Article June 14, 2021

Cyber is more than data breach insurance

CFC’s leading cyber insurance offers more than just coverage for third party data loss. Exceptional incident response and risk management technology is combined for a policy that covers all major cyber security threats.

What is cyber breach insurance?

Cyber breach insurance coverage offers protection beyond traditional data breach insurance. While data breach insurance implies simply third party coverage, our cyber breach insurance is designed to protect both businesses themselves as well as affected third parties in the event of a breach of sensitive data, stolen funds, business interruption, and more.

Just five years ago, data breaches were the primary cause for cyber-related claims, with claims arising when third parties sued a business for data loss or exposure. Now, data breaches makes up just a small percentage of cyber-related claims.

Threats to data and information security are evolving, and businesses require protection that keeps pace. CFC’s cyber breach insurance provides first and third party coverage against all of the major cyber threats facing organizations today including social engineering attacks, ransomware and malware.

What are the biggest security breach threats that companies face?

One of the largest security threats currently facing businesses are ransomware attacks. Criminals gain access to databases and encrypt information, demanding payment in exchange for returning the compromised data. These attacks leave businesses financially vulnerable as well as exposed to potential data breaches and information loss. 

More general malware attacks operate in a similar fashion. Criminals install malicious code or viruses to gain access to company networks to steal sensitive data. Malware is a large threat for SMEs, and has the potential to render smaller businesses inoperable.

CFC’s cyber breach insurance provides first and third party coverage against the biggest cyber threats facing organizations today including social engineering attacks, ransomware and malware.

Inside threats to data security are a third, and equally important security threat businesses should prepare for. Inside threats can manifest themselves from phishing or other social engineering attacks, poor password management, and lack of security training and awareness. Employees can often represent the final line of defense in social engineering attacks which presents a high risk to businesses if employees are not adequately trained in data security. 

How can cyber breach insurance help businesses?

CFC’s cyber breach insurance protects businesses against the impacts of a cyber event and includes both data compromise coverage as well as coverage for first party risks such as ransomware and cyber crime.

Cyber breach insurance policies protect against both new and existing threats to businesses. Types of cyber crime and data breaches covered by cyber breach insurance policies can include financial support for restoring systems and data, lost income through reputational harm, and the return of funds lost in wire transfer fraud.

But more than coverage alone, CFC’s cyber insurance policyholders also benefit from a range of proactive cyber security  tools and proactive threat alerts through our award-winning mobile app and the largest cyber incident response team in the world. Together this helps prevent claims from happening in the first place and lessens their impact if the worst should happen. 

Types of cyber breach insurance claims

Unlike simple data breach insurance which might just cover the third party costs associated with losing sensitive data, CFC’s cyber breach insurance offers comprehensive cover for both first and third party claims in the event of a cyber event. Claims will vary depending on the scale and extent of the breach as well as the type of data liability insurance coverage that is held.

Common cyber and data breach claims can include:

  • Ransomware and other malware attacks
  • Theft of funds through wire transfer fraud and other phishing scams
  • Denial of service attacks
  • Business interruption caused by system downtime or malicious cyber events
  • Damage to business devices or software as a result of a cyber attack
  • Data breaches as a result of employee theft
  • Data breaches occurring as a result of the loss of business devices and hardware

What’s included as part of cyber breach insurance coverage?

Cyber breach insurance encompasses a range of first party sections, such as business interruption and incident response, and third party sections, such as cyber liability and data breach insurance. These sections work together to create a unified whole, designed to cover the whole range of cyber events. 

Incident response is at the heart of any good cyber breach policy. This section of cover will generally pick up all of the costs involved in responding to a cyber incident in real time, including IT security and forensic specialist support, gaining legal advice in relation to breaches of data security, and the costs associated with having to notify any individuals that have had their data stolen. 

Helping to keep your business up and running, the crucial system damage and business interruption section covers the costs for an insured’s data and applications to be repaired, restored, or recreated in the event that their computer systems are damaged as a result of a cyber event.

Within the context of a cyber insurance policy, cyber crime usually refers to attacks that involve theft of funds from the victim as opposed to theft of data or other digital assets. This usually happens either through extortion or ransomware, electronic compromise, or social engineering.

A media liability section covers any third party claims arising out of defamation or infringement of intellectual property rights. 

And finally, the data breach insurance coverage section covers third party claims arising out of a cyber event, be it transmission of harmful malware to a third party’s systems or failing to prevent an individual’s data from being breached.

What industries can be covered? 

Our cyber insurance policies, including compromised data coverage, provide solutions to businesses across a variety of industries. Each industry presents its own unique exposures and cybersecurity threats, our industry experts tailor our cyber breach insurance policies to match the security requirements of each industry, including:

Data breach insurance FAQs

  1. What is the difference between cyber insurance and data breach insurance?

    Whereas data breach insurance usually refers to a narrower focus specifically the third party liability arising out of a privacy breach, cyber insurance covers this as well as the range of first party exposures. 

    At CFC, we combine our cyber and privacy coverage into three distinct products including Private Enterprise, Large Corporate, and Cyber Excess.

    For more information on the details of our cyber insurance policies, speak to a member of our cyber underwriting team today.

  2. What is considered a data breach?

    Data breaches occur when security measures are bypassed or compromised, leading to the loss, unauthorized disclosure, destruction or unauthorized access to business information. Data breaches can be a result of a malicious cyber attack or they can be accidental, resulting from human error or insufficient data protection awareness. 

    Breaches can vary in scale and severity, with recovery ranging from restoring accidentally lost data from file back-ups to full scale IT forensic investigations.

  3. Who is liable for a data breach?

    Under current legislation, the organization or data owner is primarily responsible in the event of a breach. This means that the affected organization will be liable to pay any fees or fines as a result of the security breach. 

    Data breaches are often not the fault of the affected organization and can be the result of a malicious cyber attack by external criminals. Protecting the business with data breach insurance as part of a larger cyber breach insurance policy can offer financial support in the event of an incident and assist a quick recovery.

  4. Can companies get compensation for a data breach?

    If a business’s sensitive data is exposed as a result of a third party data breach, under GDPR they have the right to claim compensation if data protection law was broken. Compensation can also be requested if a business suffered financial loss or non-material loss as a result of the breach.

    Our cyber insurance policy covers third party exposures such as these as well as GDPR fines and penalties.

  5. What type of business has the most cyber vulnerabilities?

    While cyber criminals will often target organizations that handle large amounts of sensitive data or capital, such as those in the healthcare industry, financial service institutions, government agencies, and energy companies, they are by no means the only target. 

    Small businesses are also highly vulnerable to cyber attacks and data breaches as they often lack the cyber security expertise to provide adequate protection.

    What's more, we're seeing a surge in businesses with almost no privacy exposure at all, such as those in construction or transportation, because they are still susceptible to ransomware events and cyber crime. 

Want to learn more about CFC’s cyber policy? Visit our product page or check out our other great cyber-related resources.