Cyber protection insurance is designed to help protect your business from the financial impact of computer hacking or a data breach.
If your business has a website or electronic records, you are vulnerable to cyber hackers. In fact, it’s likely that your business will suffer a cyber attack at some stage.
A cyber attack could cost your business more than money. It could also threaten your intellectual property and put customers’ personal information at risk – which could damage your reputation.
New Zealand businesses with more than 20 employees nearly tripled their IT investment in security between 2018 and 2021.
8,831 cyber security incidents were reported in New Zealand in 2021, a 13% increase on 2020.
There were $16.9 million in direct financial losses from cyber-attacks in 2020. In the first quarter of 2021 alone, there were $3 million direct financial losses from cyber incidents.
Phishing and credential harvesting remain the most reported incidents, followed by scams and fraud, then malware.
Cyber insurance policies vary in the benefits they provide. Your insurance broker can help you find the most suitable product that meets the needs of your business. To give you an idea, here’s the type of cover that your policy may include:
| Type of cover | Potential benefits |
|---|---|
| First-party losses | |
| Business interruption losses | Covers financial loss you may suffer as a result of a cyber attack. |
| Cyber extortion | The costs of a cyber attack, such as hiring negotiation experts, covering extortion demands, and prevention of future threats. |
| Electronic data replacement | The costs of recovering or replacing your records and other business data. |
| Third-party losses | |
| Security and privacy liability | Damages to your reputation resulting from data breaches, such as loss of third-party data held on your system. |
| Defence costs | Funds the legal costs of defending claims. |
| Regulatory breach liability | Covers legal expenses and the costs of fines arising from an investigation by a government regulator. |
| Extra expenses | |
| Crisis management expenses | Provides cover for the costs of managing a crisis caused by cyber hackers. |
| Notification and monitoring expenses | The costs of notifying customers of a security breach and monitoring their credit card details to prevent further attacks. |
Exclusions and the excess you need to pay can vary greatly depending on your insurer. Policies generally won't include cover for:
There are other exclusions that your Steadfast insurance broker can outline.
Your employee opens an email attachment infected with a ransomware virus. Access to your systems and data are blocked, and the virus software informs you that it will remain unavailable unless you pay the ransom amount. Rather than paying the hacker and opening your business up to further extortion attempts, you hire external IT consultants to recover your back-up data and files and upgrade your antivirus software. Over the week it takes to apply these fixes, you have to close your business, causing you to lose revenue. It also affects your reputation with your clients; one of your clients threatens to sue you for the delay, which cost them a large amount of money.
A Cyber Protection Insurance policy allows you to recover some of the costs you incur during this incident. Depending on your policy, you may be able to make a claim for losses caused by the interruption to your business, the costs of recovering your data and upgrading your software, and ongoing crisis management expenses.