When is a Cyber Insurance Policy not a Cyber Insurance Policy?

With cyber-crime and ransomware attacks becoming more and more prevalent, you might think as a business owner it would be prudent to take out specific cyber cover with an insurance provider.  We would agree that this would be a wise move for any businesses that requires technology to undertake its day-to-day business, but you should be aware that, as with all things in life, cyber insurance policies are not all equal and you should therefore review the exclusion clauses carefully before opting for a specific provider and policy.

Whilst a good cyber policy will cover associated business interruption, forensic and data liability costs up to an acceptable value for your business, it should be noted that the majority will cap the costs associated with a cyber event caused by social engineering.  This is because social engineering, which is loosely defined as “the art of exploiting human psychology, rather than hacking via technological methods, in an effort to trick, deceive or manipulate unsuspecting individuals into transferring money or key confidential information, usually for financial gain” is usually covered under a crime policy rather than a cyber policy.  We have seen cyber policies that cover a business for up to £2,000,000 under business interruption costs, only cover up to £5,000 for social engineering incidents. You are also far more likely to be the victim of a social engineering scam, so whether you opt for appropriate insurance cover or not, having strict procedures and user training in place to help prevent these types of events from happening is essential because the financial impact and reputational damage to your business can be significant.

If you find yourself grappling between your cyber and crime policies, trying to understand if you have coverage under either or both and how they might interact in the event of a loss, you are not alone.  We would recommend you discuss this in detail with your insurance broker and seek clarity on what policies they offer, and exactly what is covered in each.  If you need any help understanding the IT ‘jargon’ in a policy, then contact us, having gone through the process ourselves we have first-hand knowledge of what your business should be looking to cover.  Alternatively, if you would like to discuss your strategic IT challenges and how we can help you solve them then Contact us or book a 30-minute slot