Cyber Risk has become one of the largest emerging liabilities as organizations become more reliant on technology. Oswald’s programs go beyond cyber insurance, but also incorporate enterprise-wide integration and education. Through a total cybersecurity risk evaluation and safety strategy, we can advise which coverages to place and actions to be taken to keep your organization prepared for potential pitfalls and react to an incident should it occur. A typical cyber policy works as a risk transfer mechanism to fill gaps in a standard property and casualty policy that protects against physical loss or damage. Most cyber policies cover a wide array of incidents and resources:
- Business Interruption Costs
- Reputation Harm
- Bricking and Betterment Coverage
- Forensic Accounting Resources
- Cyber Incident Breach Coach
- Employee Education and Training
- Incident Response Plan
Who needs Cyber Insurance Coverage?
We believe in utilizing cyber risk management resources in the policy to offset cybersecurity costs. There are resources available with policies for employee education, sample policy and procedures, and more innovative offerings. Every organization that uses technology to conduct daily business activities is open to a cyber-attack. Any organization that deals with:
- Accepting digital payments or a client’s sensitive payment information
- Any other financial or personal identification data in your care, custody or control
- Personal medical information or is subject to HIPAA laws
Ransomware is a type of malware that encrypts electronic systems and requests a ransom payment to release the data or prevent information from being published. Incidents will typically occur outside of normal business hours. Once the system is compromised and encrypted the cybercriminal will request payment for decryption codes to access your system or information. Paying a cybercriminal will typically lead to the release of systems but this is not always the case. Encryption can corrupt systems or electronic equipment to the point it cannot be restored in some instances.
Business Interruption Costs
If your organization is reliant on technology, there are costs to be expected when a cyber incident occurs, and your network is down. There are fixed expenses and operational costs that your company incurs daily and that count on your network. Profit may be lost due to the inability to execute day to day activities.
If an attack becomes known publicly to current or potential clients your brand image can be damaged. This could lead to lost profits, loss of employees or inability to recruit. Most cyber policies will cover these losses if the organization can show figures for documented losses.
Bricking and Betterment Coverage
During a cyber-attack, physical equipment may be compromised, damaged, or rendered useless due to malware. Anything from a USB drive to a laptop or a server may be damaged so badly that it can no longer function as anything other than a brick. Bricking coverage may replace those items.
Betterment coverage looks to replace and improve software and security systems that were compromised and failed as a result of the cyber incident. To prevent future incidents, security must be made better than what was in place before the incident.
Forensic Accounting Resources
Many cyberattacks start with reporting to Legal, IT, and Human Resource Departments. In the aftermath, Cyber Forensic Accountants will coordinate with the finance team if there was a business income loss as a result of the cyber incident. They are brought in to investigate and report what sort of financial impact the incident had on the organization. Evaluating the business income loss can be complex. Having an expert resource is important.
Cyber Incident Breach Coach
Oswald Cyber Liability Policies include access to a Cyber Incident Breach Coach. They are experienced cybersecurity legal professionals that have handled numerous incidents. These professionals will walk you through the process step by step once an incident has occurred. They will assist with coordinating other professionals necessary to respond to an incident.
Employee Education and Training
Organizations can have strong security and controls, but employees can still be a weak point in a company’s defense. If an employee is unaware of the potential risk their actions may pose, the risk of a cyberattack is increased exponentially. Cyber education, training, and phishing awareness are integral to enterprise-wide risk management. This is in addition to system patch management, the software is up to date with the latest protection, and proper system controls.
Incident Response Plan
If an incident were to occur, it is vital for all involved to know steps going forward to mitigate risk and try to resolve the incident as quickly as possible. This should be an easy to read document that is always evolving and updated as threats change and include cyber liability policy information. All employees involved in the plan should be made aware of their role should there be an incident.
Lacy Rex, AU
Cyber Strategic Leader, Oswald Companies
Lacy is the Cyber Strategic Leader and part of the Executive Risk Practice at Oswald Companies with over 10 years of experience in the insurance industry. Her focus at Oswald is on cyber and management liability and professional liability coverages. She integrates her product and market knowledge to find solutions for clients’ issues that arise daily.
Lacy negotiates policy enhancements across all lines for Executive Risk including D&O, EPL, Fiduciary Liability, Professional Liability, Crime, Kidnap and Ransom, and Cyber Liability. Working closely with carriers to draft policy enhancements allows her to provide innovative solutions to local, national, and international employers. Serving as a Cyber Liability specialist and resource at Oswald Companies, she frequently speaks and blogs about Cyber Liability topics.
Lacy began her career as a Professional Liability Wholesale Broker. She was a member of Swett & Crawford’s National Cyber Liability team where she drove inventive policy language and coverage recommendations. Prior to joining Oswald, Lacy was a Client Executive at a retail broker in Cincinnati focusing on Private Equity and their portfolio companies.
Keeping our clients “cyber fit” includes the commitment to keeping you updated on the latest updates and resources. Please follow our blog articles to stay informed.