‘Another week, another breach’; this seems to be the established axiom as yet another organisation faces up to the reality of life post cyber attack. As education levels concerning cyber risk improve and businesses consider the most appropriate insurance to protect their critical assets, buyers must be cognisant of the potential for a cyber loss to ‘crossover’ and impact upon other insurance classes.
As cyber breaches become even more sophisticated and diverse in nature, there are now far more areas of a business that can be affected as a result. By way of an example, one of the insurances that can be impacted is Directors’ and Officers’ liability (D&O), which may have to respond to potential lawsuits brought against the company due to leaked sensitive personal data, or due to the Directors being held personally accountable for a system breach/failure.
For insurance brokers, it is important to be aware of the different insurance protections that cyber losses can affect, as your clients will need to be fully aware of the potential consequences of a cyber incident. It is important to not only educate them on the increased risk, but also on the tactics they can employ to give the organisation the best tools to mitigate loss (such as better security education, protocols and procedures within the organisation).
However D&O is not the only insurance that could be impacted by a cyber breach. Property, General Liability and Business Interruption are covers that also come to mind. By way of an example, a cyber breach could negatively impact a supply chain affecting the delivery of goods, future orders and stock management. The financial loss could be catastrophic for a business.
Be aware that many existing policies exclude loss, damage or liability caused or arising from the use or operation as a means of inflicting harm, of any computer, system or virus. Therefore it is essential to know which cover will be available to respond and where the ‘crossovers’ exist.
Businesses can find themselves highly exposed following a cyber event, especially when it comes to first party losses such as data protection fines, penalties and expenses, and data breach expenses such as forensic, notification, credit monitoring and public relations costs (common in many cyber breaches). General Liability, Professional Liability and Property/Business Interruption often do not cover this risk, highlighting the need for brokers to educate clients and to consider how existing coverages will respond.