Question

First, pick an industry or organization as the context in which you will develop your thoughts and arguments (E.g., a healthcare provider with electronic medical records, a utility company computer systems with critical infrastructure information, a multinational bank, etc.).

Find and investigate one insurance company and determine from their websites whether they may have a cyber insurance policy.

Summarize its Cyber-Risk Insurance Policy. Do you recommend the business (you have picked in the first step) to select the insurer? Why or why not?  Share your rationale and reasoning. Feel free to make your own assumptions about the organization’s situation (size, budget, etc.) and business requirements. Feel free to make your own assumptions about the organization’s situation (size, budget, etc.) and business requirements.

Make sure to include the resources you cite in your post.

Answer 1

Lets take a firm in the financial services sector, which is looking for a cyber insurance coverage scheme. I have considered TATA AIG General Insurance Company Limited as the preferred insurer. The policy name is Cyber Risk Protector and policy contents can be found by doing a simple Google search.

The following are the broad points under the coverage terms.

Events	Description
Loss of Personal Information	Qualifying Breach of Personal Information
Loss of Corporate Information	Qualifying breach of corporate information
Outsourcing	Breach of duty in regards to processing of personal information and/or corporate information
Network Security	Introduction of any unauthorized software, computer code or virus to Third Party Data on the Company’s Computer System which is specifically designed to disrupt the operation of or corrupt or damage any software or data recorded on the Company’s Computer System
	Denial of access to an authorized Third Party to its data
	Wrongful appropriation of a network access code from the company
	destruction, modification, corruption, damage or deletion of Third Party Data stored on any Computer System
	physical theft of the Company’s Assets by a Third Party
	disclosure of Third Party Data by an employee of the Company

In this policy, coverage is also offered for any expenses that may be incurred when a regulatory investigation is carried out. Remedy for reputational risk, either at company or individual level, is also covered.

Under Optional Extensions, the following are covered

1. Multimedia Liability
2. Cyber/Privacy Extortion
3. Network Interruption

Exclusions under this policy are

1. Bodily injury and property damage
2. Criminal Acts
3. Intellectual Property
4. Prior Claims and circumstances
5. Terrorism/War

As more and more of our daily lives are getting shifted in the digital domain, online security has become an absolute necessity. Especially in firms, where customers’ financial transaction are taking place, data integrity is highly critical. Taking a cue from this and the ever increasing cases of digital frauds and hackings, several financial institutions are taking cyber insurance coverage schemes.

There are 6 key things that a firm should do while selecting the right insurance product

1. Try to answer the question “how much insurance is needed and how much risk can the firm afford?”
2. Review all types of coverage available
3. What is included in your policy
4. What are the exclusion terms laid out in the policy
5. What kind of data is covered under the insurance policy
6. What kind of costs and services are covered

The financial institution that I have taken as my example is an established player in the market with vintage of over 35 years. In this time, this institution has amassed quiet a sizeable amount of customer data, is offering a plethora of financial products and has multiple offices globally. When a company has such a firm presence, it is obvious that data is the most important asset for it.

The mentioned policy has extensive coverage terms that come under data breach, either at the company level or any misconduct by a third party outsourcing vendor.

Reputational risk is a very important factor for established companies and the fact that this policy offers coverage for any activity that needs to be taken to correct the image of the company, is a positive factor for choosing this policy.

One key element in this policy is coverage under extortion. Although this comes under optional extensions, it’s a term that a not a lot of other insurers are offering.

Taking into account the above factors, the insurance policy by TATA AIG is a preferable one for an established bank.