Cyber Liability Insurance
Caeva O’Callaghan, MD of O' Callaghan Insurances talks about how she protects her business from cyber crime. And the insurance cover that she now feels is a ‘must have' for all businesses.
WHY DID I BUY IT FOR MY BUSINESS?
It all started when I began to write new policies and procedures for the GDPR legislation that was being enacted in May 2018. One of the documents I started to write, in conjunction with my IT Manager, was a disaster recovery plan in the event of a data breach. It quickly became apparent to us that there were likely to be two types of data breaches. One type caused by people making mistakes such as lifting documentation from a printer and inserting this documentation into an envelope destined for a different client. These types of breaches can easily be managed in-house via procedures and training. Funnily enough there is a direct correlation between the frequency of these breaches and the training re-enforcement which means that we are very much in control.
The second type of data breach is a serious and continuous leak of data. This type needs a robust Cyber Incident Response Plan. So what’s typically involved here?
First off we need to find out the following:
- Where did the Breach occur?
- How did the breach occur? What exactly is it? What’s the cause? Is it Ransomware? Are our emails compromised?
- Is the breach continuing and how do we stop this?
- What evidence do we need to collect for The Data Commissioner?
In tandem with this, you need to immediately move to:
- Notifying the affected owners of the data.
- Notifying the Regulatory Authority – within 72 hours of the breach coming to our attention.
- If appropriate, negotiate a ransom to get our system unlocked.
And then…the consequences...
- Possibly become embroiled in compensation claims.
- Face a fine from the Data Commissioner.
It very quickly became apparent to me that we did not have the in-house expertise to deal effectively with such an event.
Any Cyber Liability Policy worth its salt should cover you for the following:
- Immediate access to experts in IT Forensics, Crisis Managers, Public Relations and Law.
- Assistance in notifying the owners of the breached data.
- Auditors to investigate all details relating to the breach.
- Expert witness if a claim goes to court.
Cyber Liability Insurance Policy for O’Callaghan Insurances Ltd.
I opted to buy a Cyber Liability Policy with a limit of indemnity of €5 million and a €5,000 excess. It costs me just under €4,000 per year. I am happy to have this policy and pay the premium.
Obviously, we do all that we can to keep our systems and data secure. We have robust firewalls in place and our staffs are continually educated in data and systems security. We have an incident response plan. Our insurance policy is to protect us in the event of a major incident. With just short of 40% of Irish Companies reporting at least one cyber event in the six month period from September 2019 to February 2020, this is one big problem that I don’t want to be faced with. (Source - Hiscox Cyber Readiness Report 2020)