Cyber Security is a very real threat to businesses in New Zealand these days. Here we look at Cyber Insurance, what it is, what the laws are, and why you need it.
Why do you need Cyber Insurance?
Cyber attacks on businesses in Northland are increasing in both sophistication and frequency.
High profile companies like Air New Zealand partner Travelex, Fisher & Paykel Appliances, Toll Group, Garmin, Canon, Honda, BlueScope Steel, Lion, transport giant Toll Group, Twitter, MetService and most recently even the NZX, are just some of the organisations to have been targeted by cyber criminals.
However it is not just the big companies, many small businesses here in Northland are also being targeted.
It really is a matter of ‘when not if’.
What is Cyber insurance?
Cyber insurance is designed to fill the gap that traditional insurance policies don’t cover, minimising the impact of cyber incidents by providing cover for your own loss and third party costs. It provides your business with a structured crisis response plan and assists with returning to ‘business as usual’.
Won’t my general liability policy cover cyber liability?
General liability insurance covers bodily injuries and property damage resulting from your products, services or operations. Cyber insurance is often excluded from a general liability policy.
It pays to check your current policies and ask questions. You may find that your other business cover won’t respond to a cyber or data breach claim.
The law has changed:
The new Privacy Act 2020 which came into effect on 1 December 2020 means that all businesses now have legal requirements surrounding
The new Act requires mandatory data breach reporting if it’s reasonable to believe that the breach would cause serious harm to an individual. For example: If you’re engaging with a service provider to hold your clients’ personal data, for example a cloud-based CRM system, you remain responsible for the security and use of that personal information. If a Cyber breach were to occur, you would be held liable.
What does Cyber Insurance cover?
Ensuring business continuity and safeguarding your business from Business Interruption will enable you to return to the same financial position you were in before a Cyber event.
- The benefits of Cyber Insurance will depend on the type of policy you take out but can include:
- Access to a dedicated and experienced team of experts if an attack occurs
- Protection from loss where you are legally liable to others
- Cover for your financial loss if your business is interrupted due to a Cyber event.
Things to look out for in your Cyber Insurance policy:
- Business Interruption: Look for a policy that covers the costs of any business interruption as you can lose time and money trying to get your business back up and running after a cyber attack.
- Hacker Theft Cover: A plan that covers compensation for loss incurred, including theft or destruction of stored data, hardware, or cyber extortion from employees.
- Restoration costs: Compensation for expenses incurred to research, replace, restore, or recollect digital assets during the period of restoration.
- Public Relations: Reimbursement for any costs involved with public relations.
- Network Extortion: Indemnity for the amount paid to avoid, defend, preclude or resolve a network extortion attempt
- Data Forensic Expenses: Costs incurred to investigate, examine and analyse a computer network
- Third-Party Liability: Indemnity for the sums claimed and incurred defending claims in relation to alleged privacy breaches, network security wrongful acts or media and social media wrongful acts.
What is the likely cost of Cyber Insurance?
Like most insurance, premiums vary by insurer, the type of cover selected and your risk profile. As an estimate a policy with $100,000 cover could cost as little as $600 per annum.
All businesses need a security plan to protect their business and they should consider a Cyber Insurance policy as an essential part of this plan.
What else can you do in the war against Cybercrime?
There are basic things that you can do to ensure good Cyber security. In this recent blog we share some top tips for your company.
Top tips to avoid cyber security threats:
CERT NZ has a number of useful and practical resources for businesses on keeping systems and data safe from cyber security attacks, including cyber security risk assessments for business, cyber security awareness for staff, phishing scams and your business and protecting your business online.
CERT NZ offers the following tips for simple, practical steps for businesses:
1. Install software updates
2. Implement two-factor authentication (2FA)
3. Back up your data
4. Set up logs
5. Create a plan for when things go wrong
6. Update your default credentials
7. Choose the right cloud services for your business
8. Only collect the data you really need
9. Secure your devices
10. Secure your network
11. Manually check financial details
So in Summary….
Cyber Security is a very real issue facing business owners these days. If you would like to discuss your individual needs, we provide security assessments to ensure that your business has the best protection.
Please feel free to reach out to us at support@ultrait.nz