Cyber Claim Scenario – Brand Protection

Cyber Claim Scenario – Brand Protection

(First Party Claim)

Brand Protection Example Claim

A leading software provider breached its obligations to Australian customers when hackers broke into its systems in 2013 and made off with loosely encrypted passwords and credit card details. The Australian Privacy Commissioner investigated the issue and ruled the company failed to take ‘reasonable steps’ to protect the personal information of 1.7 million Australians to the level demanded by domestic privacy legislation.

RESULT

The company engaged the services of a public relations consultancy firm to limit the brand/reputation damage associated with the findings.

CGU SOLUTION

CGU Cyber Defence provides coverage for the costs associated with regulatory privacy investigations and costs to engage a public relations firm to protect the company brand.

Source CGU

Speak to one of Insure 247’s brokers on 1300 046 787

1300-Insure

Please note Cyberliabilitycomparison.com.au Insurance News is an information service sometimes provided by third parties Insure 247 Australia doesn’t warrants the accuracy of any information contained there in, readers should make their own enquiry’s before relying on information in the stories Terms of Service

Compare Australian Cyber Insurers

Please note that any advice given has been provided without taking into account your objectives, financial situation or needs. It is also based on information we have obtained from you. You must ensure the information is accurate and complete. Otherwise, this advice may be based on inaccurate or incomplete information. You should consider whether the advice is appropriate in light of your objectives, financial situation and needs

Cyber Claim Scenario – Extortion

Cyber Claim Scenario – Extortion

(First Party)

EXAMPLE

A small accounting firm’s client records were locked by ransom software. The company was only able to get files released after paying a ransom of $50,000 to hackers.

RESULT

The firm contacted law enforcement and working with law enforcement, determined the payment should be made.

• $150,000 was paid for business interruption loss, the ransom demand ($50,000) plus consultants costs to advise on handling and negotiating the ransom, and the costs to restore the network as the hackers refused to release the files despite the ransom payment.

CGU SOLUTION

CGU Cyber Defence provides coverage for the payment of extortion monies and costs involved in negotiating, mediating and crisis managing to end the security threat.

 

Source CGU

Speak to one of Insure 247’s brokers on 1300 046 787

1300-Insure

Please note Cyberliabilitycomparison.com.au Insurance News is an information service sometimes provided by third parties Insure 247 Australia doesn’t warrants the accuracy of any information contained there in, readers should make their own enquiry’s before relying on information in the stories Terms of Service

Compare Australian Cyber Insurers

Please note that any advice given has been provided without taking into account your objectives, financial situation or needs. It is also based on information we have obtained from you. You must ensure the information is accurate and complete. Otherwise, this advice may be based on inaccurate or incomplete information. You should consider whether the advice is appropriate in light of your objectives, financial situation and needs

Cyber risk is bigger than an IT issue

Cyber risk is bigger than an IT issue

One thing is becoming clear about cyber risks: the problem is much bigger than any organization’s information technology department.

Background

My background as an IT leader and information security professional before I joined XL Catlin gives me a good vantage point on how businesses can make the mistake of thinking that cyber risk begins – and ends – with their technology operations. Regardless of a company’s size and resources, IT operations play a critically important role in cybersecurity. But the total cost of cyber risk affects the entire enterprise, and a cyber incident frequently causes problems that no IT professional, however talented, can solve.

Business continuity, third-party liability, reputational damage and regulatory compliance – those are beyond the purview of IT. A well-run IT department can minimize downtime and get systems back up, which is critical. The value of data and the cost of a disruption, however, are ultimately determined by the data owners in the business operations. While a system shutdown can be catastrophic for some organizations, business interruption and data recovery insurance are available to mitigate that risk. Regulations regarding cyber security are evolving, and insurance is available to manage that uncertainty too.

But the business itself must communicate with its employees, customers, investors and perhaps regulators, after an incident. If a data breach has occurred, a forensic investigation and notification of affected parties are likely required. A strong, unified message is critical to convey, and that is best delivered with the help of senior executives and crisis communication professionals. One of the valuable benefits of cyber insurance is access to expert resources, from PR to forensics to IT specialists, who can quickly come in to assist.

The complexity of responding to a cyber incident and communicating with stakeholders are strong reasons to have a team, such as an executive control group. The composition of such a team depends on the size of the entity and the nature of its business. In larger organizations, it likely will include enterprise risk management staff as well as C-level leaders, such as the chief technology or chief information officer. For smaller and midsize organizations, the team might include the general counsel, chief operating officer and the head of IT, for example. Regardless of the specific titles, the functions that need to come together to discuss cyber risk include risk management, operations, IT, legal, marketing and communications. Ideally, a cyber risk steering committee or group is convened to ensure that all relevant areas of the organization are represented and kept informed. The job of managing cyber risk shouldn’t fall to one person, however; a cyber risk team can ensure that the entire organization understands the risk and adjusts procedures accordingly.

It’s important to think about cyber insurance as similar to property or commercial general liability – as a form of protection that your organization needs to continue operating.

Midsize companies have particular challenges when it comes to cyber risk. Often they have fewer IT resources, which makes them attractive targets for cyber attacks. Statistics on cyber attacks bear this out. The 2015 Cyber Claims Study from risk assessment firm NetDiligence found that 71% of cyber claims came from organizations with less than $2 billion in revenue, and 56% came from those firms with less than $300 million.

Many midsize companies also have contractual requirements with bigger organizations that increase their need for high cyber insurance limits. Based on their own perceived exposure, a midsize organization might not think it needs to purchase a lot of cyber insurance coverage, but that situation can change if a business relationship requires it. The lesson here is to look closely at your business and all risks relating to your systems and networks. How long could your firm afford to remain offline, if a cyber incident disrupted your IT operations? Could your company lose revenue or customers if that happened? Would you be able to meet your obligations to business partners?

There is a lot to understanding and managing cyber risk. A team approach is a good way to cover the bases, as well as working with expert resources and strong insurance partners to help protect your business.

About the Author

Sean M. Donahue is assistant vice president and underwriter, Cyber and Technology Insurance, at XL Catlin.

Source XL Catlin

1300-Insure

Please note Cyberliabilitycomparison.com.au Insurance News is an information service sometimes provided by third parties Insure 247 Australia doesn’t warrants the accuracy of any information contained there in, readers should make their own enquiry’s before relying on information in the stories Terms of Service

Compare Australian Cyber Insurers

Please note that any advice given has been provided without taking into account your objectives, financial situation or needs. It is also based on information we have obtained from you. You must ensure the information is accurate and complete. Otherwise, this advice may be based on inaccurate or incomplete information. You should consider whether the advice is appropriate in light of your objectives, financial situation and needs

Cyber Claim Scenario – Hacker Attack

Cyber Claim Scenario – Hacker Attack

(First Party Claim)

Cyber Insurer CGU has provided this claims scenario and how there cyber insurance responds to the scenario

EXAMPLE

A transport company discovered its servers had been infiltrated by an unidentified third party, allowing the third party to access files. This included accessing personal identifiable information including credit card information.

Unauthorised and fraudulent transactions were made on the transport company’s customers’ accounts in multiple states and countries.

RESULT

The transport company was required to notify all affected customers, their personal information had been compromised and offered affected individuals credit monitoring services. The transport company was also concerned about the possible reputational damage they could suffer, so a public relations expert was brought in to assist.

The breach resulted in costs and expenses of approximately $100,000 to identify the affected individuals, notify them, set up a call centre and respond to customer enquiries.

Another $150,000 was incurred in legal costs and expenses to determine reporting requirements and respond to regulatory investigations into the privacy breach. In addition $29,000 was spent on IT forensics costs incurred to restore the data and stop the breach, and a business income loss of $250,000 was also suffered – totalling $529,000.

CGU SOLUTION

CGU Cyber Defence provides coverage for all elements of the loss including customer notification costs, establishment of call centre for customer support, credit monitoring expenses, brand and business interruption loss.

CGU Cyber Defence

Speak to one of Insure 247’s brokers on 1300 046 787

1300-Insure

Please note Cyberliabilitycomparison.com.au Insurance News is an information service sometimes provided by third parties Insure 247 Australia doesn’t warrants the accuracy of any information contained there in, readers should make their own enquiry’s before relying on information in the stories Terms of Service

Compare Australian Cyber Insurers

Please note that any advice given has been provided without taking into account your objectives, financial situation or needs. It is also based on information we have obtained from you. You must ensure the information is accurate and complete. Otherwise, this advice may be based on inaccurate or incomplete information. You should consider whether the advice is appropriate in light of your objectives, financial situation and needs

Cyber Claim Scenario – Employee Error

Cyber Insurance Claim Scenario – Employee Error

(First Party & Third Party Claim)

Cyber Insurer CGU has provided this claims scenario and how there cyber insurance responds to the scenario

 

EXAMPLE

A retailer emailed a group of customers to promote a sale with special discounts available to them. The retailer intended to attach a copy of the flyer detailing the discounts but instead attached a copy of a spreadsheet that contained a customer list, including customer names, addresses and credit card information.

RESULT

The retailer was required to notify all affected customers of the error and offered credit monitoring services.

Several of the affected individuals began legal proceedings against the retailer. The notification and credit monitoring costs totalled $50,000, and the amount to settle the legal proceedings with the retailer’s customers combined with the associated legal costs and expenses totalled $100,000.

CGU SOLUTION

CGU Cyber Defence Insurance Policy provides coverage for breach of privacy which includes legal costs, indemnification of third parties and crisis management costs.

Source CGU

Speak to one of Insure 247’s brokers on 1300 046 787

1300-Insure

Please note Cyberliabilitycomparison.com.au Insurance News is an information service sometimes provided by third parties Insure 247 Australia doesn’t warrants the accuracy of any information contained there in, readers should make their own enquiry’s before relying on information in the stories Terms of Service

Compare Australian Cyber Insurers

Please note that any advice given has been provided without taking into account your objectives, financial situation or needs. It is also based on information we have obtained from you. You must ensure the information is accurate and complete. Otherwise, this advice may be based on inaccurate or incomplete information. You should consider whether the advice is appropriate in light of your objectives, financial situation and needs

Zurich – the ins and outs of cyber risks

Zurich Cyber Risk

Cyber risks

Zurich Cyber Insurance

Cyber insurer Zurich‘s Global Head of Special Lines Lori Bailey has published an article outlining the ins and outs of cyber risks.

See where cyber risks originate, how they accumulate and how they can derail mission critical aspects at every level of your business.

kh-image-the-ins-and-outs-of-cyber-risks

The consequences of cyber risks can disrupt critical business infrastructure and derail productivity at the operational level. Here’s a complete look at where they originate, what they target and their consequences.

Cyber Risk Sources

  • Human error accounts for 52 percent of cyber breaches, according to a study by CompTIA.
  • Creating resilience to cyber risks requires focus on educating and training employees

kh-image1-the-ins-and-outs-of-cyber-risks

CyberRisk Targets

  • Indirect targets of cyber encroachments are as significant as direct targets.
  • Access to financial information, for example, could put at risk the financial information of a private company that is a customer.
  • This underscores the need for a holistic view of cumulative cyber risks.

kh-image2-the-ins-and-outs-of-cyber-risks

CyberRisk Consequences

  • The consequences of cyber risks are not limited to lost data.
  • Transactions can fail; supplies or products can be misdirected.
  • Manufacturing can be halted or output faulty goods; safety issues can cause injuries.
  • Dissatisfied customers can turn elsewhere.

kh-image3-the-ins-and-outs-of-cyber-risks

Source: Zurich

Speak to one of Insure 247’s brokers on 1300 046 787

Please note Cyberliabilitycomparison.com.au Insurance News is an information service sometimes provided by third parties Insure 247 Australia doesn’t warrant the accuracy of any information contained therein, readers should make their own inquiry’s before relying on information in the stories Terms of Service

Cyber Insurance Comparison

Please note that any advice given has been provided without taking into account your objectives, financial situation or needs. It is also based on information we have obtained from you. You must ensure the information is accurate and complete. Otherwise, this advice may be based on the inaccurate or incomplete information. You should consider whether the advice is appropriate in light of your objectives, financial situation, and needs

 

Are Home Networks a Cyber Risk for Your Business?

Are Home Networks a Cyber Risk for Your Business?

It’s not uncommon for staff to take home a company laptop and connect it to their domestic network. That network may be protected by a firewall but internally it is still vulnerable. For example, other devices may be connected, such as family members’ PCs and smartphones, as well as smart TVs, DVD recorders, child monitors, CCTV systems, and even fridges. All of these are capable of being hacked.

Infections From Other Networks

A company laptop may become infected by a virus initiated from another network-connected device. There have been cases of someone else, perhaps a child, using the laptop to surf the Internet unsupervised and allowing the machine to be infected by malware. The staff member then unwittingly spread the infection when the laptop was reconnected to the company network.

The same can apply to smartphones that are connected to both home and company networks.

Cyber Risk from smart TVs and other domestic wi-fi-capable devices

The manufacturers of smart TVs and other domestic wi-fi-capable devices do not usually update their software outside that model’s maintenance cycle, so older devices will not get updates at all. Any infection will spread though the home network.

The best way to avoid contaminating a company network is to insist that strong anti-malware software is installed on every device that may be connected.

Staff should also be encouraged to run two separate networks on their routers. One network should then be used exclusively for the company laptop or smartphone; the other for everything else.

Source: Steadfast

[pardot-form id=”489″ title=”Cyber Insurance”]

Cyber Insurance ComparisonPlease note that any advice given has been provided without taking into account your objectives, financial situation or needs. It is also based on information we have obtained from you. You must ensure the information is accurate and complete. Otherwise, this advice may be based on inaccurate or incomplete information. You should consider whether the advice is appropriate in light of your objectives, financial situation and needs

 

 

Insure Against Cyber Risk

In our continuing series on Cyber Risk, we thought it would be interesting to see what the potential cyber risk is with the new Australian Privacy Principles and its implications for small business.

Are we prepared

90 % of private companies don’t have insurance against cyber risk,  that’s one of the findings in Chubb 2013 Private Company Risk Survey. That means the uninsured companies will have to foot the bill if the are found liable for loss as a result of cyber crime, or data breach.

So if your cloud computing company is breached you may find your self ultimately liable for the loss of data .

Australian Privacy Principles

The National Privacy Princibles (NPP) will be replaced by the Australian Privacy Principles (APPs) on 12 March 2014 the change includes civil penalty regime for breaches of privacy. Click here for a copy of the privacy fact sheet

APP Privacy principle  8—cross-border disclosure of personal information, will require your clients information held on servers in countries is at least substantially similar to the way in which the Australian Privacy Principles protect the information.

Where is your data held? And how does your cloud company protect it?

You could simply call Salesforce, Google, Jive Software, Demandware or Xero and ask which country your data is stored in or backed up in, as long as that country meets the similar privacy standard to Australia your fine.

Steps that may help your company

  • Develop an Incident Response Plan (IRP)
  • Encrypt Portable devices
  • Assess cloud services providers’ data security
  • Get Cyber Liability Insurance

If you are still unsure, speak to a specialist, get them to review your potential risks and possible mitigation.

Steve Sloan
steve-sloan-insure247

Steve is a licensed insurance broker and marketer. He is an internet insurance pioneer in Australia.

Cyber Risk Trends

Where is your exposure
Cyber Threat

Any advice that may have been given is general advice only, please be aware that we have not taken into consideration your needs, objectives or financial requirements. Before deciding to purchase a financial product you should consider the appropriate Product Disclosure Statement to ensure the product is suitable for your needs.

First Published on GreatChoice

Google protecting the world's news from digital attack

Google Project Shield

Google in it’s daily blog has outlined what it see’s as a risk for Independent News Services – DDoS attacks are often used to attempt to censor news, human rights, and elections monitoring sites, and to bring down many other types of sites. Sites that are not using a content delivery network (CDN) or a major hosting provider often do not have the capacity to defend against these attacks.

 

The web is an increasingly critical tool for news organizations, allowing them to communicate faster, research more easily, and disseminate their work to a global audience. Often it’s the primary distribution channel for critical, investigative work that shines a light into the darkest corners of society and the economy—the kind of reporting that exposes wrongdoing, causes upset and brings about change.

Denial of service (DDoS) attack

Unfortunately there are some out there who want to prevent this kind of reporting—to silence journalism when it’s needed most. A simple, inexpensive distributed denial of service (DDoS) attack can be carried out by almost anyone with access to a computer—and take a site completely offline before its owners even know they’ve been attacked.

These attacks threaten free expression and access to information—two of Google’s core values. So a few years ago we created Project Shield, an effort that uses Google’s security infrastructure to detect and filter attacks on news and human rights websites. Now we’re expanding Project Shield beyond our trusted testers, and opening it up to all the world’s news sites to protect them from DDoS attacks and eliminate DDoS as a form of censorship.

Read More

Source Google

Please note Cyberliabilitycomparison.com.au Insurance News is an information service sometimes provided by third parties Insure 247 Australia doesn’t warrants the accuracy of any information contained there in, readers should make their own enquiry’s before relying on information in the stories Terms of Service

Compare Australian Cyber Insurers

Please note that any advice given has been provided without taking into account your objectives, financial situation or needs. It is also based on information we have obtained from you. You must ensure the information is accurate and complete. Otherwise, this advice may be based on inaccurate or incomplete information. You should consider whether the advice is appropriate in light of your objectives, financial situation and needs