What is cyber security insurance, and should you get it?

Remember the large scale cyber-security breach at Sony at the end of 2014? The media may have slightly over-hyped the situation, but there was certainly a ripple of panic sent through businesses and organisations worldwide.

 

The thing is, online security and threats are no longer reserved for Hollywood action movies (or those who make them). They exist right here in New Zealand, and is something that needs attention today from business management and owners.

Read more: How to: Set up risk management for IT

Insurance is about peace-of-mind, and protecting yourself from the ‘what-ifs’ and no business would hesitate to protect themselves against theft, fire, natural disasters and other more ‘common’ risks. However the thought of a threat to our businesses coming via a computer, over the internet, is still seen by many as a futuristic issue.

 

In-fact, those businesses taking out cyber security insurance is on the up, and there are plenty of organisations who are already making the move to cover themselves should the unexpected (and undesirable) occur. So the question is, should your business have it?

 

It would certainly be proactive for any business leader responsible for IT to look into the possibility of cyber security insurance. Like anything, it’s best that you gather as much knowledge as possible around the subject before embarking on a decision-making process. And when it comes to insurance, no policy is the same, so it is imperative to understand what will actually be covered should you take out insurance.

 

According to this breakdown from Crombie Lockwood, cyber insurance typically provides resources or cover for:

  • Defence costs and damages relating to third party claims for breaches of privacy etc
  • The reconstruction of data and the loss of income following a cyber attack on your network
  • Costs and expenses for advice and support in repairing reputational damage and loss of customer confidence

You also need to know what exclusions limitations apply to the policy, and this could range anywhere from un-encrypted data to cloud and mobile data, first party notification and data restoration.

 

Before getting bogged down in the technical side of things, it is best to do a risk assessment of your business to work out what kind of cover or protection you actually need. For example, if you don’t collect customer’s credit card details, then you may not need to have credit monitoring services in your policy.

 

In September 2014, the Insurance Council of New Zealand joined forces with the Government on a cyber security initiative, and what came from this was Connect Smart. Feel free to check this out, or contact us if you have any further questions around whether your business needs to consider more protection around cyber security.

——

This blog post is a condensed version of an article in our latest eBook. Keen on further knowledge on how to manage IT in your business? Download: An essential guide to IT for SME business – Risk, Security and Productivity

 

 

The information provided in this article is purely a general introduction on the subject of cyber security insurance – it should not be used as specific advice for your business. A decision to buy insurance should be discussed with an expert.