As business transactions are increasingly conducted online, most people are aware of the need for some sort of protection against potential losses. There are two types of insurance available and it is important to understand the difference between cyber and crime insurance policies.
Firstly, however, there are some basic guidelines to avoid being targeted by cyber criminals. It is estimated that 50 per cent of system intrusions are the result of human error so it is important not to open unsolicited emails or attachments and to ensure that all employees adhere to this. Through this method, criminals can introduce malicious software into a system which enables them to harvest data and engineer precisely targeted attacks.
When it comes to diverting genuine payments, online criminals can utilise the data they have stolen, sending emails from supposedly genuine sources with only minor variations made to the email address. It is always worth checking with the original source before making any fund transfers. To protect against the financial losses incurred in this type of crime, insurance is advisable, but it is important to know the difference between the available options.
Computer policies cover hardware failure and the consequential damage to data, in scenarios such as: a loss of power supply, flooding, software corruption/breakdown, or accidental data erasure. They do not, however, provide cover for criminal activity.
Crime policies provide cover for fraud caused by employees and fraudulent acts by third parties. It is important to note such frauds and dishonesty are often now committed using computers, hence the confusion with cyber policies. Those conducting business online, including those who hold personal data on clients or employees, should also consider the cover provided by specialist cyber policies.
There is already a legal responsibility to protect personal data, but since May the EU General Data Protection Regulation (GDPR), now enshrined in UK law, these responsibilities have become more stringent. Not only will swift remedial action be required, if a breach does occur, significant fines will be levied.
While basic crime policies cover an individual for fraudulent online attacks, it is important to note their limitations. Often selected as ‘bolt-ons’ to conventional policies, they do not address the full range of exposure, leaving gaps in cover.
Specialist cyber policies provide cover in the event of a data breach, cyber extortion, including the cost of professional assistance in mitigating the loss, the cost of fines and, in some cases, ransom payments. Policies can be tailored to specific requirements including damage to data, business interruption and reinstatement cover.
This type of policy is not limited to businesses. A number of providers now include an extension for cyber cover within home insurance policies, including hacker damage, cyber theft and cyber extortion. More are likely to follow. Some cyber policies are included automatically while others charge for the extension in cover. Understanding your specific circumstances, and the difference between cyber and crime insurance and where the gaps can occur, Lycetts provides professional advice to ensure you are adequately covered for all eventualities.