TYPES OF CYBER CLAIMS
More than 95% of cyber claims are for first party losses only and they fall into three broad categories:
1. THEFT OF FUNDS
This is straight forward theft of money from a company’s bank account. The fact that nearly every business can now move its money around electronically and remotely means that it is much easier to steal. Criminals no longer target physical banks – they target online accounts. And if a business has somehow been negligent in allowing this to happen, the bank will not reimburse them.
2. THEFT OF DATA
Data is valuable, and if something has value, it is worth stealing. Identity theft has reached record levels around the world and in order to commit identity theft, criminals need data. Seemingly innocuous information such as names and addresses stored on a computer network can be worth more money than you think.
3. DAMAGE TO DIGITAL ASSETS
In order to operate, businesses now have an incredibly high dependency on their systems, and criminals know that. By either damaging or threatening to damage a firm’s digital assets, attackers know that they can extort money from their victims who might prefer to pay a ransom rather than see their business grind to a halt. And even after paying up, the victim is often left with systems that are unusable and costly to fix.
In some cases, there may be no financial incentive for the attacker at all. In the same way that criminal damage to property doesn’t always have a financial incentive, damage to digital assets doesn’t need to either.
Claims for theft of funds are actually very easy and quick to quantify, but for theft of data claims, the financial impact can vary depending on the nature of the data compromised and how much of it was stolen.
The costliest part of a cyber event is often responding to the incident. For example, if an attack has managed to compromise a company’s computer network, then IT specialists are going to be needed to stop the attack, protect against further immediate threats, and work out what has been stolen.
There is then a financial cost associated with limiting reputational damage, notifying clients or customers whose data has been stolen, and offering them identity theft protection solutions if necessary.
Damage to digital assets claims can be easy to determine especially if there is an extortion demand which the victim has paid (the amount of the claim is the cost of the ransom) but more difficult if we’re talking about the cost of using IT specialists to rebuild systems or data – which might only be calculated after the work is completed.
The key point underpinning each of these types of claim is that there is a direct financial loss to the victim business which can be transferred with a cyber insurance policy.