Webinar Registration: Top Cyber Insurance Myths Debunked

Cyber is one of the hottest topics in insurance, but can be made unnecessarily complex by industry jargon and a lack of standardization in policy wordings. It’s no surprise that many businesses find themselves confused about how cyber insurance actually works and skeptical about whether they actually need it.

Join Lindsey Nelson, International Cyber Team leader at CFC, as she discusses the top six cyber insurance misunderstandings and objections we hear from clients and how to overcome them.

Sign up for the session in your time zone today!

UK | 2pm BST | Wednesday 15th August

Australia | 5pm AEST  | Wednesday 15th August

Canada | 2pm EDT  | Wednesday 15th August

CYBER CLAIMS CASE STUDY: QUICK FIX COMPLICATION

This month’s cyber claims case study is “Quick Fix Complication.” This tells the story of a US-based healthcare service provider that fell victim to a ransomware attack.

Thanks to CFC’s in-house incident response team, the healthcare service provider managed to avoid a costly notification to their entire patient population and the consequential reputational harm that may have arisen from such a notification.

The key takeaway points are as follows:

  • It is essential that when a ransomware attack or any other cyber event occurs, policyholders should engage their cyber insurance provider as soon as possible. By doing so, a co-ordinated response to the event can be devised and any evidence that may become crucial later on can be preserved from the outset.
  • The cyber insurance market is becoming increasingly competitive, with new carriers regularly entering the market. Businesses should be aware, however, that not all insurers are alike, and the skills and expertise that a well-established, experienced cyber insurer can bring can make a big difference, especially when making a claim.
  • By having our in-house incident response team with specialist knowledge of cyber security and forensics, we were able to prevent the policyholder’s claim costs from escalating and ensured that the organisation’s reputation didn’t suffer unnecessarily. If they had been with a less experienced cyber insurer without a dedicated in-house incident response team, they may have gone ahead with the breach notification process.

You can download the case study here.

Webinar: Beyond the Breach

Yesterday James Burns, Cyber Product Leader at CFC, held a webinar focusing on one of our cyber claims case studies.

We took a deep dive into Beyond the Breach – Hospital Faces Huge Operational Disruption which details a malware attack that left a small hospital reeling and how our policy helped get the hospital operational again.

You can watch the webinar here and download the slides here.

Keep your eyes peeled for more cyber webinars coming soon!

 

Cyber Insurance Guide

As we become increasingly reliant on technology, the potential impact of cyber-related incidents continues to grow. Yet the cyber insurance market is relatively new in comparison with other lines of cover.

This straightforward guide explains how cyber risk and insurance has evolved and how a good cyber policy addresses these modern exposures.

“Cyber” is one of the most talked about topics in business, insurance and media but also seems to be one of the most misunderstood. And with good reason – it is an area associated with jargon, buzz words and what feels like a whole lot of complexity.

This is largely down to the fact that the development of cyber insurance has historically focused primarily on third party privacy exposures. At the same time, traditional insurance policies have tried, but rarely succeeded, at addressing cyber risks; this has left clients believing many exposures are covered when they actually aren’t.

So what should we mean when we talk about cyber risk? What do clients need to protect  themselves against? The real answer is crime. Technology has revolutionised the world for businesses and individuals alike and the past twenty years in particular have seen monumental shifts in human behaviour directly linked to technological advancements. From the way we shop to the way we access bank accounts and book holidays, everyday life has changed fundamentally.

However, while the technology revolution has brought with it unparalleled levels of convenience and choice to millions of people across the globe, it has done the same for the criminal underworld. It is now far easier and far more lucrative for criminals to ply their trade digitally rather than physically. Cyberattacks are the modern crime and cyber insurance is the way to protect against them.

Download and read the full guide here.

California Consumer Privacy Act of 2018

At the end of June, California state legislators passed the California Consumer Privacy Act of 2018. Coming in to effect on January 1st 2020, the act is set to bring in a number of data protection requirements and new consumer rights similar to those enacted by the EU’s General Data Protection Regulation.

However, amid all the noise about the bill’s passing, one crucial area of the act appears to have been given surprisingly little attention – California has established a minimum cash amount that victims of a data breach could expect to receive should they pursue damages.

The act stipulates that for consumers whose unencrypted or unredacted personal information has been subject to unauthorised access, exfiltration, theft or disclosure, as a result of a business’s failure to implement and maintain adequate security standards, will be able to claim damages of $100 as a minimum and $750 as a maximum per incident or actual damages, whichever is greater.

The law will apply to organisations that are run for profit and do business in California and that meets one or more of the following thresholds:

  • Annual gross revenues in excess of $25 million;
  • Annually buy, sell or share the personal information of 50,000 or more consumers, households or devices;
  • Generate 50% or more of annual revenues from the selling of consumers’ personal information.

This particular part of the act marks a change of fundamental importance for a number of reasons. First, it will almost certainly increase the financial exposure that businesses face as a result of a data breach. Now, even a relatively small breach of, say, 1,000 records could result in statutory damages of $100,000-$750,000 being claimed.

Secondly, it is likely to lead to a big uptick in class action cases in general. To date, claimants in data breach class actions have often struggled to demonstrate standing as it can be difficult to prove what, if any, financial harm might be experienced as a consequence of a breach. For smaller breaches, this has meant less impetus on the part of plaintiff attorneys to bring class actions.

But with the law now enshrining minimum statutory damages for certain data breaches and with affected consumers knowing that they might stand to receive up to $750, we could see a proliferation of class action cases when the act comes into force from opportunistic lawyers looking to get involved in lucrative cases. Importantly, this could lead to a surge in class actions resulting from smaller breaches in particular.

Finally, the act sets a precedent. Back in 2003, California was the first state to introduce breach notification laws. Now, just 15 years later, every state in the union has implemented such laws. Could this act mark the beginning of minimum statutory damages being introduced elsewhere? If history is anything to go by, it shouldn’t come as a surprise if similar acts become more widespread.

For more further Information:

Cyber Claims Case Study: Beyond the breach – hospital faces huge operational disruption

Healthcare providers, like any business, are exposed to a range of cyber exposures, including malware attacks, which can have a devastating impact on their operations, especially in relation to system damage and business interruption costs.

In this month’s cyber claims case study we have reviewed a malware attack at a small hospital and how our policy assisted with making the hospital operational again. While many cyber policies exclude physical property and hardware replacement costs, the hospital’s cyber policy from CFC provided cover for these items.

Here are a few key points from the case study:

  • Healthcare organisations have often seen their cyber risk as being primarily about data breaches, but the impact of other cyber events like malware attacks can be just as severe.
  • Any business that relies on computer systems to operate can have a substantial exposure, particularly when it comes to system damage and business interruption costs.
  • Some cyber insurance policies only cover data breaches, but it’s important to also consider operational interruption costs that could be incurred by a destructive malware
    event.

Read the full case study here and look out for our next Cyber Claims Case Study next month

Cyber Claims Case Study: The importance of cover for data re-creation

Cyber risk often touches companies in unexpected ways. In May 2017, an engineering firm learned this when it lost access every last piece of data it held. This included all of the firm’s technical drawings, prints and complex design specifications.

We’ve created a in-depth case study about the event and how our policy helped calculate and cover the financial loss associated with total data re-creation. Here are a few takeaways:

• Even if an organisation is not storing personal data, they are still likely to have cyber exposures.

• Any business that relies on computer systems to generate or store business critical information is vulnerable to cyber risks if they lose or are unable to access their digital files, and purchasing a cyber insurance policy that provides appropriate cover is a key way of managing these risks.

• There is a key difference between data recovery and data re-creation. Lots of cyber policies will only cover the cost to recover data from back-ups, not the cost to re-create data. CFC’s cyber policy provides cover to re-create data from scratch.

Read the full case study by clicking on the link below, and stay tuned for more Cyber Claims Case Studies, now coming to you monthly.

Read the full case study here

CFC launches cyber insurance guide for brokers at BIBA 2018

BIBA press releaseSpecialist insurance provider behind BIBA’s cyber insurance scheme, CFC, will be launching its new BIBA Cyber Guide at BIBA 2018.

While one of the most talked about topics in business insurance, cyber insurance also seems to be one of the most misunderstood. CFC’s new guide aims to cut through the jargon and buzz words and bring simplicity to what has long been considered a complex line of business.

NOW AVAILABLE: Click here to read the BIBA Cyber Guide

“Cyber insurance policies tend to be modular in nature, consisting of a variety of different coverage areas so it’s no wonder that this has led to confusion around what they cover and how they work,” says James Burns, Cyber Product Leader at CFC. “We’ve worked with BIBA to produce this straightforward guide providing brokers with clear information about what cyber is all about and how they can articulate it to their clients.”

CFC’s BIBA Cyber Guide gives brokers simple information about what cyber actually means and how this area of insurance has evolved. It covers the types of cyber risks and types of cyber claims, drilling down into how a policy responds and providing brokers with some valuable tips on how they can overcome the most common objections they face when discussing cyber with their clients.

To guide brokers through the cyber maze, Graeme Newman, CFC’s Chief Innovation Officer, will be talking through the new BIBA Cyber Guide in a Seminar Session at 10.40am on Thursday 17 May. He will be joined by Richard Hollis, CEO, Risk Factory who will share his perspective on cyber threats.

CFC’s International Cyber Team Leader, Lindsey Nelson, will also be helping young brokers to build their cyber knowledge at the Young Broker Session at 12 noon on Thursday 17 May. Specialising in cybercrime as it pertains to companies across various industry sectors, Lindsey will discuss the real cost of cyber incidents in the UK and preventative risk management practices that companies can introduce.

Delegates will also have the opportunity to meet CFC’s underwriting experts managing both the BIBA cyber and product recall schemes on stand B51 to find out more about each proposition and the benefits they deliver to BIBA members and their clients, as well as the many other specialty products available from CFC.

Click here to read the BIBA Cyber Guide

CFC expands cyber proposition for US healthcare providers

CFC expands cyber proposition for US healthcare providersToday we’re pleased to announce the newest version of our cyber insurance product for US healthcare providers. With the latest policy, CFC enhances its combined cover for privacy and operational disruption with industry-specific features to help healthcare organizations prepare for and respond to cyber incidents as well as comply with industry regulations.

“While most healthcare providers are aware of their privacy and data breach exposures, they can easily overlook cover for operational disruption. The unprecedented increase in malware attacks has shown that operational exposures must be addressed – in fact, we’re now seeing the costs of operational disruption and rebuilding far exceed what a large-scale privacy breach might cost the same entity,” said CFC Cyber Product Leader, James Burns. “Our stand-alone cyber product for the US healthcare sector is tailored to their unique risks, helping limit the impact of a cyber incident on their organization.”

CFC’s latest cyber insurance product addresses the exposures and regulatory requirements unique to US healthcare organizations and ensures that core elements of cover are available each time a crisis strikes, even if a policyholder experiences multiple cyber incidents in the same policy period.

Unlike most cyber insurance products, CFC’s cyber policies offer the provision of first party cover on an “each and every claim” basis and don’t restrict policyholders with policy aggregates. Additionally, CFC’s cyber offering for US healthcare providers is one of the only available cyber products to include cover for HIPAA corrective action plans and cover for bodily injury resulting from a cyber attack alongside cover for the costs associated with improving risk management controls following a breach, system repair costs and incident response costs in addition to the limit.

Burns adds: “CFC offers a market-leading cyber insurance product backed by a global response capability which ensures our policyholders not only have comprehensive cover, but that they can recover quickly from cyber incidents.”

CFC has the largest dedicated cyber underwriting and claims team in the London market. Learn more about CFC’s Cyber for Healthcare insurance offering, or read the CFC cyber blog.

CFC launches new insurance solution for nutraceutical companies

New product announcement Today we are excited to announce an innovative addition to our life science suite of products with the launch of our new insurance solution designed specifically for nutraceutical businesses in the US.
Interest in health and nutrition-related products is on the rise, making nutraceuticals an exciting industry. But just like any company that manufactures or distributes products, nutraceutical companies are exposed to a range of risks, both traditional and emerging, which this policy combines into a single package.
Coverages include products liability, commercial general liability and cyber. Broad product recall cover can also be included, protecting against accidental contamination, malicious product tampering, cyber malicious product tampering, product extortion and government action.

We have also tailored the cyber cover in this new policy to address changes to the manufacturing infrastructure caused by a cyber attack as well as offering defined cover for extortion to address the growing threat of ransomware and cyber crime.

Sean Burke, our Life Science Team Leader says: “We’ve had a lot of success with our life science and medical devices products, so providing a policy for the growing nutraceutical space felt like a natural next step in developing this suite. We believe we’ve provided a well-rounded policy making it easy for these businesses to get essential coverages like products liability while also addressing emerging risks such as cyber crime, recall events and more.”

This streamlined insurance solution provides a products liability limit of up to $5m and a general liability limit of up to $7m. Premiums start from as little as $2,500.