We have become increasingly reliant on digital technology and databases to manage sensitive information.  Our dependency on these digital systems was accelerated during the pandemic when many of us managed our work and business activity remotely. At the same time, the number of malicious cyber-attacks on businesses and individuals has also risen and no company is invulnerable to this threat.

As more and more financial, personal and business critical information is held within often flawed digital systems, rogue states are viewing cyber warfare as a legitimate front line, funding more sophisticated hacks on individual organisations with the real potential to destabilise economic activity. In addition, there are individuals and crime syndicates who are also exploiting digital vulnerability with the express purpose of financial fraud or extortion.

 ‘In this period of heightened cyber threat, it has never been more important to plan and invest in longer-lasting security measures.’
2022 Lindy Cameron CEO of the National Cyber Security Centre UK Gov

Evolving threats, and greater reliance on digital storage means there is huge pressure on businesses to safeguard sensitive data. Companies of any size are much more likely to be held to account for security breaches, particularly where there has been a systemic failure to put in place adequate protection.

Cyber security should be an integral part of any business structure. As we have seen with a number of high-profile breaches, even amongst the most digitally savvy organisations (such as Linkedin, which experienced data breaches in 2012 and 2021, Yahoo in 2014 and Facebook in 2019) no company can afford to be complacent.

While prevention is the best form of defence it is very difficult for businesses to predict exactly where and how the next threat will evolve. Cyber insurance is an invaluable asset because if the worst does happen it can help your company recover, offering financial, legal and structural support.

Cyber threats, such as phishing, malware, denial of service and data theft can expose companies to:

• Financial loss
• Loss of personal records or client databases, emails and system accessibility
• Website loss or interruption
• Business Interruption
• Reputational Damage
• Legal action
• Threat to life

Comprehensive Cyber Insurance offers

• Forensic analyses of cyber security failings
• Financial compensation for structural and reputational recovery
• Expert legal advice and cover

Castleacre can advise on bespoke Cyber Insurance to help you protect your business against cyber threats.

Email phishing and baiting is something that most people are familiar with, from fake bank queries asking for personal information to emails from personal contacts requesting emergency financial help. In the past email filters and poorly written emails helped companies identify fraudsters but this is increasingly difficult particularly with the rise in social engineering techniques in which criminals extract confidential information or money by impersonating company directors and trusted suppliers. Criminals recreate emails and even websites which closely replicate legitimate contacts, copying logos, typefaces, shared information, and writing styles – they then leverage the social or business relationship to gain money or information from the company. As almost all communications even within a company are conducted online the criminals’ success relies on a natural security weakness – an innate desire to trust our business and personal contacts at face value.

While most standard office policies cover data breaches few offer adequate cover for fraudulent crime but it is now possible to buy a crime insurance policy to sit alongside your risk management controls with an option to include additional social engineering cover. In the past, this was something that only large companies considered as they were more likely to be targeted but from our own experience, there has been an increase in these sophisticated attempts to extract information and money across all business sectors.

In today’s world of fast digital communication, it makes sense for any businesses to consider a crime insurance policy with additional social engineering cover as it is relatively inexpensive policy with all-risks cover – as an indication £500,000 of indemnity cover can be bought for a premium of around £1000.

What Does a Crime Insurance Policy Offer?

A crime insurance policy covers risks such as
• criminal taking or misappropriation of your money, securities, or property (with no distinction between employee and third-party losses)
• physical destruction or disappearance of money and securities while on premises, in employee custody, or in transit
• criminal taking by an employee of money and securities or property to the deprivation of a client
• criminal taking by a third-party of client money, securities, or property in your control and for which you are liable
• expenses cover to establish the existence of the loss and verify it’s amount. This also includes notification expenses in the event of a data breach
• computer violation by an employee
• telephone fraud
• public relations costs following a covered claim to limit or mitigate the impact on your business
• court attendance costs if a person has to attend court as a witness in respect of a client crime

Additional Social Engineering Cover

In addition Social Engineering Cover, which specifically addresses impersonation of director, customer, employee or supplier to defraud the company, can be added on to this policy as an extension.