ENTERPRISE TECHNOLOGY
Third-party claims cover lawsuits brought by third parties where confidential personally identifiable information has been leaked or where viruses have been transferred , contractual liabilities , multimedia liability , and legal defense costs .
Due to the nature of the insurance business , the crippling effect of a denial of service attack , ransomware , and personal data breaches as the primary cyber risks facing the insurance industry in this region .
Cyber Insurance helps organisations transfer its risk exposure by offsetting costs and business losses related with a potential security breach .
Clients need to understand the benefits and caveats of a cyber insurance policy . By failing to comply with the terms , conditions and exclusions of such a policy , the insurer may deny claims . To ensure compliance , it is important to provide accurate information during the underwriting process so that the insurance policy covers all .
If there is a data breach of any kind , it is important that a client understands the methods to guarantee a claim is covered . The client-first approach of ACE ensures brokers are fully equipped to advise a client through their cyber insurance policy in order to maximise their coverage .
One important point to bear in mind is that a cyber-insurance does not protect data and does not replace the security controls all companies should have in place .
A growing body of regional legislation in the Middle East demands mandatory compliance from insurance companies given the sensitivity of the data they
Antonio Dionisio , Group CIO , ACE .
Cyber Insurance helps organisations transfer risk exposure by offsetting business losses related with a potential security breach .
process . For example , SAMA – a Saudi Arabian regulator – published a comprehensive Information Security framework last year and others will follow in the same steps .
Cyber Insurance is actually considered an actuarial conundrum by the actuarial community . There is no relevant historical data and the risks are evolving on a daily basis .
Pricing differs from insurer to insurer and typically is based on a combination of factors :
• Revenue
• Countries of operation
• Existing cybersecurity framework
• Third-party risk assessment
• Compliance with security practices
• Surface of exposure
• Nature and volume of information
• How is information stored
• Different coverage subscribed
• Previous losses or incidents
Landscape A widely accepted notion is that there are only two types of companies : those that have been hacked and those that have been hacked but do not know it as yet . There will never be 100 % security regardless of the investments made and so even some of the most advanced companies get hacked . The cyber security landscape is always evolving with new threats appearing almost daily and the sophistication of the attacks is increasing .
The recent evolution of increasingly stringent data privacy regulations such as the General Data Protection Regulation , is a good example of the growing importance of the need to invest in cyber insurance . While GDPR is a European regulation , its application is global and would still affect businesses operating in the GCC . The financial penalties for breaching GDPR are severe .
The immediate indirect costs are caused by damage to reputation and brand value , which in turn hinder customer trust and investor commitment . The mid to long term effects include a loss of intellectual property , disclosure of sensitive data , and loss of customer confidence which may result in loss of market share . These losses are usually difficult to quantify but can indeed be significant .
Cybercrime has evolved into a thriving industry of its own ; it no longer requires elite technical skills or hefty investments . The most common attacks have become commodities easily found in the dark web .
Back in 2015 , one of the largest health insurance companies in the US , faced a data breach of almost 80 million customers . Anthem had to pay approximately US $ 375 million to remediate and improve its security and settle lawsuits .
Awareness plays the most important role in the cyber-security strategy of any organisation and business leaders need to understand that cyber-security is a business issue and not an IT issue . It is a process that needs to be acknowledged and driven by company leadership boards . A strong cyber security program must begin by first educating people before proceeding with investment in technical measures and cyber insurance . The spending range for cybersecurity is approximately 10 – 15 % of the overall IT budget , regardless of the company size .
Given the technology-driven world we live in today , people and businesses are reliant on technology more than ever and even small disruptions can have a significant impact . •
23