Cyber Risk Insurance

Cyber risk insurance protects businesses and mitigates damages in case of claims related to the loss or disclosure of data. It also covers the costs of data recovery, fees for forensic IT experts, lawyers, and PR consultants – specialists who will advise and develop an appropriate action plan in a crisis situation. Cyber risk insurance helps limit the severe and far-reaching consequences of data security breaches.

Financial costs in case of the company's liability towards third parties:

• costs of notifying individuals whose data has been leaked (or notifying the regulator) about unauthorized access to their data;
• costs of defense and damages in case the company (or entity performing certain functions on its behalf) causes a breach of personal or business information security;
• costs of defense and damages in case the company introduces a virus to the data of third parties or third-party information systems;
• costs of defense and damages if company access codes to networks are stolen in a non-electronic way;
• costs of defense and damages if company computer equipment, which stores personal data, is stolen;
• costs of defense and damages if a company employee discloses third-party data.

Financial costs associated with legal requirements for data protection:

• legal advice costs and representation in administrative proceedings conducted by the data protection supervisory authority;
• administrative fines for data breaches imposed by the data protection supervisory authority.

Network operation disruptions:

• Coverage for the loss of profit caused by a disruption in the insured's network following a data security breach.

Expert IT consulting services for the company during and after an incident:

• costs of services provided by forensic IT specialists offering support when the client suspects a break-in;
• costs of forensic IT specialists after a data security breach incident to issue recommendations on reducing the risk of future data security breaches;
• expert service costs to determine whether electronic data can be recreated, reassembled, or recreated from scratch.

Substantive support to protect and rebuild the company's reputation after a break-in:

• costs of expert consultations aimed at preventing potential adverse impacts of high-profile incidents or minimizing their effects;
• costs of expert consultations aimed at minimizing reputation loss by a company employee (e.g., a board member responsible for data protection).

Attempt at extortion:

• Coverage for the costs of independent advisors to determine the circumstances of the extortion, as well as the ransom amount for a third party threatening to disclose confidential information unlawfully obtained from the insured's databases.

Multimedia activity:

• Coverage for damages and legal defense costs incurred due to infringement of a third party's intellectual property rights in connection with content transmitted via digital media.

Who needs cyber risk insurance:

Any enterprise and organization that stores, processes, or transmits data is vulnerable to electronic or physical theft or attacks on its systems.

• Service industry (including tourism, hospitality, telecommunications, etc.) – responsible for the security of processed and transmitted client data. Additional duties and administrative sanctions arise directly from telecommunications law.

• Financial institutions - banks, credit companies, insurance companies are the most frequent targets of hacker attacks. They store personal, financial data and manage their clients' accounts.

• Public utility companies – entities managing infrastructure related to media and their transmission (energy companies, water and sewage companies, heating companies, or urban infrastructure management). They operate based on automated systems that can become targets of cyberattacks. Due to sales to end customers, these companies store and process vast amounts of personal data, transaction data, etc.

• Government offices at all levels, particularly offices that handle citizen services and manage databases containing extensive collections of citizens' personal data and their property and data crucial for the administration's functioning.

• Healthcare – collects and processes personal, financial, and especially sensitive medical data of patients. Additionally, hospital systems and medical equipment are vulnerable to attacks.

• Retail/online stores – store customer information, including credit and debit card numbers. Internet sales are increasingly popular, and companies reach customers worldwide. Due to local legal regulations and the Payment Card Industry Data Security Standards (PCI DSS), these companies are exposed to fines and penalties.

• Companies with branches and offices in the USA - European companies with branches in the United States or storing their data there will suffer severe consequences in case of a data security breach. They must meet the requirements specified in the law of 46 states and industry regulations, and the American Securities and Exchange Commission (SEC) for publicly traded companies.

• Schools and universities – collect and process personal data of candidates and students.