As technology becomes one of the primary means for people to do business, connect with each other, do their shopping and sometimes even host a wedding, the prevalence of criminal attacks perpetrated by way of a computer is certainly on the rise. Cybercriminals perpetrate various types of crimes ranging from phishing scams to ransomware to the theft and sale of data. It is a constantly evolving form of organised crime which seems to advance faster than security measures can be implemented to stop it.
Clients are therefore increasingly seeking out insurance to protect them in the event of a cyberattack. It is important to be cognisant of the fact that there is no one-size-fits-all approach to placing the cover and the intention of the cover must be looked at to determine which policy is appropriate.
When looking at the policies available at Camargue, the obvious choice may be to place a Cyber Risks policy. While this is certainly the correct route to take if your client is concerned with the loss of data or income as a result of a cyber attack or the liability arising out of compliance with privacy legislation, there is another very distinct loss which might arise as a result of a computer attack.
Take the following situation: The insured is hacked and the hacker makes use of a computer virus which introduces a malicious code causing the insured to pay out money to the hacker. It is important to note that it is the insured’s own computer network which has been hacked. While it may seem that this should be covered under a Cyber Risks policy due to the loss ultimately being attributable to a cyberattack, this is not the case and the theft of funds is in fact covered under a Commercial Crime policy.
It must however be kept in mind that the Computer Fraud section of the Commercial Crime policy is not intended to replace a Cyber Risks policy. Notably, regulatory investigations and fines or penalties as a result of a cyber incident are specifically excluded from a Commercial Crime policy along with any expenses related to the notification of a potential or actual data breach.
While the term ‘cybercrime’ may seem all encompassing, it is clear from the above that there is in fact not one singular policy which would respond to all losses arising out of cyber incident. It is of the utmost importance that clients are clear as to what they are looking to cover so that the appropriate policy can be sought.
For more information on our Commercial Crime and Cyber Risks policies, please contact us at firstname.lastname@example.org