Cyber Liability & Privacy Protection Insurance
What is cyber risk insurance?
|Cyber-insurance is an insurance product used to protect businesses and individual
users from Internet-based risks, and more generally from risks relating to information
technology infrastructure and activities.
Most notably, but not exclusively, cyber and privacy policies cover a business' liability
for a data breach in which the firm's customers' personal information is exposed or stolen
by a hacker or other criminal who has gained access to the firm's electronic network.
What is a cyber risk?
|'Cyber risk' means any risk of financial loss, disruption or damage to the reputation
of an organisation from some sort of failure of its information technology systems.
What is data breach insurance?
|To mitigate the risk of civil litigation and other penalties when a data loss or theft
occurs, a cyber liability or data breach insurance policy can provide access to
professional assistance to help businesses comply with applicable laws and regulations.
A data breach is an incident in which sensitive, protected or confidential data has
potentially been viewed, stolen or used by an individual unauthorized to do so.
Data breaches may involve personal health information (PHI), personally identifiable
information (PII), trade secrets or intellectual property.
PRIVACY ACT 2014 - The laws governing data privacy now exact severe penalties on
organisations that do not implement appropriate data security measures. Make sure
you know what's at stake.
Whether your organisation handles financial or medical data, the price of IT compliance and cyber insurance may be high, but the price of non-compliance is even higher.
Business entities must take reasonable steps to protect the personal information they hold from misuse, interference (this may include introducing measures to protect against computer attacks), loss and from unauthorised access, modification or disclosure.
Accompanied by enhanced enforcement powers for the Privacy Commissioner, organisations that fail to comply put themselves at risk of strict financial penalties of up to $340,000 for individuals and $1.7 million for corporations.
KEY ELEMENTS OF COVER
What Cyber Liability will Cover...
The AIG Cyber Liability policy provides coverage for personal data liability, corporate data
liability, outsourcing liability, data security liability, data administrative
investigations, data administrative fines, repair of the company’s reputation, repair
of individual reputation, notification and monitoring costs, electronic data and defence
costs. Our Cyber Liability also provides optional coverage for media content, cyber
extortion and network interruption.
- Personal Data Liability – Breach of personal information/data protection
- Corporate Data Liability – Breach of corporate information
- Outsourcing – Breach of data protection by an outsourced provider where the data user or policyholder
is legally liable
- Data Security – Damage resulting from any breach of duty that ends in:
- Contamination by malicious code of third party data
- Improper or wrongful denial of access by an authorised third party to data
- The theft of an access code from premises, computer system or employees
- The destruction, modification, corruption, damage or deletion of data stored on any computer
system due to a breach of data security
- The physical theft of hardware
- Data disclosure due to a breach of data security
- Defence Costs – Defence costs in respect of any litigation brought by a data protection authority
Key Additional Benefits...
- Data Administrative Investigations – Provides costs and expenses for legal
advice and representation in connection with a formal investigation by data
protection or other authority
- Data Administrative Fines – Insurable fines and penalties imposed by a
government authority, regulator or data protection authority for a breach of data
protection laws or regulations
- Notification and Monitoring Costs – Provides costs and expenses of the
insured for the legally required and voluntary disclosure to data subjects
- Reputational Repair of the Company and Individual – Reimbursement of costs
incurred in relation to reputational damage due to a claim covered by this policy
- Wide Definition of Insured – Including director or partner, in-house counsel,
data protection officer, chief compliance officer, employee, estates or legal
representatives of any insured
- Wide Definition of Data, Data Protection, Breach of Duty
- Media Content – The collection, creation, release, printing, broadcasting
or distribution of media content, advertising and written, printed, video,
electronic, digital or digitised content that results in an infringement;
plagiarism, piracy or misappropriation or theft of ideas; libel or slander
committed without malice; or an intrusion, invasion
- Cyber Extortion – Any extortion loss incurred as a result of a security threat
- Network Interruption Insurance – Net income (net profit or loss before income
taxes) that would have been earned; and continuing normal operating expenses
incurred, including payroll as a result of a security failure
What are the Exposures?...
The Internet has spun a whole new “Web” of liability exposures. Creating a website
is simple, the exposures that come with it are not so straight forward. Whether you
meant to or not, you are creating a portal for external access into your internal systems.
The risk category includes privacy issues and the theft of data, the infringement of
intellectual property, virus transmission or any other serious intrusion that may be
passed from first to third parties via the Web.
First and Third Party Potential Losses...
- It can take years to build a good reputation and book of business, but a single
data breach can instantly change everything, leading to loss of clients and
potentially the devaluation of company stock
- Small companies which are dependent on larger sites as a platform for shared hosting
services may lose their partnerships, limiting distribution avenues and opportunities
- Costs associated with notification of data breaches and credit monitoring facilities
- Regulatory investigations can require companies to shut down their systems for
forensic purposes, limiting potential production
- Network hijackings can often require systems to be shutdown over extended periods of
time as issues are resolved. This could lead to loss of business and the ability to conduct business as usual
- Cyber extortion can cost a company considerable time and money to quantify the
potential damage of leaked information and weigh it against the cost of paying