Cyber and Crime Insurance: Which policy does my organisation need?
Businesses of all sizes and industry sectors can fall victim to a variety of crime and cyber-related risks. Today, the lines between the two insurance policies are indistinct and your business should invest in the appropriate cover that matches the risk.
Crime insurance has a focus on protecting companies from employee and vendor theft, fraud and forgery, whereas Cyber insurance was created to protect companies from damages occurring from cybercrime such as a data breach or cyber extortion. Our continued reliance on technology in the workplace means that ransom, embezzlement and other types of loss can now be covered by a Crime policy or by Cyber insurance.
We have listed some points to help you determine what constitutes a crime loss versus a cyber loss below:
Cyber Policy Key Features
- One of the purposes of Cyber insurance is to protect companies whose customers’ personal information has been compromised. If this scenario takes place, you may be responsible or liable for damages incurred by those connected to you – this is an indirect loss.
- Cyber policies cover the loss of intangible property such as data files, proprietary formulas, sensitive financial information, and personal data of customers or employees which is classified as an intangible loss. Loss of intangible property would include data files of the client suppliers. For example, a large retailer who holds the information of all their suppliers could be compromised if a system intrusion occurs.
- Cyber policies can cover third party and first party losses. Under a Cyber policy first party losses are those that directly impact your own systems and businesses whereas third party losses refers to the sums which you may become liable to pay to others as a result of trading electronically.
- When using cloud-based systems the responsibility for the data is shared between the cloud vendor and yourself. Most cyber policies define ‘computer systems’ to include third party networks you work with to support your company, so if a breach occurs, regardless of where the data is stored, a Cyber policy would respond.
Crime Policy Key Features
- A Crime policy covers losses such as theft of your securities or money as you incurred the direct loss. As this is a first party loss, by identifying the injured party, you identify the connected policy.
- When there is a physical loss of securities, merchandise or money this is identified as a tangible loss and would generally be covered by a Crime policy.
- Social Engineering is the personal manipulation of an individual to perform certain actions or divulge confidential information and is a growing risk that many organisations are facing. This can be covered by a crime policy.
What coverage does my organisation need?
Cyber policies cover hardware failure and the consequential damage to data, in scenarios such as accidental data erasure or software corruption of breakdown. Cyber policies offer protection from first party exposures such as Data Cover, Business Interruption, Crisis Management and Cyber Extortion theft as well as third party exposures such as transmission of virus and denial of service and disparagement, plagiarism and infringement. They do not, however, provide cover for criminal activity. If your business operates online and holds personal data on clients or employees, it is essential that you invest in a tailored Cyber policy.
On the other hand, crime policies provide cover for fraud caused by employees and fraudulent acts by third parties. Such frauds and dishonesty are now likely to be committed using computers, which causes confusion with Cyber policies. Although basic Crime policies cover an individual for fraudulent online attacks, they are limited and do not address the full range of exposure, leaving gaps in coverage.
Understanding your specific circumstances, and the difference between Cyber and Crime insurance and where the gaps can occur, Griffiths & Armour provides professional advice to ensure you are adequately covered for all eventualities. If you have any questions about the contents of this article, please get in touch with your usual Griffiths & Armour contact or you can contact Ken Harris by clicking below.