Cyber Risk InsuranceCyber insurance covers thelosses relating to damage to,or loss of information from, ITsystems and networks.

1. Do I need it?

As a business of any size, it is likely you will rely on information technology (IT)infrastructure to some degree.  If so, you will be exposed to the risks of businessinterruption, income loss, damage management and repair, and possiblyreputational damage if IT equipment or systems fail or are interrupted.

While existing insurance policies such as commercial property, businessinterruption or professional indemnity insurance, may provide some elementsof cover against cyber risks, businesses are increasingly buying specialisedcyber insurance policies to supplement their existing insurance arrangements,particularly if they:

● hold sensitive customer details such as names and addresses orbanking information;

● rely heavily on IT systems and websites to conduct their business;

● process payment card information as a matter of course.

Cyber insurance covers the losses relating to damage to, or loss of information from, IT systemsand networks. Policies generally include significant assistance with and management of the incidentitself, which can be essential when faced with reputational damage or regulatory enforcement.

Generally cyber risks fall into first party and third party risks.  Insurance products exist to cover eitheror both of these types of risk.

First-party insurance covers your business’s own assets. This may include:

● Loss or damage to digital assets such as data or software programmes

● Business interruption from network downtime

● Cyber Extortion where third parties threaten to damage or release data if money is not paidto them

● Customer notification expenses when there is a legal or regulatory requirement to notify themof a security or privacy breach

● Reputational damage arising from a breach of data that results in loss of intellectual propertyor customers

● Theft of money or digital assets through theft of equipment or electronic theft

Third-party insurance covers the assets of others, typically your customers. This may include:

● Security and privacy breaches, and the investigation, defence costs and civil damagesassociated with them

● Multi-media liability, to cover investigation, defence costs and civil damages arising fromdefamation, breach of privacy or negligence in publication in electronic or print media

● Loss of third party data, including payment of compensation to customers for denial ofaccess, and failure of software or systems

2. What doesit cover?

3. EU General Data Protection Regulations (GDPR)The European Union’s new data protection regulation comes into effect next year. Full informationon the regulations are available on the ICO website. Here are five key facts:

GDPR applies to allThe GDPR applies to all companies worldwide that process personal data of EuropeanUnion (EU) citizens. This enforcement is also backed by significant fines of up to €20mor 4% of group annual global turnover

GDPR widens the definition of personal dataAny data that can be used to identify an individual will be considered personal data.This includes, for the first time, things such as genetic, mental, cultural, economic orsocial information.

GDPR introduces a common data breach notification requirementThe regulation requires organisations to notify the local data protection authority of adata breach within 72 hours of discovering it. This means organisations need to ensurethey have the technologies and processes in place that will enable them to detect andrespond to a data breach.

GDPR tightens the rules for obtaining valid consent to using personal informationOrganisations need to ensure they use simple language when asking for consent tocollect personal data, they need to be clear about how they will use the information,and they need to understand that silence or inactivity no longer constitutes consent.

GDPR introduces the right to be forgottenOrganisations will be required not to hold data for any longer than absolutely necessary,and not to change the use of the data from the purpose for which it was originallycollected, while – at the same time – they must delete any data at the request of thedata subject.

4. Managingcyber risks

As well as putting adequate insurance in place, it is important foryou to manage your own cyber risks as a business. This includes:

● Evaluating first and third party risks associated with the ITsystems and networks in your business

● Assessing the potential events that could cause first orthird party risks to materialise

● Analysing the controls that are currently in place andwhether they need further improvement

In 2014 the Government launched Cyber Essentials  – a basiccyber security hygiene standard to help organisations protectthemselves against common cyber attacks. Considering CyberEssentials accreditation is a good first step in becoming cyberresilient. Highland Insurance Brokers is Cyber Essentialsaccredited and is one of the only brokers in Scotland to hold

5. How can wehelp?

We have access to various market leadingproducts from small, pre-priced packages for an“off the shelf” solution, to bespoke packagestailored to meet the needs of a larger business orone with more complex requirements.

Contact Don at Highland Insurance Brokers on0146301463 709777 or by emaildon@highlandinsurancebrokers.co.uk

Highland Insurance Brokers Limited is an Appointed Representative ofMomentum Broker Solutions Limited which is authorised and regulated bythe Financial Conduct Authority.

The information contained in sections 1, and 4 are from the Association ofBritish Insurers abi.org.uk