“Silent” Cyber: The Risk You Haven’t Heard About
April 27, 2020
Cyberattacks are growing in frequency, intensity, and severity across the globe. Yet, many organizations are continuing to forego cyber insurance in favour of mistakenly relying on the coverage in their existing commercial insurance portfolio.
But unlike standalone cyber insurance, traditional liability and property policies aren’t specifically designed to address cyber risk. In fact, they’re usually non-affirmative, or “silent,” on cyber. And if a policy doesn’t explicitly include or exclude digital perils–if risk isn’t affirmatively covered–there’s no guarantee that it’ll respond to a cyber incident, leaving the door wide open to potentially millions of dollars in damages from silent cyber exposures.
In our current global reality, it is critical for vital services, networks, and institutions to continue to function without disruption. The need for a robust cybersecurity strategy has never been greater.
Why isn’t silent cyber coverage enough to protect your business?
Many small and mid-sized enterprises (SMEs) see extra insurance policies as a costly addition to their balance sheet. Those that perceive the risk of data compromise to be low will opt to cut this cost altogether and depend on their standard commercial policies, which are ambiguous on cyber losses, rather than seeking out a cyber-centric policy.
But, in an increasingly interconnected, digital world, the systemic nature of cyber threat means that cyber exposures can creep into any conventional lines of business where technology is present. Among these exposures are: financial losses from loss of data, physical damage to property resulting from cyberattacks, and business disruption.
And since most traditional commercial policies exclude non-physical losses like theft of confidential data, business interruption caused by non-physical damages, and remedial costs, companies will have to pay the damages out-of-pocket.
Here are some examples of commercial insurance policies that won’t account for cyber exposures:
- Property Insurance: A cyberattack on a factory’s control system causes machinery to spin out of control, resulting in severe damage to the plant. Without explicit cyber coverage, the insurance company may cover the property repairs, but not the theft of confidential corporate contacts or lost profits from months of business interruption.
- Professional Liability Insurance: A legal clerk at a patent law firm accidentally opens a malicious link from a phishing email, giving a hacker access to clients’ intellectual property. Since the clerk made a technology-related error, a Professional Liability policy might pay damages to third-parties whose information was compromised, but it won’t cover the cost of client care or regulatory investigations.
And cyberattacks are costly. In peak times, the destruction caused by even a minor incident can easily cripple a business without adequate protections–attacks now cost companies $200,000 on average.
How can you combat the risk of silent cyber?
As the cyber threat continues to evolve, organizations must evolve how they approach risk. Silent cyber will persist as a worrying and costly exposure for many businesses as long as they undermine the importance of cyber-specific coverage. Organizations must take preventative action now to address these exposures, eliminate the grey areas of coverage ambiguity in their cyber strategy, and safeguard their businesses.
For a detailed list of cybersecurity measures, click here. For maximum protection, consider Data Security and Privacy Breach Insurance coverage.
A dedicated, standalone cyber policy can help you access:
- Funds for legal expenses and third-party damages;
- An IT forensic investigations team to help you determine the size and scope of the breach;
- A breach coach to advise you on regulatory compliance, guide you through the legal process of navigating a breach under attorney-client privilege, and tell you what to report, how, and when;
- Funds to set up credit monitoring and client notification for affected parties; and,
- A team of consultants to help manage any reputational damage.
Need guidance? PROLINK can help you plan and protect while you focus on managing your people, your clients, and business. We will:
- Conduct a robust assessment of your existing insurance and detect any coverage gaps;
- Identify cyber perils, potential attack scenarios, and cyber-related losses based on your unique operations and risks;
- Share what steps others in your industry are taking and advise you accordingly;
- Determine the scope of responsibilities for all incident management team members;
- Offer you a specialized solution, tailor-made for a new era of cyber risk with clearly defined parameters of coverage.
For more information, connect with PROLINK today!
PROLINK’s blog posts are general in nature. They do not take into account your personal objectives or financial situation and are not a substitute for professional advice. The specific terms of your policy will always apply. We bear no responsibility for the accuracy, legality, or timeliness of any external content.