If your business has been a victim of a cyber attack, you are well aware that the immediate priorities are to resume operations as quickly as possible and protect your information, requiring engaging with emergency cyber security consultants or paying a ransom. Your next step will be to invest in cyber security or increase your current safeguards.

Once you have resolved your cyber attack and implemented new processes and policies you may think your business is now safe, but what about the long-term impacts of the cyber attack? How will this effect the future of your business' operations?

Applying for Cyber Security Insurance

Crowe MacKay's technology consulting team have been assisting clients in reviewing their cyber security insurance policies, and have observed how the landscape of cyber insurance is changing, specifically surrounding the types of questions insurers are asking businesses.

Previously, insurers would ask a limited set of questions in the underwriting form, such as:

  • Do you have backups?
  • Do you have antivirus?
  • Do you have a disaster recovery process?

Following the increase in successful cyber attacks and the somewhat lag from business to strengthen their defences, insurers are becoming more detailed and pointed in the questions they ask. Some examples of these include:

  • Do you test your recovery process yearly?
  • Do you have multi-factor authentication?
  • Is your back-up procedure using technology that will protect from a Ransomware attack?
  • What is the brand and type of firewalls and routers used?
  • Do you have a cyber security incident recovery plan, and has it been tested

Answering "No" or providing an answer that does not meet the criteria of the insurer may result in much higher premiums or a refusal by the insurer to underwrite you, leaving your business fully exposed and with no safety net.

These changes are in response to the increase of cyber security attacks and claims made by businesses resulting in higher losses for insurers. You can expect to see this trend continue and even a potential tightening of the process in the future.

Selecting Cyber Security Insurance for Your Business

Can an Insurer Refuse Insurance After a Cyber Attack?

How to Protect Yourself from a Cyber Attack

As you look to protect your business, insurers are looking to mitigate their risks. What does this mean when it comes to your cyber security insurance? 

Crowe MacKay's technology consultants have seen insurers adding limitative clauses to their policies which will drastically reduce the amount payable by the insurance to you in the event of a Cyber Attack. 

Examples of clauses you may find in a policy are as follows:

  • Authentication information stolen through social engineering
    In the event the cyber attack, and losses, on your company originated from the acquisition of log-in credentials via social engineering or phishing, the limit can melt from an original $2 million coverage down to $20,000. 
  • Generic limitation on phishing attacks
    Insurance policies may stipulate a lower limit for phishing attacks, generally to 1% of your total cover.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.