With the Guernsey Financial Services Commission announcing that licensees are expected to make cyber security a board-level issue and invest in processes to prevent breaches, what practical steps can my business take?
Stuart Butler replies:
This is a rapidly developing area as the insurance market responds to the needs of businesses and is good news, especially as we all migrate from paper based systems.
Under specialist policies, existing public liability cover can be extended to include liabilities arising from email and the company’s web presence and typically breaks cover down into component parts. These can include:
First and third party costs relating to security breaches (forensic, notification of affected parties, including regulators etc.), loss of income and increased costs of working following a breach and the expense of restoring the system following hacker damage.
Cyber extortion – payment of ransom demands – claims from third parties for loss of privacy, including payment card industry charges, and fines and media liability – the infringement of third party intellectual property, defamation (libel and slander) and negligent virus transmission can also be covered.
More comprehensive policies may also add vicarious liability for failures by cloud providers and other vendors, reputational damage, including PR costs to mitigate that, monetary loss arising from phishing scams and cover for programming errors.
These policies typically also provide cover for significantly higher limits. They also rely on an up-front online data protection questionnaire which informs the underwriting process in terms of the applicant’s current protection levels and recommends subsequent actions which leads to qualification for other covers.
This way, your broker can ensure you get a cyber ‘health check’ – plus peace of mind cover.
Please click here for our regulations.