What is Cyber Risk Insurance (CRI)? 

 

With the way organisations conduct business and reach out to prospective customers today, internet security has become imperative. Technology, social media and online banking contribute to the new culture of moving everything online. These methods make us more susceptible to cyber attacks. The damage that can be caused by malicious hacks is detrimental to the success of your business. Organisations need to include these types of risks into their risk management plans to better control the safety of their information.

CRI policies are designed to help organisations reduce risk exposure by outweighing costs involved with recovery after a cyber attack. CRI covers expenses related to first parties as well as claims by third parties. Although there is no standard for underwriting these policies, the following are common reimbursable expenses:

Investigation
A forensics investigation is necessary to determine what occurred, how to repair damage and how to prevent the same type of breach from occurring in the future.

Business losses
A CRI policy may include similar items that are covered by an errors & omissions policy (errors due to negligence and other reasons), as well as monetary losses experienced by network downtime, business interruption, data loss recovery and costs involved in managing a crisis, which may involve repairing reputation damage.

Privacy and notification
This includes required data breach notifications to customers and other affected parties and credit monitoring for customers whose information was or may have been breached.

 

Keep in mind that CRI is still evolving. Cyber risks change all the time and organisations tend not to report the full impact of breaches in order to avoid negative publicity and damage the trust of customers. An insurance company wants to see that an organisation has assessed its vulnerability to cyber attacks and follows best practices by enabling methods to protect against attacks as much as possible. The true risk of cyber attacks is not completely understood and best to protect your company against any possible threats.