Cyber Insurance Policy is a fundamental tool to help companies protect their assets against possible security leaks, hacker attacks, computer viruses, dishonest or negligent employees, information leakage and identity theft, among others.
Cyber risk insurance covers the insured against attacks by viruses and hackers. They are designed to protect companies from the risks, both online and offline, to which they are exposed and which can lead to large losses.
Main insured of cyber risks
• The society
• Administrators, managers or partners
• The head of security, director of compliance or director of the internal legal advice of the company
• The employees
Coverages adapted to the needs of each company
• Responsibility for claims for breach of data privacy: a policy covers the damages and expenses of defense against claims arising from a violation of data and / or confidential information, both in paper and digital format.
• Responsibility for claims regarding network security: it covers the damages and expenses of defense against claims derived from a failure of network security.
• Responsibility for claims for media activities: it provides protection for damages and defense costs derived from claims for the management of content on websites and social networks.
• Information retrieval and lost data: it covers the cost of recovering your data derived from an incident that consists of hacking, human error, programming error, denial of service attack, malicious computer programs, use or unauthorized access, power failure, network overload.
• Incident response expenses:
Service of attention to incidents, from the hand of experts consisting of
A. Computer forensic services.
B. Notifications to the consumer within the framework of existing legal provisions.
C. Legal advice for the response to regulators in the framework of data protection regulations.
D. Voluntary information to the people whose data has been compromised.
E. Support service of a call center for notification purposes.
F. Consulting services regarding fraud to people whose data has been compromised.
G. Expenses for credit control, identity theft control, social media control, credit freezing, fraud alert services or softwareof fraud prevention.
H. Identity restoration services
I. Image restitution services.
J. Legal advice for the sole purpose of establishing your compensation rights under an agreement with an external provider.
• Cyber extortion: Financial protection for an extortion event. Under this extension we will cover the expenses generated by the hiring of specialists, in addition to the damages and losses necessary to end the extortion.
• Loss of profits due to interruption of activity:Financial protection for the paralysis of the activity derived from an incident that consists of hacking, human error, programming error, denial of service attack, malicious software, blackout, network overload, use or unauthorized access.
• Administrative sanctions: a policy covers the sanctions imposed by a supervisory body under an administrative or regulatory procedure. Within the framework of coverage liability for breach of privacy and responsibility for network security.
What measures should a cyber-insurance policy take in cyber security?
The ESET Latin America team, a proactive protection laboratory for security threats, made five recommendations that cannot be lacking in a company, because they are the basis of corporate management:
1 – Antimalware software
According to the report last year almost half of the companies in Latin America suffered a malware infection. And in addition, 16% described that these infections were with ransomware variants, a malicious code that encrypts the information or blocks the computer and then asks for a monetary rescue so that victims can access them again. For these reasons, robust security software is fundamental in any type of security plan.
2 – Email
The mails are still the most used attack vector because it is massive and economical to propagate an attack. It is necessary to have security measures in the servers and anti-spam solutions. In addition, the important thing is to educate the members of the companies so they know that they should not open files that may seem suspicious and ask certain questions before clicking.
3 – Software updates
It is a fundamental and universal control for any type of company. Updates not only bring about improvements in operation and code corrections, but the use of older versions represents a risk, especially if they are applications used to manage the business. If there are vulnerabilities or unpatched errors, they could be exploited to compromise a team or a complete corporate network.
4 – BYOD
The use of personal equipment for corporate purposes is a reality. SMEs, for reasons of budget, cannot always equip their entire staff with corporate equipment for work. Therefore, an organization must consider educating employees on how to use their equipment correctly, and invest in security solutions for such equipment; especially because they handle company data that, if compromised, can cause incident that affects the continuity of the business.
Conclusion: Many organizations start from the premise that the information they handle is not important but, in fact, cyber criminals start from that premise to attack those who believe they go unnoticed. It is vital to have not only technological solutions such as an antivirus , but also a correct management of these controls and work to raise awareness among employees, who represent the weakest link in the chain.