Why Financial Institutions Need to Properly Address Cyber Risk
Well publicised data breaches and phishing attacks on Australian businesses are highlighting the need for appropriate Cyber cover.
It is essential to have an understanding of the different Cyber issues and considerations that apply to specific industries, before purchasing a policy.
Many businesses in the financial services sector have a heightened exposure to Cyber breaches due to the sensitive nature of customer information that might be stored, the presence of online transactions or trading, the volume of records stored, and the legislative environment in which they operate.
As a result financial institutions need to be aware of how a Cyber policy will interact with existing policies held by the company before making a decision, to avoid unnecessarily expensive premiums or being underinsured when a claim is made.
In some circumstances policies traditionally purchased by financial institutions can, and will, overlap with aspects of cyber insurance. For instance, Professional Indemnity insurance may respond to client demands arising from an alleged breach in keeping data safe.
However, these overlapping areas of cover provided by Directors and Officers liability, Crime and Professional Indemnity policies, may not meet the ever evolving risks to cyber security that Australian businesses face.
When reviewing Cyber insurance options financial institutions also need to consider:
Alignment of the risk register to Cyber insurance – how does the Cyber insurance policy respond to key exposures and scenarios identified in the Risk Register? How will existing financial lines insurance policies respond?
How much cover is required – what limit of indemnity is ‘right’, and how does an institution know that it is buying enough cover?
Insurer options – is the option being reviewed the best available? Is it well suited to the financial services sector? Is there commonality of insurer with other financial lines insurances or is there value in investigating different insurers?
Speak to your Marsh contact today to find out more.
Disclaimer: This blog is not intended to be taken as advice regarding any individual situation and should not be relied upon as such. The information contained herein is based on sources we believe reliable, but we make no representation or warranty as to its accuracy. Marsh shall have no obligation to update this publication and shall have no liability to you or any other party arising out of this publication or any matter contained herein. Any statements concerning legal matters are based solely on our experience as insurance brokers and risk consultants and are not to be relied upon as legal advice, for which you should consult your own professional advisers. LCPA No: 17/0024.