Cyber risk insurance
As a recent study by Kaspersky Lab has shown, data loss is becoming one of the most serious threats to business. According to the survey, 42% of Russian companies at least once in the last year have lost important information due to hacks or data leaks. A third of the companies reported that this happened more than once. The average damage resulting from an incident depends on the size of the enterprise. If for small and medium businesses it is 1.6 million rubles, for large companies the losses amount to 11 million.
According to experts, in the world damage from hacker attacks committed in recent years, ranging from $ 300 billion to $ 1 trillion. And these indicators tend to increase.
The issues of responsibility for data, especially personal data, are relevant now more than ever. Any personal data operator is at risk of cyber attacks, the consequences of which can be very serious. Hacker attacks can lead to the shutdown of servers, loss of trust in the company and loss of profits, and the compromise or leakage of personal data - to liability and fines, to damage its reputation.
')
Which cyber risks are the main cause of financial losses? Top3 - damage to the company's reputation, violation of business processes, payments to customers for data loss.
How to protect personal data information systems from cyber attacks and network hacking? Is it possible to insure against cyber risks - risks of data operators arising from daily work with information and information systems? Are Russian companies ready to insure such risks? And is there such a possibility at all? For this insurance companies began to offer specially designed products.
Until recently, there was practically no market in Russia, or rather, it was very narrow, niche. Companies did not fully understand whether they should spend money on cyber-risk insurance. This was thought, rather, by the Russian divisions of global companies, which usually take such risks into account. It was difficult to find insurance companies offering such services as a separate product. Meanwhile, in the United States, by 2020 this market, according to PwC forecasts, will reach $ 7.5 billion. According to PwC estimates, one third of American companies have already acquired such insurance.
Now the situation is changing in Russia. Following the few pioneers - the companies Allianz and AIG, Willis and some others that have been working in this segment for a long time, new players are entering the market. So recently, Sberbank Insurance Broker (100% owned by Sberbank) announced the start of sales of a cyber risk insurance product for companies.
The insurance program provides, inter alia, for financial damages if a third party compromises the confidentiality of the transmitted corporate and personal information. The partners of Sberbank were the international insurance companies Allianz and AIG.
Allianz presented its cyber-risk insurance product Allianz Cyber Protect in November 2016. AIG has a separate CyberEdge cyber risk insurance product.
AIG has developed a CyberEdge insurance program to protect personal data in the company from the effects of their leakage or illegal use. Such insurance is necessary for any company dealing with data, especially with personal data.
CyberEdge Plus will help provide primary financial support and help in organizing the necessary measures if a cyber attack leads to damage to the company's property, interruption in production, injury to customers or other third parties, and damage to property of third parties. Additional coverage for personal injury, property damage and financial loss is also available as part of the CyberEdge PC product.
AIG is one of the first insurers to adopt a broad and unified approach to cyber threats, understanding that risks may concern not only the protection of personal data on the Internet. Field-based AIG teams have access to global resources, which allows them to provide the necessary assistance in resolving incidents involving the illegal use of personal data and to respond quickly to requests.
To protect personal data from theft, hacker actions, personnel errors and much more, AIG also provides clients with access to services of companies specializing in cybersecurity and cybercrime investigations, legal advice and anti-crisis PR. It is a tool to prevent losses and overcome the effects of data leakage. It provides professional, round-the-clock, financial assistance for employees, customers and their families who have suffered from the theft of personal data.
Unlike traditional risks, cyber risks can overtake a business anywhere in the world and in virtually every business process. The only question is whether you can work with the consequences of cyber incidents and how much you are willing to lose.
What exactly risks does the CyberEdge insurance program protect against? It includes mandatory (AC) and additional (DF) coverage.
Coverage A insures liability for violation of personal data and corporate information (trade secrets, professional information, budgets, customer lists, etc.) due to unauthorized disclosure or transmission, including virus infection, destruction, modification or deletion of information, physical theft or loss hardware, etc.
B is the cost of administrative investigation regarding data from regulatory authorities. Coverage C includes the cost of software and hardware expertise to determine the cause of the leak; to restore the reputation of the company and / or its officials; on the notification of data subjects and monitoring; and the cost of recovering electronic data.
CyberEdge policy is a comprehensive solution that not only compensates for possible data loss losses, but also allows you to successfully overcome the crisis caused by the leak.
What risks does the CyberEdge program insure?
Additional coverage includes responsibility for the content of information, virtual extortion, losses from network failures as a result of disruption of the security system, compensation for lost profits.
This insurance program allows you to minimize the effects of a data leakage crisis. For this purpose, experts in the field of legal support, IT investigations and crisis management PR are involved, the costs of which are compensated by AIG. Legal support is provided for the investigation of public authorities in connection with the violation of personal data.
AIG partner companies provide services to their accredited professionals.
In the event of an insured event, the client is compensated for lost profits due to network failures due to a security breach, losses as a result of a claimed or actual data breach or corporate information. The mere fact of insurance and the potential to attract professionals who accurately identify the causes of data leakage reduces the likelihood of leakage.
It is important to remember that data leakage and data breaches occur more often than you can imagine. At the same time, companies that have data-related incidents suffer from reputational damage, interruptions in production, third-party claims, limited knowledge of how to act in a crisis situation, etc.
The presence of the CyberEdge policy says that the company cares about its risks and the risks of its customers, that it will not spend its own funds to eliminate the consequences, but will use the help of AIG. By entrusting their data to such a company, customers can be assured that in the event of an incident they will be able to receive compensation for damage. It is especially convenient if a similar service is offered by a hosting service provider . For example, the responsibility of RUVDS for the data of all customers is insured against cyber risks of type A in AIG.
The demand for cyber risk insurance in Russia can grow substantially if the big players or the state formulate clear requirements for the availability of such insurance.
According to experts, in the world damage from hacker attacks committed in recent years, ranging from $ 300 billion to $ 1 trillion. And these indicators tend to increase.
The issues of responsibility for data, especially personal data, are relevant now more than ever. Any personal data operator is at risk of cyber attacks, the consequences of which can be very serious. Hacker attacks can lead to the shutdown of servers, loss of trust in the company and loss of profits, and the compromise or leakage of personal data - to liability and fines, to damage its reputation.
')
Which cyber risks are the main cause of financial losses? Top3 - damage to the company's reputation, violation of business processes, payments to customers for data loss.
How to protect personal data information systems from cyber attacks and network hacking? Is it possible to insure against cyber risks - risks of data operators arising from daily work with information and information systems? Are Russian companies ready to insure such risks? And is there such a possibility at all? For this insurance companies began to offer specially designed products.
Where to insure?
Until recently, there was practically no market in Russia, or rather, it was very narrow, niche. Companies did not fully understand whether they should spend money on cyber-risk insurance. This was thought, rather, by the Russian divisions of global companies, which usually take such risks into account. It was difficult to find insurance companies offering such services as a separate product. Meanwhile, in the United States, by 2020 this market, according to PwC forecasts, will reach $ 7.5 billion. According to PwC estimates, one third of American companies have already acquired such insurance.
Now the situation is changing in Russia. Following the few pioneers - the companies Allianz and AIG, Willis and some others that have been working in this segment for a long time, new players are entering the market. So recently, Sberbank Insurance Broker (100% owned by Sberbank) announced the start of sales of a cyber risk insurance product for companies.
The insurance program provides, inter alia, for financial damages if a third party compromises the confidentiality of the transmitted corporate and personal information. The partners of Sberbank were the international insurance companies Allianz and AIG.
Allianz presented its cyber-risk insurance product Allianz Cyber Protect in November 2016. AIG has a separate CyberEdge cyber risk insurance product.
CyberEdge: not only information risk insurance
AIG has developed a CyberEdge insurance program to protect personal data in the company from the effects of their leakage or illegal use. Such insurance is necessary for any company dealing with data, especially with personal data.
CyberEdge Plus will help provide primary financial support and help in organizing the necessary measures if a cyber attack leads to damage to the company's property, interruption in production, injury to customers or other third parties, and damage to property of third parties. Additional coverage for personal injury, property damage and financial loss is also available as part of the CyberEdge PC product.
AIG is one of the first insurers to adopt a broad and unified approach to cyber threats, understanding that risks may concern not only the protection of personal data on the Internet. Field-based AIG teams have access to global resources, which allows them to provide the necessary assistance in resolving incidents involving the illegal use of personal data and to respond quickly to requests.
To protect personal data from theft, hacker actions, personnel errors and much more, AIG also provides clients with access to services of companies specializing in cybersecurity and cybercrime investigations, legal advice and anti-crisis PR. It is a tool to prevent losses and overcome the effects of data leakage. It provides professional, round-the-clock, financial assistance for employees, customers and their families who have suffered from the theft of personal data.
Unlike traditional risks, cyber risks can overtake a business anywhere in the world and in virtually every business process. The only question is whether you can work with the consequences of cyber incidents and how much you are willing to lose.
What exactly risks does the CyberEdge insurance program protect against? It includes mandatory (AC) and additional (DF) coverage.
| Type of coverage | What is included in it |
| A: Losses due to data breaches. | - Losses due to data breaches. - Losses as a result of violation of corporate information (trade secrets, professional information, budgets, customer lists, etc.). - Losses as a result of computer system security breaches (virus infection, destruction, modification or deletion of information, physical theft or loss of hardware, etc.). |
| Q: An administrative investigation into the data. | - Losses of the insured in connection with the investigation as a result of violation of the law or other regulatory acts in connection with the processing of data or corporate information for which the insured bears civil liability in an amount not exceeding the costs of protection. |
| C: Costs of responding to data breaches. | - The cost of response and proactive software and technical expertise. - The cost of restoring the reputation of the insured and individuals, to notify data subjects. - Monitoring costs. - The cost of restoring electronic data and programs. |
| D: Responsibility for the content of the information. | - Losses of the insured as a result of public disclosure caused by an error, a false statement, a misleading statement or an omission in connection with their multimedia activities, which lead to a violation of copyright, proprietary rights, slogan, trademark, trade name, domain name violation name, plagiarism, infringement of copyright or misappropriation or theft of ideas; any incorrect coverage, public disclosure of facts of private life, committed without intent, as a result of a recorded, spoken or broadcast statement, including, without limitation, emotional distress or mental pain in connection with such actions; or invasion, encroachment on privacy, unlawful invasion or deprivation of property, an offense or unauthorized extraction of information. |
| E: Virtual extortion. | - Losses from virtual extortion: funds paid by the insured with the written consent of the insurer to limit or terminate a security risk that would otherwise cause a loss to the insured; and the cost of conducting an investigation to determine the cause of the security risk. Losses from virtual extortion do not include any payments to those responsible for the security risk. |
| F: Network outage | - Losses from network failures in the amount of lost profits (income that should have been received, reduced by the amount of expenses that should have been incurred). |
Coverage A insures liability for violation of personal data and corporate information (trade secrets, professional information, budgets, customer lists, etc.) due to unauthorized disclosure or transmission, including virus infection, destruction, modification or deletion of information, physical theft or loss hardware, etc.
B is the cost of administrative investigation regarding data from regulatory authorities. Coverage C includes the cost of software and hardware expertise to determine the cause of the leak; to restore the reputation of the company and / or its officials; on the notification of data subjects and monitoring; and the cost of recovering electronic data.
CyberEdge policy is a comprehensive solution that not only compensates for possible data loss losses, but also allows you to successfully overcome the crisis caused by the leak.
What risks does the CyberEdge program insure?
Additional coverage includes responsibility for the content of information, virtual extortion, losses from network failures as a result of disruption of the security system, compensation for lost profits.
What are the benefits of CyberEdge?
This insurance program allows you to minimize the effects of a data leakage crisis. For this purpose, experts in the field of legal support, IT investigations and crisis management PR are involved, the costs of which are compensated by AIG. Legal support is provided for the investigation of public authorities in connection with the violation of personal data.
AIG partner companies provide services to their accredited professionals.
In the event of an insured event, the client is compensated for lost profits due to network failures due to a security breach, losses as a result of a claimed or actual data breach or corporate information. The mere fact of insurance and the potential to attract professionals who accurately identify the causes of data leakage reduces the likelihood of leakage.
It is important to remember that data leakage and data breaches occur more often than you can imagine. At the same time, companies that have data-related incidents suffer from reputational damage, interruptions in production, third-party claims, limited knowledge of how to act in a crisis situation, etc.
The presence of the CyberEdge policy says that the company cares about its risks and the risks of its customers, that it will not spend its own funds to eliminate the consequences, but will use the help of AIG. By entrusting their data to such a company, customers can be assured that in the event of an incident they will be able to receive compensation for damage. It is especially convenient if a similar service is offered by a hosting service provider . For example, the responsibility of RUVDS for the data of all customers is insured against cyber risks of type A in AIG.
The demand for cyber risk insurance in Russia can grow substantially if the big players or the state formulate clear requirements for the availability of such insurance.
Source: https://habr.com/ru/post/326530/
All Articles