Cyber Insurance is designed to help an organisation or individual mitigate the risk of a cyber-related security breach by offsetting the costs involved with recovery.

The Australian government released a report in 2015 that stated that the average cost for a cyber-attack was $276,323. The report also found that 33% of businesses in Australia experienced cyber-crime in 2014, and that 53% of the total cost is spent on detection and recovery. 

Following a sequence of major international events featuring huge data breaches, cyber insurance has really caught on in 2018, with the total value of its premiums forecasted to reach $7.5 billion by 2020.

Is it just for Businesses?
Originally, cyber insurance was tailored to the corporate world, providing cover against the kinds of attacks faced by retailers such as David Jones, Kmart, Amazon and many others. However, Insurance companies such as AIG in Australia, Hiscox in the UK and the US, and Hartford Steam Boiler in Munich have been rolling out policies aimed at individuals.
“All major homeowner insurers are anxious to provide some sort of cyber offering,” said Tim Zeilman, a cyber insurance specialist at Hartford Steam Boiler. “People seem to think that it is going to be a standard part of homeowner’s cover in the next 5 to 10 years.”

How much does it usually Cost?
While AIG and Hiscox have tailored their personal cyber insurance towards wealthy individuals, another insurer Hartford Steam Boiler believes that its cyber policy, which costs as little as $30 per year, could have an appeal beyond the very rich.
For businesses, the cost of the cover depends on specific needs and risks, and the size or budget of the company. Data Breach Insurance explains that companies must weight what it would cost them in the event they do not purchase a policy.

What does it Protect You Against?  
AIG and its peers have developed products that cover anything that could go wrong with a customer’s own IT systems. AIG’s cover ranges from data restoration after an attack to advice is the customer is a victim of cyber extortion or cyber bullying. It will also cover reputation management that will pay out on the cost of hiring a crisis consultant if compromising photos or texts are leaked from a hacked device.

Hiscox’s personal cyber insurance covers similar risks. “It is a service driven propositions,” says Stephen Ridley, a senior underwriter specialising in cyber and data at Hiscox. As well as providing insurance, the company helps customers improve their personal cyber security. “We work with Dynarisk, an online risk management tool, which can provide an individual with a score and tips on how to improve it.”

What Doesn’t It Protect You Against?    
However, AIG’s cyber-attack coverage comes with a fairly broad programming exclusion: “We do not cover any loss resulting from an error in computer programming or error in instructions to a computer,” which could lead to the rejection of almost any data attack.

The cover also states: “You have the duty to maintain security systems for the use of passwords, firewalls, and anti-virus software and the proper disposal of used hard drives or other storage media including CDs, DVD’s, modems, or other mobile drives or devices. Take action to avoid future loss, including securing any computer systems or data.”

With these broad exclusions in place, it should be recommended that insurers outline the exact steps customers must take to ensure that they are covered in the case of a security breach.  

Source: Cyber Security Intelligence