Needs for a Cyber Insurance

Conventional Insurance covers for damages or losses of physical items. A fire policy will compensate for the loss of computer equipments but not the data stored in it. However, to the company, the data stored in the computers are much valuable then the physical machine. Thus, if a company computer system is infected with a ransomware such as “Wannacry”, your cyber insurance policy will respond.

Even if a company take up a business interruption policy, such as a consequence loss insurance. A cyber attack that jeopardised a business system such as DDOS attack that bring down the company e-store, making it inaccessible for days, will not be covered under a consequential loss policy.

Many would agree that the chances for a business to be hacked would be higher than a fire occurring at their premises. While a fire incident may sound damaging, the losses from a cyber attack may actually be even higher. Damages from a fire are tangible losses, while as losses from a cyber attack are intangible, such as financial losses, ransom, replacement cost, regulatory penalty, reputable loss etc.

While the internet allows you now to market your products globally, it also open you to threats globally. You may not be the specified target of attack, but weakness in your security system, such as failure to update the latest security patches in time could get your system infected with malware or virus, thus, bringing your system down.

With regulatory enforcement of privacy data, such as the EU’s General Data Protection Regulation, which took effect on May 25, 2018, requires companies to take technical precautions such as encryption to ensure customer data is protected. It also states that firms must notify authorities about breaches within 72 hours after learning about them. Violations may lead to fines of as much as 4% of a company’s annual sales.

Even in Malaysia, The government is currently reviewing the Personal Data Protection Act (PDPA) 2010 to make PDPA compatible with new regulations on data protection introduced globally, such as in the European Union (EU). There will be severe repercussions on those responsible.

So, every company should take up cyber insurance to cover them against cyber crime such as cyber extortion as well as many associated cost such as IT forensic cost, regulatory fines and third party liability etc

If you think that you don’t need cyber insurance as you have invested heavily in network security, think again, as well established companies such as Facebook, Marriott International Inc, British Airways, Grabcar, Astro, Media Prima, Universiti Teknologi Mara etc have been affected.

If you think that you are a small business that won’t not be targeted, think again, an infection could really put you off business.