What We Do
  /    /  Cyber Insurance
cyber insurance

What is Cyber Insurance?

Cyber Insurance provides cover for financial loss and expenses that businesses may suffer because of a Cyber Event, including hacking, extortion, viruses, Social Engineering and Cyber Crime. Claims covered under a Cyber policy are very broad, but are typically three core things: Liability (privacy lawsuits and regulatory defence), Internal Financial Loss (extortion, notification expenses, data recovery, business interruption, crime/theft), and Emergency Incident Response (costs incurred from responding to a Cyber Event).

What are the Coverages Available?

Main Coverages that respond to a Cyber Event:

Privacy Breach

Coverage against third party claims/lawsuits for loss of: Personal Information, Commercially Confidential Information Employee Information and Information held by Service Providers.

Data Recovery & System Damage

Cover for lost, damaged or destroyed IT systems, records, and data. This can include the retrieving, repairing, restoring or replacing of data, systems or hardware.

Cyber Extortion

Cyber extortion is defined as a threat against the insured computer system to provide ransom in order to prevent a Cyber Attack. Coverage for this can include: the payment of a ransom, negotiation & mediation costs, crisis management costs & costs to resolve a security threat, and investigation costs to determine the cause of the extortion threat.

Privacy Breach Notification Costs

Cover for costs incurred to notify the regulatory body or relative parties when a Privacy Breach occurs. This includes costs incurred for Mandatory Data Breach Notifications, where laws are in force for companies of a certain size (i.e. with a turnover of $3M+).

Regulatory Defence and Fines

Cover for the Defence Costs and Penalties that occur when there is a Privacy Breach (see above).

Business Interruption

Coverage for “indirect” or “consequential loss”. This can include cover for loss of profits and additional expenses incurred because of a Cyber loss.

Cyber Incident Response & Crisis Management Costs

Access to 24/7 emergency incident response immediately following/during a Cyber Attack.

Additional Coverage Sections and Policy Options:

Cyber Crime

Theft & Loss of money, including occurrences caused by transferring funds, establishing credit, fraudulent activity towards electronic data/information, etc.

Crime (as defined above) by former employees

Telephone Phreaking (hacking of phone system resulting in unintended charges)

Social Engineering

Social Engineering Fraud generally involves a cyber criminal using a phishing scheme (usually in the form of fraudulent emails) to deceive a target into voluntarily giving away funds to a third party.

Contingent Business Interruption

Coverage that reimburses lost profits and extra expenses resulting from an interruption to the business of a customer or supplier, caused by a Cyber Event.

Payment Card Data Security Liability

Coverage against third party claims/lawsuits from a breach to the Payment Card Industry Data Security Standard.

Have any questions?

Get in touch with our Cyber team today.

What is a Cyber Event?

A Cyber Event triggers a claim on a Cyber Insurance policy and can be caused by several different scenarios:

Cyber Event

What are the Cyber specific Exclusions?

Core Internet Infrastructure Failure

Domain Name Suspension or Revocation

Known Claims and Circumstances

Power Failure

Product IP & Patent Infringement

Unsolicited Communications and Data Collection

*Standard insurance exclusions apply; please read your PDS.

What are the Landmines?

Disclosure

Someone applying for insurance must disclose any matter they know to be relevant to the insurer’s decision to accept the risk. Continuous disclosure is also very important: If there is any material change to the company during the policy period, the insured needs to keep the broker/insurer informed of the change.

Claims Made Policy

Cyber Liability Insurance policies are written on a Claims Made policy form, which means the loss/claim must be reported and indemnity granted during the period of insurance to trigger a claim. If a policy is lapsed and a claim is reported after the policy period, the claim will be denied.

Retroactive Date & Known Claims

The retroactive date determines if a policy will provide cover for past acts that have only been discovered after the fact – in the policy period. If this date is either “unlimited” or states a specific date, there is cover for claims that had occurred in the past and reported during the policy period, as long as they were not previously known by the insured. If this date is “inception”, then cover is only provided for acts occurring after the policy is put in place while it is in force.

Social Engineering & Cyber Crime

These are important coverage sections but are typically excluded from a policy unless specifically added to the policy schedule – usually for an extra premium. (Read more about Cyber Crime here)

What do Claims look like?

Cyber Events are unique in that they are usually random – they tend to target any company, regardless of size or industry. Cyber Insurance losses/coverages are split into two categories: First-Party and Third-Party:

Cyber Coverage

Claims Examples

Social Engineering – Vendor Email Hacked

The controller for a distributor of component parts was responsible for making regular payments to overseas vendors from which the distributor purchased products for resale in the United States. After many months of working with one particular vendor and receiving regular shipments, the controller received an email that appeared to come from his vendor contact, indicating that the vendor’s bank was having issues with accepting payments, and asking if the next payment could be made to a new bank. Due to the vendor’s overseas location, verification was a challenge. After the supposed vendor applied some pressure, the controller paid the invoice via wire transfer.

 

The following month, when the real vendor realised that its best customer’s payment was overdue, an investigation determined that the vendor’s email had been hacked, and an imposter had been socially engineering the company into believing that the change in bank information was authentic. In the end, the fraudster finagled almost $250,000 from the distributor.

** This claims example has been provided by Chubb Insurance Company of Australia Limited **

Employee Error (First Party & Third-Party Claim)

A retailer emailed a group of customers to promote a sale with special discounts available to them. The retailer
intended to attach a copy of the flyer detailing the discounts but instead attached a copy of a spreadsheet
that contained a customer list, including customer names, addresses and credit card information.

The retailer was required to notify all affected customers of the error and offered credit monitoring services.
Several of the affected individuals began legal proceedings against the retailer. The notification and credit monitoring costs totalled $50,000, and the amount to settle the legal proceedings with the retailer’s customers combined with the associated legal costs and expenses totalled $100,000.

Most Cyber Risk Insurance policies provide coverage for breach of privacy which includes legal costs, indemnification of third parties and crisis management costs.

** This claims example has been provided by Insurance Australia Group Limited **

Privacy Breach, Fines & Investigation (First Party & Third-Party Claim )

An IT company misplaced multiple drives that contained personal information for over one million customers. It was unknown whether the drives were lost, stolen or destroyed. The IT company was required to notify the affected individuals, as well as the privacy regulator. The regulator investigated the incident and fined the company for failing to have appropriate safeguards in place to protect customer information.

 

The company incurred legal fees of $1,000,000 in connection with the regulatory investigation and defending legal actions brought by affected customers and for the costs and expenses in notifying customers their personal

information had been lost, stolen or destroyed. The company was also fined $75,000 by the privacy regulator. The total loss to the company exceeded $5,000,000.

 

This type of scenario triggers multiple Insuring Clauses under a typically Cyber Insurance policy, including privacy fines and investigations.

Ransomware

A professional services company was affected by cryptolocker virus identified as the Lockey virus. A network of 20 computers were affected with users unable to access files, which had been encrypted. Investigations revealed the virus entered the computer network via an infected email attachment which had been inadvertently opened by an employee.

 

An IT specialist was brought in to re-build and restore lost data from the back-up server. The IT costs involved in containing and recovering from the incident were claimed under the Cyber Insurance policy. No ransom was paid as a result of the data recovery efforts.

DDoS – Distributed Denial of Service

An online service provided was hit by a Distributed Denial of Service (DDoS) attack. The DDoS attacks effectively starved the web site host system of resources by flooding it with malicious traffic and preventing legitimate customers logging on or accessing the website. Account Customers utilising the Internet, Mobile Phones and Mobile Apps were unable to log on, new users were unable to set up accounts.

 

A specialist forensic IT vendor was appointed to investigate and mitigate the attack. The incident involved serious disruption to the insured’s business and loss of income as a result of its website being down for approximately one week at one of the busiest times of the year. The Cyber Security Insurance policy responded to the costs of the IT investigation and remediation and the loss of profits suffered.

Data Breach

Users of the Insured’s online network had reported that they had received spam emails from an individual they knew to be an ex-employee of the Insured, to a unique email address that they had created exclusively for use on the Insured’s website. Investigations confirmed that while working for the Insured, the ex-employee had access to the relevant customer databases and forensic IT investigations confirmed the data breach.

 

Steps were taken to ensure that the ex-employee deleted the data and signed an enforceable undertaking not to use the data in future. The quick action to contain the breach and engage with the regulator meant that the regulatory investigation could be responded to in a way that satisfied the regulator and the costs and risk could be contained.

** These claims examples have been provided by AIG Australia Limited, Chubb Insurance Company of Australia Limited, and Insurance Australia Group Limited **

Ready for a Quote?

Request a Cyber Insurance Quote Now

What are the price influencers?

Number of Records/Files stored on system

Internal Cyber Security & Risk Management Procedures

Payment Authorisation Procedures

IT Risk Management such as Antivirus and Firewall procedures

Business Continuity Back-up and Archiving

Annual turnover

Business activity & industry

Which countries/territories you operate in

Prior claims and circumstances

Number of staff

What are the quote requirements?

Please complete this Proposal Form and return to our brokers below to arrange a Cyber Insurance quote. (Download Here)

Why work with KBI?

1. Expert Brokers

Cyber Insurance is a complicated product notorious for industry jargon (both IT & Insurance), so it is important to have a dedicated team of Cyber Insurance brokers on your side to give you advice and guide you through the process.

2. Assistance with the Submission Process

We help you answer questions and complete the forms necessary to get quotes. This is important as it not only makes for an easier process, but also ensures the insurers have the necessary information to properly underwrite and quote.

3. Quote Analysis

We help clients make an informed decision by providing a plain-language breakdown of the quote(s), so they understand what they are buying

4. Product Updates

Cyber insurance is the fastest changing product in the insurance market, so it is very important that brokers and clients alike stay up to date with the changes as they happen. We have a focus on Cyber Insurance and continually provide updates to our clients and contacts through our Cyber blog.

5. Incident Response

This is crucial for Cyber Insurance policy holders to reduce the severity of a loss and get business operations back up and running. We work with key incident response teams to assist our clients in the event of a Cyber Event.

6. Claims Management

Our Cyber team not only has experience managing small and large Cyber Claims, but understand the importance of working side by side with the insurers and incident response teams to ensure claims go smoothly. We also have access to 24/7 emergency incident response immediately following/during a Cyber Event, included at no extra cost.

Cyber Team

directors and officers insurance

Travis Kenzle

Managing Director
directors and officers insurance

Tyler Speers

Account Manager

Cyber Insurance Testimonials

Australian Resource Exploration

“Another great experience working with KBI. Thanks for your work.”

Adam Elliston
Director

Coastal Contacts

"In a world of increasing complexity and risk, Travis has a rare ability to distil decisions down to the factors which are most important and most relevant. Over the past 8 years of working closely with him, I have learned to trust his experience and instinct as it relates to a variety of insurance products. I enthusiastically endorse Travis and his work.

Nick Bozikis
Chief Financial Officer

HSEQ Capital

"I have now been working with KBI since I was introduced to the team in November 2014. Their support and advice has been second to none. I am wrapped to see this part of the business expanding and would suggest to anyone who works in this field as a HSEQ Consultant or Safety Professional to touch base with the KBI Team as a starting point. Well done guys!"

Klae Deeg
Managing Director

Registered Standards International (RSI)

"Working with the team at KBI to arrange our cover has been a hassle free and straight forward process. KBI took the time to understand our professional duty in the provision of professional services. Whether or not you provide professional services in-house or engage external consultants, we would confidently recommend KBI to other professional services and consultants."

Sarah Bocking
General Manager

Contact Info

Street Address:

Level 18, 140 St. Georges Terrace, Perth, WA, 6000

Postal Address:

PO Box Z5102, St. Georges Terrace, Perth WA 6831

Get in Touch with our Brokers:

Click the button below to find out more about our people, their experience and their accomplishments.

Get in Touch