Posted by Mei-Ling Huang, Partner
Does your cyber insurance actually provide the protection you need?
Insurance governance expert, Mactavish, has reported that market standard or ‘off the shelf’ cyber insurance policies do not always provide adequate cover for the cyber risks faced by most organisations.
Mactavish surveyed around 700 UK Senior Managers in October 2018. The report can be requested here: https://mactavishgroup.com/services/research/cyber-risk-insurance-report/
Key results from that survey were:
- 43% of respondents reported that their company had suffered at least one cyber attack in the prior 2 years;
- Only 26% felt that their company’s strategy for preventing and dealing with cyber attacks was at least “good”;
- Just 1 in 5 thought their company was very well prepared for cyber attacks generally;
- Only 40% believed that the organisations they work for have adequate insurance cover against cyber attacks; and
Fewer than 1 in 3 believe their company currently buys cyber-specific insurance.
What’s the problem with the off the shelf products?
Mactavish’s research highlighted at least 8 flaws in these types of insurance policies, including:
- Cover being limited to events caused by attacks or unauthorised activity (rather than by accidental errors or omissions);
- Limited pay outs for data breach events;
- Failure to respond where contractors are the ones who cause the issues but where the organisation is responsible legally; and
- Policies only covering appointed advisors so organisations won’t be able to choose their IT, PR or legal advisors.
It may be that insurance providers have rushed these policies through in order to get them to market whilst cyber security is at the front of everyone’s minds, or it may be that they simply do not yet know how to adequately cover the complexities of the cyber market.
Either way, it is likely that you will need to negotiate more bespoke policies in order to give you the comfort you need that the risks you face are adequately covered.
Have the policies been tested?
Although we see news of cyber attacks almost daily at the moment, not many claims have actually been made on these types of policies and so they remain largely untested. However, it is predicted that if and when claims are made, many will be disputed and / or any pay outs will be much lower than clients would expect.
What should you do?
The Department for Digital, Culture, Media & Sport’s Cyber Security Breaches Survey 2018 reports that 56% of businesses and 46% of all charities surveyed say they have taken some form of action to identify cyber risks to their organisation, which means that a significant proportion still have not.
Our advice will always be – be prepared! The first thing to do is check that you actually have cyber insurance as an alarming amount of companies still do not think they need it. Cyber security is something that needs to be taken seriously.
If you do have cover, we can review the wording of your policy in order to assess whether it covers everything you need it to.
If you have concerns that you are not adequately protected, speak to your insurance provider or an insurance broker who may be able to point you in the direction of a provider who can offer you a policy tailored to your needs.
If you have any enquiries please contact Lucy Nash on:
01865 268 685 Email us
Minimise the impact with our dispute resolution solicitors