Welcome back to the Aviation Insurance Blog!
Businesses continue to rely heavily on technology and digital integration in an ongoing effort to increase margin and improve service and efficiency. The Covid-19 pandemic forced shut-downs that led to immediate and unexpected work-from-home situations for numerous organizations. The virus caused a rapid digitalization of organizational and product and service delivery systems for many businesses. With such a heavy reliance on technology, cyber risks have become a significant and continuously evolving issue. Each week, there are more news stories of cyber-attacks on business that have led to significant product and service disruptions. Companies must quickly adapt and adequately apply risk management techniques and solutions to address these exposures.
According to a study done in 2018 (JUNIPER Research), small businesses invest less than $500 per year in cybersecurity products, which makes them an obvious target for cybercriminals. Many small and medium-sized businesses overlook or under-consider technology risks. Today, with increasing cases of data breaches, malware and ransomware attacks, and digital fraud, a cyber liability policy must not be overlooked. These policies can prove invaluable as they help the business respond to, and recover from, an attack or data breach.
Knowing the various cyber exposures and terms is essential when reviewing and/or purchasing a cyber liability policy. It will also help businesses (and business leaders) prepare and plan before an exposure or risk occurs.
Cybercrimes range across a spectrum of activities. Let’s define a couple of examples that could be a risk to your business.
- Denial of service attack:Distributed DoS attacks are a special kind of hacking. In this instance, a criminal assault an array of computers with programs that can be triggered by an external computer user. These programs are known as Trojan horses since they enter the unknowing users’ computers as something benign, such as a photo or document attached to an e-mail.
- Ransomware: Ransomware is a type of malicious software (malware) that threatens to publish or blocks access to data or a computer system, usually by encrypting it, until the victim pays a ransom fee to the attacker. In many cases, the ransom demand comes with a deadline. If the victim doesn’t pay in time, the data is gone forever.
- Data Breach: A data breach is an incident where information is stolen or taken from a system without the knowledge or authorization of the system’s owner. A small company or large organization may suffer a data breach. Stolen data may involve sensitive, proprietary, or confidential information such as credit card numbers, customer data, trade secrets, or matters of national security.
Cyber exposures can injure a business directly from a first-party perspective and third-party liability losses. Third-party liability exposures are those losses that you become legally obligated to pay to other people and organizations. First-party exposures are those losses that directly impact your organization. These could include expenses related to notification, credit monitoring, cyber investigation, crisis management, and data privacy regulatory expenses.
Cyber liability is a relatively misunderstood type of insurance. Many business owners don’t fully understand their exposures and are confused about what exposures a cyber liability insurance policy covers. Some assume that their exposure to this type of risk is minimal and are largely unaware of all the ways that their business is vulnerable. Any company that relies on technology to transfer or store business or customer information could become a target of cybercrime that could have a substantial impact on their business. Cyber risks aren’t limited to direct first and third-party losses. Indirect losses can also occur, such as the loss of customer confidence which can have a lasting negative impact on the company’s reputation.
To help gain a better understanding of a cyber liability policy, let’s look at some key cyber liability exposures and coverages as defined and outlined by Risk Placement Services (RPS):
First Party Loss (direct loss to your business):
- Crisis Management/Breach Response: Can include notification expense to comply with state law, credit monitoring and call center service expense, forensic investigation for system intrusion expense, and public relations expense to avert brand damage.
- Data Restoration/Recovery: Costs to replace, restore, or recreate corrupted or lost data.
- Consequential Reputational Harm: Loss of profits from current and future customers due to damaged reputation.
- Additional Extra Expense: Extra costs associated with cyber events such as employee overtime, fulfilling contracts, supplying customers, etc.
- Cyber Extortion: Costs associated with extortion threats to an insured’s computer systems.
- Business Interruption: Reimbursement for lost business income due to security breach or system failure of the insured’s computer system
- Dependent Business interruption: Reimbursement for lost business income due to a security breach or system failure of a third parties’ computer system. Coverage can include IT service provider and supply chain vendor.
- Privacy & Network Liability: When the insured becomes legally obligated to pay as a result of unauthorized access to their system or unintentional data compromise.
- Regulatory Proceedings: Defense, fines, and penalties assessed by a regulatory body.
- Media Injury Liability: Coverage can include actual or alleged libel, slander, IP/copyright infringement, plagiarism, or infliction of emotional distress throughout the duration of their electronic media activities.
- PCI Assessments: Fines/penalties assessed against the insured by payment card companies resulting from the insured’s unintentional disclosure of payment card info.
- Social Engineering/Fraudulent Instruction/Cyber Deception: Loss of money or tangible property as a result of a fraudulent request. Coverage can include theft of funds held in escrow.
- Funds Transfer Fraud: Loss of money or securities resulting from fraudulent instructions to a financial institution (banks).
- Computer Fraud: Loss of money, securities or property from unauthorized entry into insured’s computer system.
- Telecommunications/Utility Fraud: Utility charges incurred resulting from a third party’s unauthorized access to the insured’s outgoing telephone or other utility services.
Other Available Coverages:
- Hardware Replacement/Bricking: Replacing tangible computer equipment as a result of a cyber event.
- Contingent Bodily Injury: Bodily injury arising out of a security breach.
- Invoice Manipulation: Will indemnify the insured for direct net loss resulting from the insured’s inability to collect payment
- Betterment: Costs or expenses incurred to update, replace, upgrade, recreate, or improve digital data or a computer system to a level better than that which existed prior to the cyber incident.
Cyber risks are undoubtedly increasing. Retaining the potential losses of a significant cyber-attack is something that would gravely injure or potentially devastate small and medium-sized businesses without adequate insurance protection. Regardless of size and operational activities, cyber exposures can’t be overlooked by any organization.
Not all cyber risks can be insured. As a general rule, prevention is better than cure, so getting a cyber liability policy should only be one part of your business’ risk management solution. A good strategy requires understanding the specific risks to which your business is exposed, the capabilities of your digital security systems, and having an effective risk management system to address these risks.
Premiums for cyber liability policies depend on several factors such as the number of clients, type of sensitive data you store, company revenue, current security measures in place, claims history, and more. There are also several differences in the coverages of various cyber liability insurance policies, some varying from carrier to carrier. When searching for Cyber Liability Insurance, be sure to seek the counsel of a trusted insurance agent/broker who is knowledgeable and experienced in cyber liability insurance.
Taking the time to protect your digital assets and investing in a cyber liability policy are fundamental steps to address cyber risk and position your business for sustainability in the future.
DISCLAIMER: These episodes are for educational purposes only and due to the changing regulatory and legal nature of this business, some information may change over time. Having a well-educated and experienced aviation insurance broker on your team is an absolute requirement to success in business and for managing your aircraft and aviation business risks.