In: Operations Management
First, pick an industry or organization as the context in which you will develop your thoughts and arguments (E.g., a healthcare provider with electronic medical records, a utility company computer systems with critical infrastructure information, a multinational bank, etc.).
Find and investigate one insurance company and determine from their websites whether they may have a cyber insurance policy.
Summarize its Cyber-Risk Insurance Policy. Do you recommend the business (you have picked in the first step) to select the insurer? Why or why not? Share your rationale and reasoning. Feel free to make your own assumptions about the organization’s situation (size, budget, etc.) and business requirements. Feel free to make your own assumptions about the organization’s situation (size, budget, etc.) and business requirements.
Make sure to include the resources you cite in your post.
Lets take a firm in the financial services sector, which is looking for a cyber insurance coverage scheme. I have considered TATA AIG General Insurance Company Limited as the preferred insurer. The policy name is Cyber Risk Protector and policy contents can be found by doing a simple Google search.
The following are the broad points under the coverage terms.
Events |
Description |
Loss of Personal Information |
Qualifying Breach of Personal Information |
Loss of Corporate Information |
Qualifying breach of corporate information |
Outsourcing |
Breach of duty in regards to processing of personal information and/or corporate information |
Network Security |
Introduction of any unauthorized software, computer code or virus to Third Party Data on the Company’s Computer System which is specifically designed to disrupt the operation of or corrupt or damage any software or data recorded on the Company’s Computer System |
Denial of access to an authorized Third Party to its data |
|
Wrongful appropriation of a network access code from the company |
|
destruction, modification, corruption, damage or deletion of Third Party Data stored on any Computer System |
|
physical theft of the Company’s Assets by a Third Party |
|
disclosure of Third Party Data by an employee of the Company |
In this policy, coverage is also offered for any expenses that may be incurred when a regulatory investigation is carried out. Remedy for reputational risk, either at company or individual level, is also covered.
Under Optional Extensions, the following are covered
Exclusions under this policy are
As more and more of our daily lives are getting shifted in the digital domain, online security has become an absolute necessity. Especially in firms, where customers’ financial transaction are taking place, data integrity is highly critical. Taking a cue from this and the ever increasing cases of digital frauds and hackings, several financial institutions are taking cyber insurance coverage schemes.
There are 6 key things that a firm should do while selecting the right insurance product
The financial institution that I have taken as my example is an established player in the market with vintage of over 35 years. In this time, this institution has amassed quiet a sizeable amount of customer data, is offering a plethora of financial products and has multiple offices globally. When a company has such a firm presence, it is obvious that data is the most important asset for it.
The mentioned policy has extensive coverage terms that come under data breach, either at the company level or any misconduct by a third party outsourcing vendor.
Reputational risk is a very important factor for established companies and the fact that this policy offers coverage for any activity that needs to be taken to correct the image of the company, is a positive factor for choosing this policy.
One key element in this policy is coverage under extortion. Although this comes under optional extensions, it’s a term that a not a lot of other insurers are offering.
Taking into account the above factors, the insurance policy by TATA AIG is a preferable one for an established bank.