Data Breaches - Is Cybersecurity Insurance a Silver Bullet? 

How Can You Solve Your Business Law Problems Today?

* indicates required
​Unsubscribe at any time.
By using our online and in person legal coaching you no longer need to fear engaging with business lawyers and law firms and running up huge legal costs.  

Sign up now to find out about our events schedule and pricing.
Legal Coaching & Training
Legal Speaking Engagements
Legal Strategy for Companies
What is a cyberattack?

Many cyberattacks occur because of ‘phishing’ emails, which are a scam designed to extract sensitive information from recipients. A phishing email will often ask you to fill in your details to, for example, prevent spurious transactions and claim tax rebates, or send money to a bank account where the email seems to come from someone you know and where the bank account details have changed. According to a recent study, 69% of participating respondents said they’d received phishing emails within the last year.

Why should businesses be concerned?

Cyber risks are increasing at a rapid rate, due to our growing dependence on data and digital automation. The headlines over the past year have amassed a significant amount of attention towards these problems. This is hardly surprising, considering the recent Mactavish report highlighting that 43% of respondents had suffered from a cyberattack in the two years prior to the report.

One of our most recent cases involved an individual customer of our client getting duped by a phishing email that looked like it had been sent from the client. This resulted in the customer sending hundreds of thousands of pounds to a fraudster’s bank account. The individual customer then claimed for the money he had lost against our client, but our client was completely unaware that this transaction had occurred and that their customer had been duped by the fraudster’s phishing email. As our client had not received any money from the individual customer, we managed to resolve the case successfully.

Many companies don’t purchase cybersecurity insurance due to reasons such as uncertainty over the cover and mistrust in the potential pay-out. Nevertheless, businesses should consider cyber insurance, but should be aware of the caveats and exclusions that may apply.

Does cybersecurity insurance protect against all cyber risks?

Cybersecurity insurance does provide some comfort but does not provide the silver-bullet answer to all cyber issues that businesses might be hoping for. The Mactavish Cyber Risk and Insurance Report tells us why this is the case, pointing to 8 common flaws in some cyber insurance policies, which are, in summary:
  1. Cover for issues caused by accidental errors or omissions may be excluded.
  2. Data breach costs may be limited to, for example, only costs that the business is strictly legally required to incur (as opposed to much greater costs which would be incurred in practice).
  3. Systems interruption cover may be limited to only the brief period of actual network interruption, and not for the period after IT systems are restored but the business is still disrupted.
  4. Cover for systems delivered by outsourced service providers is often limited or excluded.
  5. There may be exclusions for software in development or systems being rolled out.
  6. There may be exclusions where contractors cause issues (e.g. a data breach) but the business is legally responsible.
  7. There may be complex and onerous notification requirements.
  8. There may be no freedom for a business to choose its IT, PR or legal specialists as the policy only covers insurer-appointed advisors.

How to mitigate against cyber risks

Despite some of the limitations to cybersecurity insurance, there are a number of courses of action your business can take to help prepare for a security breach:
  • Think about a bespoke insurance policy: when seeking cybersecurity insurance, firstly understand exactly the risks that could be facing your organisation. This will help you secure a more tailored, bespoke policy that will meet your specific requirements.
  • Make a data breach plan: in essence, a data breach plan will contain information on who to contact, what to do and what should happen next (i.e. in terms of business operations and how to communicate the incident to the public, regulators, solicitors, etc).
  • Communication: if you already have a data breach plan, then communicate it to your employees. A large portion of employees won’t even know a plan even exists, which will seriously undermine efforts to recover effectively.
  • Training: given that 70% of data breaches occur because of human error, hold cybersecurity training for your employees. This could be a highly effective preventative measure.

Conclusion

Cyber risks are something that large businesses as well as SMEs should be taking seriously now. For more information about training, then please contact Jimmy Desai (jimmy@coachinglaw.com) or Emmanuel Vranakis (emmanual@coachinglaw.com).

© 2019. Coaching Law Limited. All rights reserved.

Disclaimer
This site is not providing an SRA regulated service.
By accessing, viewing and/or using this site in any way, you hereby agree that nothing on this site should in any circumstances constitute legal advice and/or manifest or create any kind of solicitor/client or other relationship in any way. The contents of the website are for educational and general information purposes only. The information and content on the website are provided with no warranty, representation and/or any other kind of assurance (express or implied) as to the accuracy, completeness and/or timeliness of any single piece of information and content and we do not accept liability for any error or omission. We shall not be held liable for any damage howsoever caused (including, but not limited to, damage for loss of profits or
loss of reputation) arising in contract, tort or otherwise from the use of or lack of use of, this site, its information and content and affiliated sites, or from any action taken in connection with using this site, its information and content and affiliated sites. Most of (if not all of) of the events, information and/or content on this site may have been changed/updated since published and it is the responsibility of users of the website to decipher whether or not this is the case.
If you have any legal issues then you should seek and obtain advice from your own legal adviser or solicitor. By accessing and/or viewing all and/or any part of this site you hereby agree to all of this disclaimer and if you do not agree with all and/or any part of this disclaimer then please do not access, read and/or view any of the information and/or content of this site.
 Content is provided on this website for general information only. If you have any specific legal issues or problems then you should seek and obtain advice from your own legal adviser or solicitor  and not rely upon any information provided on this website. Please See our full disclaimer here @ Disclaimer before reading any information on this website.  Training provided  regarding English law only.  Website owned and operated by Coaching Law Limited (Company No: 11803433). ©2020 Coaching Law Limited. All Rights Reserved.  Coaching Law Limited is  a training organisation. It is not a law firm and the presenters are not holding themselves out to be solicitors. The information on this website is not providing or intended to provide any legal advice. If you require legal advice you should  consult with your solicitors or law firm.