From Equifax to Uber, 2017 was the year of the cyberattack. As such, many companies are beginning to wake up to the reality of cyber risk, but when it comes to the sophisticated tech community – widely considered to be top of the hitlist for hackers – how do you go about insuring them?
“When you look back at some of the high-profile cyberattacks that have taken place around the globe in the last couple of years, most of those are targeted at specialist technology companies,” Mark Crane, technology practice lead at
Travelers Europe, told
Insurance Business.
It looks as though many in the sector are up to speed when it comes to their risk profile, though – more than 65% of technology firms view cyber risks as the chief threat to their business, according to Travelers. When it comes to insurance, that higher level of understanding and experience of the issue means the bar is often set higher.
“The tech sector is looking for more of a risk management approach to cyber risk, not just a policy to pay out claims. It’s about coming up with preventative measures,” Crane said.
This month, Travelers Europe revealed an enhanced combined cyber package for the technology sector in the UK and Ireland, which includes public and products liability, property damage and business interruption, employers’ liability, professional indemnity, cybermedia liability and network security insurance.
With the technological landscape evolving at lightning speed, cyber insurance policies can quickly become outdated, Crane said of the extended product’s launch.
“One of the key factors in our enhanced policy is that coverage is triggered by a discovery of a breach,” he said, adding that the policy also offers a cyber breach coach service in partnership with law firm Pinsent Masons – which gives clients an initial consultation for each cyber event, providing expertise and knowledge to help mitigate potential losses.
“That’s really a key factor: if anyone suffers a hack, it needs to be responded to in the quickest time possible… the first couple of days are critical, particularly when you consider the General Data Protection Regulation (GDPR) which comes in May. That will give businesses only 72 hours to notify their customers,” Crane said.
As for the advice to businesses – it’s that preparation is essential.
“For a small entity, if you’re only going to do one thing, the key thing is to train staff. Most cyber-attacks are successful because an employee opens an email they shouldn’t, and it puts some malware on the systems,” Crane said. “Arguably as a company becomes larger and has more employees, that risk grows – as there are more people to potentially make those mistakes.”
Including a “robust” cyber section in a business continuity plan is also essential, particularly for larger companies – and is becoming more common.
Crane added: “What we see is an improving trend in larger companies investing in cyber risk management. Lots of continuity plans now include cyber, whereas maybe a year to 18 months ago we wouldn’t have seen that so much.”
Related stories:
How will global computer flaws Meltdown and Spectre impact cyber insurance?
Willis Re boosts cyber risk model to include 'silent cyber'