In the face of increasing cyber attacks, insurance offers an essential response.
What is a cyber attack?
It is a security incident and damage to your company's data or information system through computer malice, theft and destruction of data, viruses, hacking...
What is your responsibility as a company?
As a professional, you are liable to third parties (customers, suppliers, etc.) and to the administration (CNIL), which can paralyse your business and have serious financial consequences. Indeed, if the personal data of your customers have been stolen, you will have to pay costs, you will also have to meet certain obligations such as the obligations to notify the regulator (CNIL) and you will have to pay costs to the victims of a cyber-attack (RGPD)
Why get insurance?
Many businesses still believe they are protected by their professional indemnity policy (see our article on professional indemnity).
Your professional liability insurance covers the loss of data caused as a result of a mishandling of your service, a fault towards your client. In contrast to professional liability, cyber insurance covers damage to your customers and to your company as a result of a cyber attack.
It is therefore important to insure yourself properly in order to limit the consequences and damage of an attack against your company and third parties, the business losses and the financial consequences that the Cyber attack may have.
What are the guarantees of a cyber insurance policy?
There are 3 common blocks among insurers:
- Crisis management support: in the event of a cyber attack, a team of technical and legal experts will assist you in resolving the incident as quickly as possible. The experts will intervene in various ways: inventory, investigations to identify the nature and origin of the attack, securing computer systems, image restoration, etc.
- Coverage for intangible damages: restoration of the information system or replacement of infected software, reconstitution of destroyed data, decontamination costs following a data breach or a breach of your information systems, costs associated with public relations to repair the damage caused to the company's reputation
- Protection of your cyber liability: your liability may be called into question by the victims of cyber attacks. The insurance may cover the financial consequences of your civil liability following a third party claim related to a security incident or a personal data breach. The costs associated with legal proceedings and compensation for damages suffered by customers may also be covered.
And the options?
Computer and telephone fraud are often options. If this is the case, fraud against the President, for example, may or may not be covered. Check carefully what is included in your basic policy and what is not, depending on the policy you are offered.
Also be aware of time deductibles (e.g. no intervention or triggering of your contract before x hours) and financial value. These elements, which are often not very visible when you take out the policy, become essential in the event of an incident or an attack. The earlier you react, the less important the consequences will be
Insurance contracts are synonymous with exclusions (see our article on insurance concepts).
On Cyber contracts, there are some specific exclusions:
A cyber insurance policy does not cover future loss of income, only present and recognized income
Losses caused by: War or terrorism, third party utility provider, intentional or fraudulent behaviour.
Claims related to patent infringement.
Damage arising from the unlawful use of software.
In conclusion: cyber insurance policies are essential for the survival of your company and your business, and it is essential to be well supported in these matters. At Mph insurance, we are there for that!