Why different cyber exposures need different insurance

05 August 2015

Companies should treat data breaches and cyber-related business interruption as separate exposures when buying insurance.

The distinction between data breaches and business interruption is useful when considering insurance. “As an industry we need to start dealing with them as separate issues,” says Paul Bantick, UK Technology, Media and Business Services Leader at insurer Beazley.

Data breaches are increasingly covered through stand-alone policies. These often insure not just any direct liabilities, but a range of costs associated with a breach response: notification of customers, credit monitoring for those affected (to prevent losses to them from criminal use of their data) PR support and crisis management. 

“That will be where 80 per cent of the claims spend is, so evaluating that part of the cover is crucial,” warns Bantick.

Check your paperwork

For other areas, such as business interruption (BI), as well as theft or extortion, businesses may need to examine the cover they already have in their existing BI, property and general liability policies. 

While many will exclude cyber risks, it might be possible to negotiate with insurers to write them back in, rather than take out a separate policy.

Because of this, and due to the distinctive exposures of each business, it is better to use a broker for a solution that covers the business’s precise needs across the range of cyber risks, says Sarah Stephens, Head of Cyber and Technology and Media E&O at JLT Specialty. “An insurer’s off-the-shelf solution won’t always be suitable.”

Download whiteboard article

For further information please contact Sally Swan, Head of Nottingham Risk Practice on +44 (0)115 898 0400