With the General Data Protection Regulation (GDPR) actually here, expect enhanced cyber and data offerings from insurers. While GDPR fines aren’t insurable in the UK, cover for other breach-related losses are available – and Hiscox has bolstered its proposition.
The specialist global insurer has introduced new extensions, as well as upgraded the social engineering component of its cyber and data insurance product.
“As digital risks evolve, businesses have far more to worry about than cyberattacks against their own company,” said James Brady, head of cyber for Hiscox UK & Ireland. “With so many critical IT services now outsourced, the hack, or even human error of a supplier or employee can be just as damaging if it causes services to shut down.
“Many businesses already work hard to ensure they have a ‘cyber-ready’ workforce, but cyber criminals are sophisticated and social engineering in particular is a growing issue that continues to catch many employees out and can lead to financial losses for the business.”
The social engineering upgrade, for instance, will afford businesses cover in cases wherein an employee inadvertently sends funds or goods after receiving phishing emails or fraudulent payment instructions through cloned or hacked accounts. The upgrade is added to the policy’s cybercrime extension.
Not only will an affected firm be reimbursed for any funds or goods lost, but costs of fully investigating how the loss occurred are also covered. In addition, Hiscox will ensure that the issue is contained.
Meanwhile dependent businesses interruption and system failure have been added as extensions.
System failure covers business interruption losses arising from an outage to a company’s IT network that is not caused by a data breach or cyberattack. Human error cases – such as accidental data deletion or system misconfiguration – fall under this extension, as well as software updates that prevent systems from working.
Dependent businesses interruption, meanwhile, involves losses brought about by a service outage suffered by a third-party supplier such as software as a service.