In general, cyber insurance would cover 1st party/ 3rd party damages casued by theft, damage, disruption of your electronic data. Cyber insurance cover costs associated with the repair, replacement of both hardware and software devices/ systems, pays for litigation defence cost(s) or regulatory penalties or to some extent the policy covers extortion cost.
The policy will compensate the insured in aspects such as operational risk for financial losses due to business interruption, or may even include public relation cost cover to avert or mitigate any damages to the insured’s brand or operations
Failure of electrical or telecommunication infrastructure
Cyber insurance does not cover losses suffered due to faults arising from electrical grid or internet service provider, etc.
Wear and tear of equipment
It is the duty of the company to maintain and update their equipment as it is considered to be normal business practice
Loss suffered from Phishing
Phishing is classified as a criminal act and can only be covered by a crime policy.
As long as you do business online, or stores sensitive customer data on your server, it is highly likely that you will need a cyber insurance policy to prevent any losses due to malicious attacks by external parties. Cyber policies are also suitable as a risk management tool to safeguard data in events that there are lapses in the current IT system. Regardless of the size of your company, you will need some form of data protection due to the increasing online threats in our global economy, and remification costs to repair and replace damages to equipments or brand/reputation could prove to be very costly, especially if your client were to sue you for a breach of confidentility of information withheld, for contract performace failure.
Due to the rapid advancement of online threats, malwares and virus threats have evolved to “out-smart” some of the conventional methods of safeguarding our assets, and there is no way to eliminate all possible threats through preventive measures. Cyber policies can significantly reduce the financial cost(s) incurred due to damages incurred as a result of online attacks, and you can get yourself protected today by taking up a cyber security policy with us.
Small companies may opt to get an SME cyber package which provides adequate coverage for a small premium (usually less than $1,000). Businesses that handles large and sensitive data for their customers may often require higher limits coverage to protect against contractual or statutory exposures, or their nature of the business (ie accounting firms, software companies) relies greatly on customer data handling to derive their main source of income have to protect their assets against any foreign online threats/attacks on their system.
Cyber policy premium is hard to computate without assessing the insured’s premise and contents, and insurance companies are not prepared to write large limits without understanding the potential risk of cyber attacks on the business itself. For a comprehensive policy coverage, evaluation of the insured’s IT security infrastruture is key to providing an all inclusive protection coverage at a reasonable premium.
IT functions within the company governs how employees handle customer data, whether the business have a governance framework supporting a consistent and structured approach to information security dictates how information is processed and handled. Software protection such as firewall, anti-malware and automated virus scans provides early detection of external intrusions attacks. Should an attack occur, would there be a incident response plan or disaster recovery plan to mitigate loss, and whether data back-ups are available to minimise business interruption.
Another consideration in calculating the premium cost is to understand how data is stored within the premise, and the nature of the business. Storage of sensitive data in a single premise poses concentration risk for the insurer, and in the case of a construction company versus an e-commerce platform, the latter requires a higher limit coverage & cost more to insure as the volume of online transaction of customer data and monies are vulnerable to cyber attacks.
For small businesses, they can purchase a simplified SME cyber policies that can provide adequate cover for as low as $1,000 premium
Cyber insurance is not compulsory by law in Singapore but many businesses and government agencies are already taking up precautionary measures to combat online threats such as malware, political espionage, ransomware etc. On a national level, the government is advocating companies to practise cyber hygiene by organising seminars and trade associations talks with SME companies. Government agencies like The MAS Cyber Security Advisory Panel (CSAP) is formed in 2017 to advise on strategies for MAS and financial institutions in Singapore to sustain cyber resilience and trust in our financial system. The Cyber Security Agency of Singapore (CSA) is the national agency overseeing cybersecurity strategy, operation, education, outreach, and ecosystem development, and the Cybersecurity Bill was passed on 5 Feb 2018 to authorise CSA to prevent and respond to cybersecurity threats and incidents, and establish a framework for sharing cybersecurity information.
At a corporate level, companies can install software protection on their IT hardwares, educate employees to take prudent approach to addressing online threats, and to purchase a cyber security policy to indemnify against losses as a result of cyber intrusion.
Regardless whether it is a large corporate or a small enterprise, as long as you conduct your business online and/or have an online presense, cyber risk is inevitable.
Data Forensics expenses:
In the event of a Breach, it’s critical for us to stop or prevent further loss of Data. This will cover the cost to hire a qualified forensics firm to investigate, examine and analyse the Company’s Network to determine the cause and the impact of the breach.
Breach Consultation Costs
We may not have the experience to handle the breach. This will cover the cover the cost to hire a Professional Crisis Manager to advise/guide us on the next steps to take such as complying with regulatory requirements and assisting with investigation by regulators.
Costs to Restore
In the event of a Breach, data and hardware may have been damaged or lost. This will cover the cost such as hiring temporary/professional employees to research, recreate, recollect the lost Data and reinstate damaged hardware.
Breach Response Cost
This will cover the cost to comply with regulation requirements such as notifiying, set up a dedicated call center, credit monitoring services and Identity theft resolution services for affected parties.
Public Relations Expenses
Hiring a public relations firm to help disseminate information professionally to prevent further damage to the company’s reputation.
You will be compensated for the loss in revenue if your cyber operation has been disabled or not allowed to operate due the to breach, For instance, your IT systems are disabled by a hacker or malicious software for 2 weeks which results in a loss of typical sales of $100,000, you will be compensated as such.
Hacker Theft Loss
This comprises of funds stolen by hacker(s) through unauthorized access.
Network Extortion Coverage
Inevent that the best solution is to pay a ransom to unlock or enable your IT Systems, The cost will be covered
In the event of a breach especially consisting of personal data, it is often that regulators will conduct an investigation. You may incur some costs such as overtime labour and even employing additional staff to facilitate the investigations.
Third Party Liability
In the event of a Breach, client and customers may claim for loss arising from reputation damage, pain and suffering, fraud etc due to the loss of personal data.
Consumer Redress Fund Cover
Settlements set by regulators or reputation management
Regulatory Fines by Authorities
This policy will also cover fines awarded against you. For instance due to a breach, personal data has been leaked and a fine from PDPA has been awarded against you