Cyber risks: what cover do traditional insurance policies provide (and what do they not)?
The risk of cyber attacks is increasing – In 2015, an average of 35 incidents per day were registered with CERT (the federal Cyber Emergency Team). By contrast, this figure stood at 'just' six per day in 2010. The evolution of this threat can have major repercussions for companies, especially considering their insurance cover is insufficient under the provisions of traditional policies. Below, we set out the extent of the cover you receive under your fire, liability or fraud insurance policy. By contrast, taking out the right cyber policy will enable you to avoid gaps in your insurance and instances where you are covered twice over.
Fire insurance cover in the commercial market actually only covers personal damages. These policies offer either all-risk cover or cover under which only specific causes of damage are insured against. In both cases, overlap with cyber insurance policies is usually limited.
In principle, an all-risk policy covers all material damage. As such, if a cyber incident leads to material damage, the damage may be covered by the fire insurance policy. One example here would be if a criminal uses a computer connection to hack an important production machine, which is blocked as a result. However, insurance companies only rarely consider damage to data to be of a material nature. This is why, in most cases, cyber insurance is critical for insuring against these damages. Damage caused by cyber attacks is rarely included in insurance that covers only specific causes of damage.
Operations, product and professional indemnity insurance policies are based on the ‘error’ principle. Cyber policies, on the other hand, provide cover without an assessment of errors. Operations and product liability insurance policies often offer extremely limited or no cover for financial losses. A cyber policy is primarily geared towards purely financial losses.
Fraud insurance insures against the direct financial effects (personal damage) of fraudulent conduct by employees and well-defined types of fraudulent conduct by third parties (such as extortion, falsification of money or documents and computer fraud). Cyber theft cover under the cyber policy overlaps with fraud insurance. As a result, some cyber insurance providers do not offer cyber theft cover. While others do offer cover of this type, it comes with sub-limits and is optional in the event that the insured party has not taken out a separate fraud insurance policy. Cyber extortion cover as part of the cyber policy is sensible even if the insured party already has fraud insurance.
Cyber policy: the answer to a complex issue
Vanbreda Risk & Benefits works together with specialist Belgian and international insurance providers to draw up cyber policies tailored to your needs. The cyber policies are geared towards protection against the financial consequences of a loss of availability, integrity and/or confidentiality of data – both third-party data (being stored by the insured party) and data which is the property of the insured company itself (and which may or may not be stored or processed by third parties).
More information about cyber policies can be found on our website.