Babes-Bolyai University, Business Faculty

Babes-Bolyai University, Business Faculty

CYBER INSURANCE
 Cyber insurance

The internet is a dangerous place to depend on when it comes to your business and finances.
We know that every business, especially small and medium-sized companies, should have cyber
liability insurance. Cyber insurance is a sub-category of general insurance that covers businesses
and individuals against internet-based liability and risks.

There are generally two levels of cyber liability coverage: first-party and third-party. First-
party coverage encompasses direct losses to an organization or individual, whereas third-party
coverage extends to claims and legal action taken by customers or partners. A cyber insurance
policy is designed to help an organization mitigate risk exposure by offsetting costs involved with
recovery after a cyber-related security breach or similar event.

There is no standard for underwriting these policies. Cyber insurance typically covers the
following, common reimbursable expenses:

Investigation: is necessary to determine what occurred, how to repair damage and how to
prevent the same type of breach from occurring in the future.

Business losses: A cyber insurance policy may include similar items that are covered by an
errors & omissions policy (errors due to negligence and other reasons), as well as monetary losses
experienced by network downtime, business interruption, data loss recovery and costs involved in
managing a crisis, which may involve repairing reputation damage.

Privacy and notification: This includes required data breach notifications to customers and
other affected parties, which are mandated by law in many jurisdictions, and credit monitoring for
customers whose information was or may have been breached.

Lawsuits and extortion: This includes legal expenses associated with the release of
confidential information and intellectual property, legal settlements and regulatory fines. This may
also include the costs of cyber extortion, such as from ransomware.

The Ponemon Institute surveyed small businesses in the U.S. in 2017 and found that more
than 61 percent had experienced a data breach, an increase from 55 percent in 2016. Another
worrying statistic: Sixty percent of small companies go out of business within six months of a data
breach. The financial impact is one big reason.
 Cyber liability insurance cover can include:

Data breach/privacy crisis management cover: for example, expenses related to the
management of an incident, the investigation, the remediation, data subject notification, call
management, credit checking for data subjects, legal costs, court attendance and regulatory fines.

Multimedia/Media liability cover: third-party damages covered can include specific

defacement of website and intellectual property rights infringement.

Extortion liability cover: typically, losses due to a threat of extortion, professional fees
related to dealing with the extortion.

Network security liability: third-party damages as a result of denial of access, costs related
to data on third-party suppliers and costs related to the theft of data on third-party systems.

Cyber risk trends in 2018 are:

 A race in machine learning

Hackers continue to develop new ways to manipulate machines to gain access to confidential
information. As long as this is occurring, the other side will have to work even harder to be one step
ahead and protect their data.

According to Information Age, machine learning can process massive quantities of data and
perform operations at great scale to detect and correct known vulnerabilities, suspicious behavior,
and zero-day attacks, but adversaries will certainly employ machine learning themselves to support
their attacks, learning from defensive responses, seeking to disrupt detection models, and exploiting
newly discovered vulnerabilities faster than defenders can patch them. To win this arms race,
McAfee suggests that organizations must effectively augment machine judgment and the speed of
orchestrated responses with human strategic intellect.

Once this strategy is perfected, attacks can be perceived before they happen, strengthening their
cyber security.

 Ransomware attacks

As more strategies and mechanisms are put in place to counter attacks, ransomware hackers are
turning to more expansive attacks, including high net worth individuals and personal devices. The
greater threat is moving from just collecting data to business interruption and sabotage. For this
reason, cyber liability insurance is expected to expand to reflect these threats.

 Connected home threats

Manufacturers of connected home devices are expected to gather more personal data from their
customers. In turn, the information gathered will be used to determine who is buying the connected
home devices and why. However, this creates an even greater risk for consumers, many of which
don’t even know their information is being compromised.

This is because, customers rarely read privacy agreements, corporations will be tempted to
frequently change them after the devices and services are deployed to capture more information and
revenue. McAfee believes that there will be regulatory consequences for corporations that make the
calculation to break existing laws, pay fines, and continue such practices, thinking they can do so
profitably.

As a conclusion, we can say that all organizations, including smaller-sized enterprises need
to consider their potential exposures and prepare for an incident. Businesses should know their
assets and how to prepare and protect data. Although there is no such thing as 100% security,
companies and employees at all organizational levels should implement monitoring and early
warning systems to guard against data breaches, for example. Developing a cyber strategy with a
business continuity plan is equally important. Security is not just an IT issue. Every organization is
vulnerable to cyber threats and how swiftly they respond to mitigate a breach is key.
 Bibliography:

1. https://www.cio.com/article/3065655/cyber-attacks-espionage/what-is-cyber-insurance-and-
why-you-need-it.html
2. https://www.csoonline.com/article/3265453/data-protection/cyber-insurance-data-breach-
business-interruption-and-beyond.html
3. https://www.pcmag.com/feature/358453/what-is-cyber-insurance-and-should-you-get-it/4
4. https://www.computerweekly.com/news/2240202703/An-introduction-to-cyber-liability-
insurance-cover
5. http://www.agcs.allianz.com/insights/expert-risk-articles/allianz-risk-barometer-2017-top-
risks-cyber-incidents/
6. https://www.mavon.com/cyber-insurance-market-trends-to-watch-for-in-2018/