Q: Do general insurance policies cover e-risks or cyber lability?
A: In a word: No. However, according to the DTI Information Security Breaches Survey 2006, a third of UK businesses believe that their general insurance policies provide full cover for damage arising from security breaches or data loss, and another third admit that they do not know. Only one in six businesses correctly believe that there is no cover.
Q: What does Esurance™ cover?
A: Esurance™ is an award-winning, BIBA-approved insurance product that covers the losses and liabilities that a company faces as a result of using the internet or email - from business interruption due to hacking attacks - to claims made by employees for inappropriate email use. For a summary of cover see the Esurance™ Summary.
Q: Have insurance brokers advised their clients of the lack in cover?
A: Some have - normally by adding these risks to their client's 'uninsured risks' list, but the vast majority of businesses have still not been advised.
Q: What type of company buys Esurance™?
A: Any company engaged in e-commerce, any company which is reliant on computer connectivity for transactions or data exchange, any company which stores information that can be accessed over the internet or intranet, online media companies and publishers, any company that is heavily reliant on email use.
Q: How can I easily identify which of my clients fit into these categories?
A: Refer to the Esurance™ Target Market document, or call us to discuss further.
Q: How much does Esurance™ cost?
A: Your CFC Underwriter will be able to give you an indication of cost based purely on your client's business type and revenue. To firm up this indication, we will require a completed CFC proposal form.
Q: The person responsible for insurance at my client is not interested and does not understand this kind of insurance. How do I stop him passing this issue on to the IT Department?
A: In the words of the DTI: "Information Security must be seen as a management and business challenge, not simply a technical issue to be handed over to the experts. To keep your business secure you must understand both the problems and solutions." Since Information Security relies as much on policies and procedures as it does on IT defences it is clearly a top-level management issue. The Turnbull report also imposes duties on public company directors to identify, manage and take an informed opinion on the transfer of these risks. See our Esurance™ E-Risk Management document for the normal process.
Q: My client tells me that they spend a considerable amount of money on IT security and do not need this insurance. How can I interest them?
A: Many IT defences (eg anti-virus software) can only be reactive to known problems. Almost all IT defences rely on human beings to manage and update them, and therefore simply cannot be 100% secure. Also, about 80% of hack attacks involve employee collusion and therefore circumvent most IT defences. But, most importantly, the fact that you buy locks for the doors and windows of your house - and even a burglar alarm and smoke detector - does not mean that you wouldn't bother with home insurance! Just like with other forms of insurance, we expect clients to have carried out the level of risk management that is commensurate with the size of the risks that they face. Otherwise we would not insure them. See our Esurance™ E-Risk Management document for the normal process.
Q: Are there any real claims examples that will frighten my clients?
A: Lots! And this is notwithstanding the fact that the vast majority of security breaches go unreported so as not to cause any bad publicity for the business. Please refer to the CFC Esurance™ Claims Examples document for further details. We also email our Technology Risk Newsletter every week which highlights current issues and gives examples of claims.
Q: Viruses and security breaches are just a running risk to most businesses, causing some bad days for the IT team. Can they cause catastrophic damage?
A: It is true that there is a level of virus damage that is fairly ubiquitous: over 50% of businesses suffered some damage according to the DTI 2004 survey. However the survey also showed that 1% of businesses that suffered a security incident experienced a very major disruption of between a week and a month, and a further 1% experienced major disruption of over a month. The most severe security incidents cost over £500,000.
Q: Are there any coverage restrictions in the Esurance™ policy that I need to be particularly aware of?
A: Many new types of insurance have so many limitations to cover that you can start wondering what exactly is covered. We have tried to make the risk transfer in Esurance™ as clear and as concise as possible. Unlike many other policies in this field, there are only two exclusions that rely on your client's risk management performance: The 'Back-Ups' and 'Obscenity Controls' exclusions.
|
