Win more business with cyber insurance

Published by

TBM Team

While it has been commonplace to see contractual requirements around traditional risk exposures such as professional indemnity, public liability and property-related risks, the importance of cyber security in the modern business world has seen many contracts delayed as organisations try to assess where liability for such incidents should sit contractually.

The implementation of the EU GDPR and moves by governments to incentivise organisations to consider and improve their cyber security, such as the Cyber Essentials scheme, has seen cyber risk move to the forefront of many contractual negotiations. Concerns regarding which party should be held responsible for the downtime of a technology service, how to respond to ransomware attacks and the responsibilities in the event of a data breach have seen many firms assume liability for risks that could remove the value of taking certain contracts, or more commonly lose out on contracts altogether.

Many private sector organisations have built upon such requirements in conjunction with the GDPR regulations to require third-party service providers to not only obtain Cyber Essentials, but take steps to transfer the liability that can arise from a cyber event.

Most commonly, third-party providers of technology services such as data-hosting, software, hardware or outsourcing services will see a requirement to fully indemnify the other party in the event of a cyber incident. This has seen many organisations place a mandatory requirement for cyber insurance into contracts, as has been commonplace for professional indemnity and other insurances for decades. Required limits typically range from £1,000,000 to £10,000,000 depending upon the contract value and services to be provided.

The penalties for non-compliance with data protection regulations, for example up to 4% of global revenue for a GDPR breach, has seen provisions for cyber risk transfer requirements dramatically increase across all industries in the past 12 months. Numerous legal surveys demonstrate that such requirements are one of the rapidly cited reasons for contract frustration.

Many organisations mistakenly believe that if IT-related services are outsourced to third party specialists, such as cloud storage providers, then they will not be held liable in the event of a data breach or cyber induced business interruption. Organisations need to carefully review such contracts as it is common for liability to be placed back onto the user of such services, particularly if using the services of large multi-national providers.

Whether an organisation is seeking to provide or deploy third-party technology services, the importance of seeking effective risk transfer solutions is likely to continue to grow exponentially going forward. As a result, having a comprehensive, easy to understand and robust cyber insurance policy has never been of more importance.

Cybercovered.com offers simple solutions to protect organisations with cover tailored to the specific risk exposures facing an organisation.

The full-cycle online policy platform removes the onerous information requirements and need for specialist insurance brokers to access such risk transfer solutions, helping to dramatically reduce the cost of cyber insurance policies. Furthermore, Cyber Covered have a range of specialist providers to enable quick and cost-effective access to Cyber Essentials certification meaning that a business can access a one-stop-shop to meet all of its cyber risk requirements. This enables an organisation to not only meet contractual requirements but also provides an edge over its peers in demonstrating a commitment to cyber security.

Given that 60%* of small businesses declare bankruptcy within six months of a data breach or cyber-attack, a Cyber Covered policy is a simple solution to provide the peace of mind that no matter the nature of the cyber event, your organisation can continue to thrive.

*60% stat reference – Cybercrime Magazine