As our network and system infrastructures get more complex, so are the ways hackers infiltrate them. That explains the rising need for cybersecurity as the number of hacking cases is escalating at an alarming rate. The 2014 report from the Centre for Strategic and International Studies documented that cybercrime cost Singapore a hefty S$1.25 billion yearly.
So, what can we do to recoup the losses after an attack? This is where cyber insurance comes into the picture.
A cyber insurance policy is as essential to companies as life insurance policy is to individuals. It protects businesses and users from Internet-based risks and risks related to information technology infrastructure and activities. Risks of such nature aren’t included in traditional commercial liability policies.
Traditional commercial liability policies
Traditional commercial liability policies only provide commercial liability coverage and property coverage -- the former protects a company from third-party losses, whilst the latter protects companies from first-party losses. Furthermore, cyber loss is not considered as a triggering event under such policies, thus it is either specifically excluded or capped at a very low limit.
Cyber Insurance Policies
Also known as cyber liability insurance coverage, cyber insurance is developed to help companies mitigate cyber risk exposure and offset costs incurred after a cyber related security breach.
Cyber insurance typically covers expenses related to both first parties and claims by third parties. Below is a list of common reimbursement expenses:
Investigations that are necessary to find out the cause of the cyber breach, manage damages and prevent the same type of breach from recurring. Such investigations may involve third-party security firms and law enforcement agencies.
Some cyber insurance policies cover human errors due to negligence, as well as monetary losses caused by network downtime, business interruption, and data loss recovery. Costs involved in managing a crisis that may involve repairing reputation damage are also claimable.
Privacy and notification is another area cyber insurance insurers handle. This includes required data breach notifications to customers and affected parties that are mandated by law. Credit monitoring for customers whose information was or have been breached is also included.
Legal expenses associated with the release or leak of confidential information and intellectual property, legal settlements and regulatory fines will also be taken care of by the insurer. This includes costs of cyber extortion. A common type of cyber extortion is ransomware.
Need for cyber insurance policies
Companies especially SMEs may not be able to afford costs incurred to resolve a cyber loss should its risk management strategy fails to address a cyber breach. Such loss can potentially lead to bankruptcy. It is, therefore, critical for companies to transfer cyber risks to an insurance company or insurer that offers cyber insurance policies.
The premium of cyber insurance policies differs based on coverages. Generally, the premium for consumer cyber insurance policy starts at approximately S$150 per headcount, with a coverage of S$25,000 for each claim, or cap at S$50,000 per annum. For a commercial cyber insurance policy, the premium starts at S$1,000 per annum and the claim limit falls between S$250,000 and S$2 million.
As traditional commercial liability policies do not address privacy breaches and cyber crimes, it pays to seek help from cyber insurance insurers to mitigate and recoup losses caused by cyber crimes or attacks. Companies, especially SMEs, should work with an appointed insurer for added protection from such unforeseen attacks.
The views expressed in this column are the author's own and do not necessarily reflect this publication's view, and this article is not edited by Singapore Business Review. The author was not remunerated for this article.
Do you know more about this story? Contact us anonymously through this link.
David Nagrosst is an Exceptional International Leader and CISSP Qualified IT Security Expert with 20 years+ demonstrable experience in business, sales and providing IT Security, Cloud, and Datacenter Solutions to Organizations from Start-up to Fortune 150. He provides outstanding strategic, operational, business (PNL) and sales leadership to high-performing teams in sales, pre-sales solutions, consulting, engagement and bid management, leading senior teams in Singapore, Hong Kong, China, India, Japan & Australia.
David is also an international keynote & workshop speaker and a member of AmCham Singapore. He is committed to developing, testing and continually creating new methods to drive efficiency, cost saving, growth and profit alongside innovative technical expertise. He is eager to support international security companies operate and develop in Asia.
He has held senior positions in consulting, software, telecom, and startup companies with expertise in financial services and knowledge and experience in many other industries such as e-commerce, education, construction, retail, internet advertising and publishing.