What is Cyber Insurance?
Cyber insurance is designed to protect your business against a wide range of internet-based risks, and risks relating to information technology infrastructure and activities. Although it was largely unheard of 20 years ago, cyber crime has also become more prevalent as we’ve evolved into a digital society.
To demonstrate how easily a cyber attack can occur, here is a claim story from an Aon client who fell victim to a cyber attack...
Why do I need Cyber Insurance?
You’ve worked hard to get your business to where it is today, but one successful cyber-attack could be all it takes to cause significant damage to your organisation and reputation. Cyber threats are becoming more sophisticated with advances in hacking, malware and social engineering techniques. A security breach could corrupt your business’s critical data, causing financial loss, reputational damage and liability to third parties. Cyber-attacks can be very expensive with the current average cost of an attack on a small to medium sized business estimated at $1.9m.
Now let’s be clear - a cyber incident does not need to involve complex hacking – it can be as simple as having your phone stolen, attaching the wrong file to an email, or clicking on a malicious link in an email.
Do we cover your Industry?
We offer tailored products for a wide variety of Industries and professions.
Cyber Liability Insurance. Easy.
Easy to Understand
- Easy to digest information about insurances your business needs
- Experienced, friendly brokers on 1300 836 028
Easy to Buy
- Quick quotes online
- Purchase in just a few clicks
- Pay monthly options available
Easy to Manage
- Manage your renewals easily
- Adjust your policy anytime
- Request certificates of insurance quickly and easily
- Assistance in complex claims
Why choose Aon for Cyber Insurance?
Aon is committed to making life easier for small and medium business owners with insurance that’s easy to understand, buy and manage. If you’re a small business owner, your job is anything but small, so when it comes to protecting your business with the right cover, it helps to have an expert on your side.
You can compare covers and take out a policy online in just a few clicks. But if you need help, our team of friendly experienced brokers are a phone call away; helping give confidence you’re making a better decision for you and your business.
- Privacy breaches;
- Virus & malware transmission;
- Unauthorised access to your or a third party’s computer system;
- Identity theft;
- and, Media liability.1
- funds transfer fraud;
- cyber extortion;
- identity theft against your organisation; and,
- telephone hacking.
Whilst a company can put in place various controls to protect their business, a significant number of cyber incidents are caused by human error. Mistakes such as clicking on a link or opening a malicious email can be enough to allow cyber criminals unlimited access to your data and infrastructure. Furthermore, small businesses see a higher rate of malicious emails than larger companies. A growing risk for SMEs is funds transfer fraud, i.e. a fraudulent request for an employee to send funds to a scammer's bank account. Depending on the Cyber Insurance policy taken out,such losses may be covered.
Whilst many small businesses believe they won’t be targeted, there has been a 434% increase in new breaches to SME businesses since 2017 and companies can be ‘collateral damage’ in larger attacks such as NotPetya or WannaCry.
Cyber incidents covered under cyber insurances are not all outsider attackers, since many policies also cover privacy or security breaches from left laptops or mobile devices, programming errors or threats from rogue employees.
There may be some coverage for cyber-related losses in other insurance policies, but many cyber losses will only be covered under a dedicated cyber policy. Many insurers are also starting to apply cyber exclusions to non-cyber policies.
As an NFP, your relationship with the community is based on trust. If you’re storing personal or confidential information, have a payment system to accept donations or offer online ticketing, you could be vulnerable to cyber-attacks and privacy breaches, while your donors could be victims of identity theft. If your donors don’t feel they can trust you with their personal information, they’re unlikely to trust you with their money.
Subject to the full policy terms, conditions and exclusions, a cyber policy can help by:
- Providing services to respond to a cyber-attack, privacy breach or identity theft.
- For privacy breaches, paying notification costs, credit monitoring services and covering your liability to third parties, including fines imposed by regulators;
- Paying costs to restore data lost as a result of a cyber-attack; and,
- If your computer systems or a service provider’s computer systems are interrupted, covering your loss of profits and extra expense, and subsequent reputational losses.1
What about Business Interruption?
Business Interruption cover is a feature of Cyber Insurance, and helps provide cover in response to a cyber event or a ‘system failure’. The term ‘system failure’ means any sudden, unexpected and continuous downtime of your computer systems which renders them incapable of supporting their normal business function and is caused by an application bug, an internal network failure or hardware.
You may also be covered for Business Interruption if a supply chain partner of yours experiences a cyber event or system failure.1
What is funds transfer fraud?
Funds transfer fraud can take the following forms:
- An unauthorised electronic transfer of funds from your bank;
- The theft of money from your bank by electronic means;
- The theft of money from your corporate credit cards by electronic means; and,
- Any phishing or social engineering attack against any employee or officer that results in the transfer of your funds to an unintended third party.
What is push payment fraud?
‘Push payment fraud’ occurs when a third party issues fraudulent electronic communications or uses a website to impersonate you or your products. Under the Cyber Insurance policy arranged by Aon, cover for push payment fraud (up to a specified amount) can be selected as an optional extra . Should you choose this option, you will have cover for the following:
- the cost of reimbursing your customers for their financial loss as a result of the fraudulent communications, including fraudulent invoices manipulated to impersonate you; and,
- following your discovery of the fraudulent communications, your loss of profits from the fraudulent communications.1
There are exclusions in Cyber Insurance policies which are important to understand. For example, Cyber Insurance will not cover any criminal activities or deliberate acts of wrongdoing by you. As another example, Cyber policies typically exclude claims arising out of bodily injury or property damage.
Some events may not be covered under Cyber Insurance if they are instead covered under other insurance policies. For example, if a client suffers a financial loss as a result of a service or advice provided by you, they may take legal action against you. Typically, this kind of claim would not be covered under Cyber Insurance but may instead be covered under Professional Indemnity Insurance.
To put it simply, an event not related to any internet/cyber activities would usually not be covered under a Cyber Insurance policy.
Cyber Insurance can also take many forms depending on your industry and/or broker. For example, some providers offer a ‘Cyber Liability Insurance’ policy which only covers your liability to third parties as a result of a cyber incident but does not cover losses suffered by your business.
2Cover for loss of profits and extra expense is limited to the period that computer systems are interrupted. Cover for subsequent reputational losses are also limited to a fixed period.