In general, cyber insurance would cover 1st party/ 3rd party damages casued by theft, damage, disruption of your electronic data. Cyber insurance cover costs associated with the repair, replacement of both hardware and software devices/ systems, pays for litigation defence cost(s) or regulatory penalties or to some extent the policy covers extortion cost.
The policy will compensate the insured in aspects such as operational risk for financial losses due to business interruption, or may even include public relation cost cover to avert or mitigate any damages to the insured’s brand or operations
Common exclusions will include wear and tear of equipment, losses incurred as a result of neglience on the part of the insured, trading losses or liabilities. Breach of regulatory requirements that results in penalites or fines are also excluded from policy cover
As long as you do business online, or stores sensitive customer data on your server, it is highly likely that you will need a cyber insurance policy to prevent any losses due to malicious attacks by external parties. Cyber policies are also suitable as a risk management tool to safeguard data in events that there are lapses in the current IT system. Regardless of the size of your company, you will need some form of data protection due to the increasing online threats in our global economy, and remification costs to repair and replace damages to equipments or brand/reputation could prove to be very costly, especially if your client were to sue you for a breach of confidentility of information withheld, for contract performace failure.
Due to the rapid advancement of online threats, malwares and virus threats have evolved to “out-smart” some of the conventional methods of safeguarding our assets, and there is no way to eliminate all possible threats through preventive measures. Cyber policies can significantly reduce the financial cost(s) incurred due to damages incurred as a result of online attacks, and you can get yourself protected today by taking up a cyber security policy with us.
Small companies may opt to get an SME cyber package which provides adequate coverage for a small premium (usually less than $1,000). Businesses that handles large and sensitive data for their customers may often require higher limits coverage to protect against contractual or statutory exposures, or their nature of the business (ie accounting firms, software companies) relies greatly on customer data handling to derive their main source of income have to protect their assets against any foreign online threats/attacks on their system.
Cyber policy premium is hard to computate without assessing the insured’s premise and contents, and insurance companies are not prepared to write large limits without understanding the potential risk of cyber attacks on the business itself. For a comprehensive policy coverage, evaluation of the insured’s IT security infrastruture is key to providing an all inclusive protection coverage at a reasonable premium.
IT functions within the company governs how employees handle customer data, whether the business have a governance framework supporting a consistent and structured approach to information security dictates how information is processed and handled. Software protection such as firewall, anti-malware and automated virus scans provides early detection of external intrusions attacks. Should an attack occur, would there be a incident response plan or disaster recovery plan to mitigate loss, and whether data back-ups are available to minimise business interruption.
Another consideration in calculating the premium cost is to understand how data is stored within the premise, and the nature of the business. Storage of sensitive data in a single premise poses concentration risk for the insurer, and in the case of a construction company versus an e-commerce platform, the latter requires a higher limit coverage & cost more to insure as the volume of online transaction of customer data and monies are vulnerable to cyber attacks.
For small businesses, they can purchase a simplified SME cyber policies that can provide adequate cover for as low as $1,000 premium
Cyber insurance is not compulsory by law in Singapore but many businesses and government agencies are already taking up precautionary measures to combat online threats such as malware, political espionage, ransomware etc. On a national level, the government is advocating companies to practise cyber hygiene by organising seminars and trade associations talks with SME companies. Government agencies like The MAS Cyber Security Advisory Panel (CSAP) is formed in 2017 to advise on strategies for MAS and financial institutions in Singapore to sustain cyber resilience and trust in our financial system. The Cyber Security Agency of Singapore (CSA) is the national agency overseeing cybersecurity strategy, operation, education, outreach, and ecosystem development, and the Cybersecurity Bill was passed on 5 Feb 2018 to authorise CSA to prevent and respond to cybersecurity threats and incidents, and establish a framework for sharing cybersecurity information.
At a corporate level, companies can install software protection on their IT hardwares, educate employees to take prudent approach to addressing online threats, and to purchase a cyber security policy to indemnify against losses as a result of cyber intrusion.
Regardless whether it is a large corporate or a small enterprise, as long as you conduct your business online and/or have an online presense, cyber risk is inevitable.