The importance of cyber insurance has always been known but as the awareness grows along with the fact that recent circumstances have dictated a huge shift in how and where we work… it could be more important than ever. There are many risks out there to an individual or companies cybersecurity but how many of us are actually protecting ourselves against those risks? In the event of a security breach, the financial implications could be huge. The subject is discussed in a little more detail with Gaurav Sapra ( Vice President of Speciality Lines with Orient Insurance ) who is someone that certainly knows this subject well.
This is a topic that really interests me personally, having talked with many professionals and experts within the cybersecurity and insurance space, it can be genuinely eye-opening as to what is actually going on out there in the “big bad world’ when it comes to cyberattacks on individuals and businesses. It’s scary stuff. However, what may be even scarier is the fact that so many still leave themselves unprotected, without cybersecurity infrastructure in place and or without cyber insurance protection. In this day and age, hackers are getting better and better which means even the most sophisticated and advanced security systems can eventually be breached, it might be rare but if it does happen… you’d wish you had protection. This is where insurance comes in, it’s that added peace of mind that if the worst was to happen you have cover in place to ensure the damage only goes so far. The risks are high, the costs of recovery even higher, so much so that a cyber attack on a business with no insurance in place could literally wipe the business out…. Scary stuff.
But help is here…
It is clear from talking with Gaurav that he has seen and heard some real issues within this space so is well aware of the importance in finding and offering the correct solutions for individuals and businesses who are looking to protect themselves from the associated cyber risks. A wealth of knowledge, experience and advice was shared during our chat and one that could have continued for much longer than it did. Part two pending.
Lee: “So perhaps the awareness around this subject is growing but to keep it basic to start with, what is cyber insurance?”
Gaurav: “Nowadays everything is on our mobiles and our laptops, so people think they are not prone to cyber attacks, it can’t happen to me but it can and it can happen anytime with it likely that you are not even aware of it happening to you. Cyber insurance will help you not only during the cyber attack but pre and post the cyber attack too.”
Lee: “What are the most commonly seen cyber attacks?”
Gaurav: “Cyber attacks can be a malware attack, they ask for money so it’s extortion, there can be phishing attacks where you receive a hoax email and these are the major attacks that happen most often within this region.”
Lee: “With the number of people now working from home higher than ever due to Covid19 is you seeing the number of requests for cyber insurance increasing or has it not changed?”
Gaurav: “The number of requests has definitely increased, if you compare the last couple of years for example we used to receive one enquiry per month and now we are receiving one enquiry per day. The knowledge and awareness is increasing as people are more exposed to cyber risks, with people working from home, information being stored on the cloud so yes there is a big increase at the moment.
The first step to cyber is security, insurance will act as a backup in case of any unfortunate incident then insurance is there to assist. However, in the first instance we will provide services such as training to staff on how to set the correct passwords, have these changed regularly, which emails they should and shouldn’t open and other ways they can lower the risk so by following such steps they can lower the risk but having the insurance as a backup is also very important as even with the best security intentions and systems in place, breaches can still occur.”
Lee: “What are the potential losses to a business of a cyber attack?”
Gaurav: “Normally there can be a loss of data, so we pay for that loss, there can be business interruption because systems are hacked so you do not function for one week as an example. We recently had a claim in which one entity who provides data to banks was hacked and therefore they were not able to provide that data on which banks rely upon, so there was a business interruption loss plus a data restoration cost which we paid for plus we appoint incident response managers and forensic experts who work on the case relating to the cyber attacks so these are the major three costs which occur. If you go to the third party aspect of it, for example there is a hospital and someone has health data with the hospital which is leaked then that person can sue because of the beach against their data.”
Lee: “As cybersecurity improves as does the cyber insurance options, is it true that the actual cyber attackers are also improving?”
Gaurav: “Yes this is true, you can pay hackers to send malware to a website or particular client. These people are professionals who are always trying to find new ways to attack from a cyber perspective. This is why it is important to have the protection in place, it will save you from three kinds of impact, financial, reputational and legal.”
Lee: “It seems an important step for any business or SMEs in particular is to just get an initial review of your cybersecurity/risks, is that possible?”
Gaurav: “Yes, it is best to get a review carried out so understand the risks and what can be done. Honestly for SMEs, it will not cost that much to have the cover so it is much better to have this in place than not.”
As with most types of insurance, this subject is vast and no doubt requires another episode but clearly, it is a subject that should not be taken lightly by individuals or businesses and the value of having protection in place can be immense should you happen to face any issues in the future. The risks of an attack and the cost implications to your business following that are high, so high that it could in fact see some businesses close should they have to deal with the financial consequences of any claim.
There are certain things that we can all do, regularly changing passwords, keeping an eye out for any suspicious emails, ensuring cybersecurity measures are in place but it does seem that no matter what you have in place, sometimes even the most sophisticated systems can be breached. Why? The cyber attackers don’t give up, it’s a challenge (a rewarding one for them), they are evolving, they are getting better and unfortunately, that is only likely to continue. As your last line of defence, a solid cyber insurance policy could just be the one piece of security that an attacker is not able to breach and is therefore invaluable to you and your business.