current
www.pwc.co.uk Beyond cyber threats: Europe s First Information Risk Maturity Index A PwC report in conjunction with Iron Mountain March 2012 Contents Foreword 1 Executive summary 2 Information: a priceless
Global Cyber Executive Briefing Lessons from the front lines Read more Global Cyber Sectors Executive Briefing Lessons from the front lines In a world increasingly driven by digital technologies and information,