While basic crime policies cover an individual for fraudulent online attacks, it is important to note their limitations. Often selected as ‘bolt-ons’ to conventional policies, they do not address the full range of exposure, leaving gaps in cover.
Firstly, there are some basic guidelines to avoid being targeted by cyber criminals. It is estimated that 50 per cent of system intrusions are the result of human error so it is important not to open unsolicited emails or attachments and to ensure that all employees adhere to this. Through this method, cyber criminals can introduce malicious software into a system which enables them to harvest data and engineer precisely targeted attacks.
When it comes to diverting genuine payments, cyber criminals can utilise the data they have stolen, sending emails from supposedly genuine sources with only minor variations made to the email address. It is always worth checking with the original source before making any fund transfers. To protect against the financial losses incurred in this type of crime, insurance is advisable, but it is important to know the difference between the available options.
Computer policies cover hardware failure and the consequential damage to data, in scenarios such as: a loss of power supply, flooding, software corruption/breakdown, or accidental data erasure. They do not provide cover for criminal activity.
Crime policies provide cover for fraud caused by employees and fraudulent acts by third parties. It is important to note such frauds and dishonesty are often now committed using computers, hence the confusion with cyber policies. Those conducting business online, including those who hold personal data on clients or employees, should also consider the cover provided by specialist cyber policies.
There is already a legal responsibility to protect personal data, but in May the EU General Data Protection Regulation (GDPR), now enshrined in UK law, will make these responsibilities more stringent. Not only will swift remedial action be required, if a breach does occur, significant fines will be levied.
Specialist cyber policies provide cover in the event of attacks by cyber criminals, including data breach, cyber extortion, the cost of professional assistance in mitigating the loss, the cost of fines and, in some cases, ransom payments. Policies can be tailored to specific requirements including damage to data, business interruption and reinstatement cover.
This type of policy is not limited to businesses. A number of providers now include an extension for cyber cover within home insurance policies, including attacks by cyber criminals which lead to hacker damage, cyber theft or cyber extortion. More are likely to follow. Some cyber policies are included automatically while others charge for the extension in cover. Lycetts provides professional advice for all risks associated with cyber criminals and information technology.