Corporates world-wide know that, at the moment, the authorities and companies are losing the fight against cyber-crime, e.g. the annual assessment by the NCA Strategic Cyber Industry Group in the UK, Cyber Crime Assessment 2016 gave a chilling picture. Nevertheless, corporates can do some thing about it, the report listed four key resources on best practice on how to minimise cyber crime:

• 10 Steps to Cyber Security
• Cyber Essentials Scheme
• Cyber Security Skills, a guide for business
• Get Safe Online

The NCA believe that joint initiatives are also needed, see.

However, there is much evidence that corporates also need try and protect themselves with some form of insurance cover, but it is difficult getting cost-effective cover.

Cyber crime insurance cover

In June 2015, Aneesh Chopra, the former US government chief technology officer under President Obama, speaking at the Corporate Treasurers Forum in the USA said that, “Standards and clarity in pricing are needed in the cyber insurance market.” Indeed, he branded it a “market failure”, saying it represents a “bottomless pit of spending” for corporates. He believes that this increases pressure on governments and companies to protect business and consumers from cyber crime, and that this is likely to result in more-stringent regulation and standards for cyber-security. 

In other words, Chopra believed that cyber insurance is not worth it, companies have to protect themselves.

Nevertheless, insurers keep trying to cover this risk. A recent example is the new DUAL Cyber Insurance Policy from Eastwood & Partners which covers:

1. Business interruption loss arising from unauthorised access, system outage, network interruption or damage to your data
2. Broad suite of remediation costs associated with data loss, network security breach, unauthorised access or system outage
3. Financial losses including those arising from the remittance of funds from your own bank account, following a misrepresentation/ impersonation by a third party (with an inner limit), or hacking of your telephone system
4. Damages, fines and penalties (where insurable at law) awarded against the client as a result of a data or network security breach, or a media liability event (eg infringement of copyright).

Not surprisingly, given the complexity of cyber insurance E&P state that no-one size fits all, “We will bring added value to your business by working with you to develop it in the way that fits most appropriately for you.”

---

CTMfile take: Cyber crime is a risky business for all concerned - companies and insurers alike.