YOUR TRUSTED PARTNER IN A DIGITAL AGE. A guide to Hiscox Cyber and Data Insurance



Similar documents
Demystifying Cyber Insurance. Jamie Monck-Mason & Andrew Hill. Introduction. What is cyber? Nomenclature

NZI LIABILITY CYBER. Are you protected?

CYBER RISK SECURITY, NETWORK & PRIVACY

Cyber Risk Management

Discussion on Network Security & Privacy Liability Exposures and Insurance

THE ANATOMY OF A CYBER POLICY. Jamie Monck-Mason & Andrew Hill

GALLAGHER CYBER LIABILITY PRACTICE. Tailored Solutions for Cyber Liability and Professional Liability

How To Cover A Data Breach In The European Market

Cyber/ Network Security. FINEX Global

Cyber and data Policy wording

Data breach, cyber and privacy risks. Brian Wright Lloyd Wright Consultants Ltd

RISKY BUSINESS SEMINAR CYBER LIABILITY DISCUSSION

Data breach! cyber and privacy risks. Brian Wright Michael Guidry Lloyd Guidry LLC

Cyber Insurance Presentation

Nine Steps to Smart Security for Small Businesses

Making Sense of Cyber Insurance: A Guide for SMEs

Privacy and Data Breach Protection Modular application form

CYBER LIABILITY. Bring on tomorrow. Network Security and Privacy. May 15, 2014

Managing Cyber Risk through Insurance

cyber invasions cyber risk insurance AFP Exchange

Reducing Risk. Raising Expectations. CyberRisk and Professional Liability

Privacy / Network Security Liability Insurance Discussion. January 30, Kevin Violette RT ProExec

Cyber and Data Security. Proposal form

Information Security Incident Management Policy and Procedure

THE NEW REALITY OF RISK CYBER RISK: TRENDS AND SOLUTIONS

SINGAPORE HEALTHCARE ENTERPRISE RISK MANAGEMENT CONGRESS Data Breach : The Emerging Threat to Healthcare Industry

Managing Your Cyber & Data Risk 2010 NTA Convention Montreal, Quebec

FACT SHEET: Ransomware and HIPAA

Mitigating and managing cyber risk: ten issues to consider

PROFESSIONAL RISK PRIVACY CLAIMS SCENARIOS

Cyber Liability. AlaHA Annual Meeting 2013

Embracing Cyber Risk: Insurance Solutions

WHITE PAPER KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST PROTECTING THE PROTECTOR

Nine Network Considerations in the New HIPAA Landscape

KEY STEPS FOLLOWING A DATA BREACH

Security & Privacy Current cover and Risk Management Services

Data Breach and Senior Living Communities May 29, 2015

RLI PROFESSIONAL SERVICES GROUP PROFESSIONAL LEARNING EVENT PSGLE 123. Cybersecurity: A Growing Concern for Small Businesses

WHITE PAPER. How to simplify and control the cardholder security environment

DATA BREACH BREAK DOWN LESSONS LEARNED FROM TARGET

Updates within Network Security and Privacy Risk Management

CYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility

Don t Be a Victim to Data Breach Risks Protecting Your Organization From Data Breach and Privacy Risks

Cyber-Crime Protection

Privacy Liability & Data Breach Management Nikos Georgopoulos Cyber Risks Advisor cyrm October 2014

Information Security Incident Management Policy and Procedure. CONTROL SHEET FOR Information Security Incident Management Policy

erisks Policyholder s Guide to Privacy & Security Breach Response Planning

Cyber Risks October

Insurance Considerations Related to Data Security and Breach in Outsourcing Agreements

Best practices and insight to protect your firm today against tomorrow s cybersecurity breach

Cyber Liability Insurance Data Security, Privacy and Multimedia Protection

10 Smart Ideas for. Keeping Data Safe. From Hackers

CyberEdge. Desired Coverages. Application Form. Covers Required. Financial Information. Company or Trading Name: Address: Post Code: Telephone:

What would you do if your agency had a data breach?

ONLINE AND MOBILE BANKING, YOUR RISKS COVERED

The Impact of Wireless LAN Technology on Compliance to the PCI Data Security Standard

Joe A. Ramirez Catherine Crane

Network Security & Privacy Landscape

/ BROCHURE / CHECKLIST: PCI/ISO COMPLIANCE. By Melbourne IT Enterprise Services

Proactive Credential Monitoring as a Method of Fraud Prevention and Risk Mitigation. By Marc Ostryniec, vice president, CSID

Managing Cyber & Privacy Risks

Cyber Liability Insurance Data Security, Privacy and Multimedia Protection

Cybersecurity: A Growing Concern for All Businesses. RLI Design Professionals Design Professionals Learning Event DPLE 160 October 7, 2015

Information and Communication Technology, Cyber and Data Security

Internet Gaming: The New Face of Cyber Liability. Presented by John M. Link, CPCU Cottingham & Butler

Cyber Exposure for Credit Unions

The potential legal consequences of a personal data breach

Cyber and Privacy Risk What Are the Trends? Is Insurance the Answer?

Best Practices: Reducing the Risks of Corporate Account Takeovers

Cutting through the insurance jargon!

Data Breach Cost. Risks, costs and mitigation strategies for data breaches

Cybercrime: risks, penalties and prevention

Insuring Innovation. CyberFirst Coverage for Technology Companies

PAI Secure Program Guide

WHAT YOU NEED TO KNOW ABOUT CYBER SECURITY

Understanding the Business Risk

ISO? ISO? ISO? LTD ISO?

Who s next after TalkTalk?

$22k. Payment Card Data Breaches: What You Need to Know About Your Risk and Liability. First Data Market Insight

Beyond Data Breach: Cyber Trends and Exposures

A practical guide to IT security

Understanding Professional Liability Insurance

WHITE PAPER BREACH, PRIVACY, AND CYBER COVERAGES: FACT AND FICTION CYBER COVERAGES

Payment Card Industry Data Security Standards

CYBER RISK INSURANCE. Presented By: Jonathan Healy

National Corporate Practice. Cyber risks explained what they are, what they could cost and how to protect against them

HOW TO PROTECT YOUR DATA

What Data? I m A Trucking Company!

Mitigating Bring Your Own Device (BYOD) Risk for Organisations

Cyber Liability. Michael Cavanaugh, RPLU Vice President, Director of Production Apogee Insurance Group Ext. 7029

The impact of the personal data security breach notification law

ANATOMY of a DATA BREACH DISASTER. Avoiding a Cyber Catastrophe. June, Sponsored by:

An Introduction to Cyber Liability Insurance. Catherine Berry Senior Underwriter

Cyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft

Possibilities and limits of cyber risks insurance

Insurance implications for Cyber Threats

Foregenix Incident Response Handbook. A comprehensive guide of what to do in the unfortunate event of a compromise

Cyber Risks and Insurance Solutions Malaysia, November 2013

Beazley Group Beazley Breach Response. A data breach isn t always a disaster Mishandling it is.

PCI Compliance for Healthcare

Transcription:

YOUR TRUSTED PARTNER IN A DIGITAL AGE A guide to Hiscox Cyber and Data Insurance

2 THE CYBER AND DATA RISK TO YOUR BUSINESS This digital guide will help you find out more about the potential cyber and data risks to your business, the insurance protection available, as well as some real examples of insurance claims and answers to your most frequently asked questions. Is your business at risk? Who is this product for? Why choose Hiscox? Your business could be vulnerable to a data breach or loss of vital business services if you: x hold sensitive customer details such as names and addresses or banking information x are reliant on computer systems to conduct your business xhave a website x are subject to a payment card industry (PCI) merchant services agreement. Our appetite for Hiscox Cyber and Data insurance extends beyond our core industry specialisms and we will actively consider businesses operating in the following sectors: xaccountancy xadvertising and marketing xconstruction xconsultancy xeducation xhospitality xhotels xlaw xmanufacturing xmedia xpublishing xrecruitment xretail xtechnology xtelecoms xtransport xrestaurants. A trusted partner in the event of a claim Insurance alone is not enough to deal with these new and evolving risks. So Hiscox will not just pay out when you suffer a loss but will also provide you with access to a team of experts who will actively work with you to minimise your loss and the possible damage to your business. No complicated modules Our simple to understand policy provides comprehensive cover so clients know what they are buying and can be confident they will be covered in the event of a loss. Specialist underwriting expertise We have been providing cyber and data insurance for 14 years, so we understand the changing risks that clients face and have evolved our product to protect them. Worldwide network of privacy lawyers and technical specialists Who will offer expert support and guidance in the event of a claim. Free access to Hiscox eriskhub We give clients access to tools and resources to help them stay up-to-date with evolving risks, understand their exposure and establish a response plan.

3 PROTECT YOUR BUSINESS We offer comprehensive protection for your computer systems and data (electronic or non-electronic), all available in a single insurance policy. Costs your business may incur as a result of an incident Amounts you may be liable to pay to other parties Additional cover options for your Hiscox policy Breach costs We offer practical support in the event of a data breach (electronic or otherwise) including forensic investigations, legal advice, notifying customers or regulators, and offering support such as credit monitoring to affected customers Crisis containment In the event of a data breach, prompt, confident communication is critical to help minimise the damage to a company s reputation. We include crisis containment cover with a leading public relations firm who can provide expert support, from developing communication strategies to running a 24/7 crisis press office. Cyber business interruption We will provide compensation for loss of income, including where caused by damage to your reputation, if a hacker targets your systems and prevents your business from earning revenue. Cyber extortion We will protect you if a hacker tries to hold your business to ransom with any final ransom paid, as well as the services of a leading risk consultancy firm to help manage the situation. Hacker damage We will reimburse you for the costs of repair, restoration or replacement if a hacker causes damage to your websites, programmes or electronic data. Privacy protection We will pay to defend and settle claims made against you for failing to keep customers personal data secure. We will also pay the costs associated with regulatory investigations and settle civil penalties levied by regulators where allowed. Multimedia liability The policy includes protection if you mistakenly infringe someone s copyright by using a picture online for example, or inadvertently libel a third party in an email or other electronic communication. Cyber crime We will cover direct financial loss following an external hack into your company s computer network. This could be theft of money, property, or your digital assets. Telephone hacking We will pay the costs of unauthorised telephone calls made by an external hacker following a breach of your computer network; includes traditional fixed-line telephony systems, as well as online systems (VoiP, Skype, etc.). 90% of large businesses and 74% of small businesses had a security breach over the previous year, with the average breach costing small businesses 75k. * *According to the 2015 Information Security Breaches Survey,

Contents 4 WHAT HAPPENS IN THE EVENT OF A BREACH Data breaches are becoming increasingly common, so it s important to consider how you would react rapidly to enable business continuity and protect your business against reputational damage. Suspected data breach occurs Legal support Specialist privacy and data breach lawyers will lead negotiations with regulators. You call Hiscox (24/7/365) and obtain immediate advice IT forensics assessment Including compilation of affected data and preventative measures against further leaks. Our team of experts immediately step-in to support you Communications We ll help you contact affected customers to explain the situation, the remedies in place and the potential consequences. Hiscox continues provides ongoing support Call centre support We ll set up a call centre to deal with projected call volume increase. Credit monitoring We ll offer credit monitoring advice to those customers who have been affected.

5 OUR INSURANCE IN ACTION We have dealt successfully with many cyber and data related claims. From a client held to ransom by a Russian hacker, to a customer being tipped-off by white hat hackers that their information was for sale on the dark web, here are some recent examples. The technology business and malware Cost covered by Hiscox: 250k The optician held to ransom Cost covered by Hiscox: 60k The publisher s lost passwords Cost covered by Hiscox: 10k Our client was contacted by a government agency and advised that government security services had detected an intrusion on its systems. Our IT forensic experts were deployed to investigate and assess the extent to which the network had been compromised. A significant amount of malware was discovered on our client s servers so a containment plan was executed to remove all malware. Our client was also able to take legal and PR advice under their insurance cover to help them decide how and when to communicate this incident to their clients. An employee from a chain of opticians received an email to say that she had been caught speeding and clicked the button which offered to show a photograph of her being caught in the act. Shortly afterwards our client received an email from someone in Russia to say that they had infected their systems with the Cryptolocker virus and that all files on its servers were encrypted. The encrypted files included patient records and software used to run the business. The Russians were asking for 400 in Bitcoins for the decryption key. We approved the client s payment of the ransom. Unfortunately this only recovered 90% of the files and they needed an IT contractor to help them recover the remainder. Their insurance policy covered this business interruption as well as the costs of being unable to trade for a couple of days and not being fully up-to-speed for a couple of weeks. Contacted by a white hat hacker, our client was told that user names and passwords for two of their websites had been stolen. We called in IT forensic experts to investigate, who confirmed there had been a hack and set about plugging the security breach. Legal advice was also taken to confirm whether or not our client was required to notify the individuals whose user names had been compromised.

Contents 6 ASK A HISCOX EXPERT YOUR QUESTIONS ANSWERED What is your exposure? As businesses become ever more reliant on technology and hold more and more data, the risks from suffering a loss related to problems with their computer systems or from holding sensitive customer data like bank account information or other personal /sensitive details, continue to grow. This can lead to costs from handling a data breach, lost revenue, a damaged reputation, and legal and regulatory costs, not to mention the associated business disruption. What s the definition of a record? For the purpose of cyber and data, we define a record as the details of an individual that a company processes, regardless of how many times that information is handled. For example, if you buy goods from an online retailer five times in one year, it would count as one record. Our experience shows that there is a direct relationship between the number of data subjects affected by a data breach and the costs of the breach. The volume of records therefore provides the best guide to the likely cost of a cyber and data claim. I m a small company, why do I need to buy insurance? There s a black market where records are sold and bought, and hackers are only getting savvier. The Department for Business, Innovation and Skills reported that 74% of small businesses and 90% of large organisations suffered a data breach in 2014 and it is becoming increasingly common. My IT department is confident we are secure, do I need a policy? Carphone Warehouse, TalkTalk and many other large corporations like them have entire departments devoted to IT security, and they still suffered a data breach. A simple oversight like not updating software, not setting appropriate user authentication procedures for third party vendors, losing an unencrypted laptop, or a rogue employee with malicious intent, can all lead to a breach. I outsource my payment and card processing. I don t have payment card exposures do I? According to the PCI Compliance Guide, PCI compliance applies to all organisations or merchants that accept, transmit, or store any cardholder data, regardless of their size, or number of transactions. Merely using a third party company does not exclude a company from PCI compliance. It may cut down on the risk exposure and consequently reduce the effort to validate compliance but it doesn t mean a merchant can ignore PCI compliance. My data is stored in the cloud, so liability rests with them? Not exactly. It would be in your best interest to carefully review your cloud contracts with legal counsel. Even if the risk is reduced, the liability may still fall on the shoulders of the insured. You can outsource the service but not the responsibility. Does the Hiscox policy cover offline and online exposures? Yes. The policy is triggered by the breach of electronic and non-electronic data that includes theft and loss. So you have insurance for a sophisticated hack but also for leaving a paper file on a train or sending information by email to the wrong person. What is encryption? It s the process of encoding information so that only authorised parties can read it. Encryption is important in evaluating a company s risk and exposure, since a breach of encrypted data is significantly less costly than a breach of unencrypted data. Encryption is a risk control measure viewed favourably by regulators including the Information Commissioner s Office (the office responsible for the enforcement of various data regulations in the UK). Many of the fines they have levied have involved the loss of unencrypted data by organisations. I have a password, is that the same as encryption? No. Encryption is the process of scrambling the data on a hard disk so it is unusable unless accessed with a decryption key. Only using password protection means that a hacker could bypass the password to access intact data that hasn t been encrypted.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information