Is cyber liability covered in your professional indemnity policy?
Depending upon the nature of your business, depends on how important you hold cyber risks.
Written by Kate Slater on 2nd September 2014
As well as covering losses due to cyber crime and terrorism, cyber liability can cover accidental loss of your, or somebody else's data, physical loss of systems, and liability for any online activity or comments made by colleagues in emails.
A recent study by the Cabinet Office estimated that the economic cost of cyber crime to UK businesses is £21 billion per year. This includes:
- £9.2bn per year from theft of intellectual property such as copyright, ideas, designs and trade sectors.
- £7.6bn per year from the stealing of competition sensitive information which could impact a company's chances of winning tenders and contracts, also known as industrial espionage.
- £2.2bn per year from cyber criminals holding a company to ransom by hacking or manipulating company website links, etc.
- £1.3bn per year from direct online theft such as looting company accounts and monetary reserves.
- £1bn per year from theft of sensitive customer data from cyber attacks.
Whether you have cyber liability covered in your professional indemnity policy or not, it is essential to identify specific risks that could impact your business. This should be followed by creating an inventory of all your business data and information you hold in electronic format.
This good practice process should question these 4 risk reducing areas that you should have implemented already.
Physical security at operating locations should already be in place. But this should be matched with a robust IT security system which includes anti malware tools and segregated networks.
Data security such as encryption of mobile equipment and anti spyware should also be used.
It is recommended that you work with legal advisers on protection of any patents, copyrights or confidentiality clauses in contracts.
Whilst the law cannot protect against criminal acts, they can give you protection against accidental breach and serves to control the responsibilities of contractors, outsourcing companies and other third party organisations.
Employee training and communications
Electronic data and messaging is now a routine part of daily working life that employees may not be alert to the risks stemming from accidental or malicious actions. To avoid these actions it is worth:
- Developing a robust policy and procedures backed up with disciplinary procedures.
- Deliver training course to communicate issues to staff and follow up with regular reminders about data security etc. Sensitive data must be vetted in more detail.
- Consider background screening and vetting new employees who handle sensitive or confidential information.
In addition to risk reducing measures, it is recommended that you should have a contingency plan ready in the event of a crisis.
This should include plans on how to recover the situation, as well as fighting bad PR by implementing a communications strategy.
Cyber liability can be a complex subject due to the variety of risks your company is vulnerable to.
Specialist insurance policies of this nature has increased in popularity, and so too has the adaptation of professional indemnity policies.
Whether you have a professional indemnity or specialist policy, make sure you are fully covered for all your liabilities to protect your business, brand and employees.