Cyber insurance - are you covered?
September/October 2017 edition

Cyber risk is now accepted as one of the major emerging risks worldwide and insuring such an exposure will soon become as mainstream as taking out liability insurance. Here’s why.

By Jenna Sammut - Account Executive at Jardine Lloyd Thomson

The insurance industry has responded to this growing exposure with a number of new policy solutions. These solutions can offer protection from many of the unanticipated costs associated with a cyber incident that might otherwise significantly threaten an organisation’s ongoing operation and bottom line.

Many real estate agents have been in contact with Jardine Lloyd Thompson (JLT) in relation to the Cyber Liability cover on their professional indemnity insurance policy. The Realcover policy holds a sub-limit for Privacy and Data Breach cover (Cyber Liability), although this section does not provide cover for loss of money.

When obtaining cover for loss of money, the risk management criteria is important to insurers to allow cover to be provided. We recommend agencies:

  • Segregate duties, so no single person can request or authorise expenditure or refund monies, make payments and reconcile bank statements
  • Segregate system passwords, so no single person can request and authorise the release of electronic funds transfers in respect of the same transaction
  • Require all cheque requisitions and fund transfers to be counter signed.

Following are two case studies that demonstrate two very different claim scenarios and show why careful consideration of your cyber liability coverage is a must.

For further information and to discuss your insurance needs, please contact Realcover by speaking with a JLT representative on 1800 990 312 or email [email protected].

While care has been taken in preparing this article, and the information in it has been obtained from sources that Realcover believe to be reliable, Realcover does not warrant, represent or guarantee the accuracy, adequacy, completeness or fitness for any purpose that the article may be used. Realcover accepts no liability for any loss or damage (whether caused by negligence or not) resulting from the use of this article.
A retailer emailed a group of customers to promote a sale with special discounts. The retailer intended to attach a copy of the flyer detailing the discounts, but instead attached a copy of a spreadsheet that contained a customer list, including customer names, addresses and credit card information.

Result: The retailer was required to notify all affected customers of the error and offered credit monitoring services. Several of the affected individuals began legal proceedings against the retailer. The notification and credit monitoring costs totalled $50,000 and the amount to settle the legal proceedings with the retailer’s customers, combined with the associated legal costs and expenses, totalled $100,000.
The company accountant of a local manufacturing firm received an email from her boss asking her to transfer $120,000 to a supplier abroad. Because this was a common type of request, she processed the payment before realising that the tone of the email wasn’t right and the domain name was a single letter sign off. Upon further investigation, it was found that cyber thieves had infiltrated their systems and had gained sufficient knowledge about company dealings to send a convincing phishing email that lost the company thousands of dollars.

Result: The company lost the $120,000 and incurred costs to secure their IT system.