Cyber Insurance – A Buyer’s Guide Part 3

0

In this third article in our series about cyber insurance, we’re looking at two publicised examples of how a Cyber & Privacy Liability Insurance policy might respond to certain instances of unauthorised access or data breaches. The first is caused by human error and the second looks at an attack from an intentional malicious third-party.

Of note, whilst this refers to publicly available information with respect to potential policy application, assumptions are made, and all applications are entirely hypothetical. These hypotheticals assume the organisations have in place an equivalent market leading cyber insurance policy.

Red Cross: Human Error – Data Breach

On 5th September 2016, a database file containing information relating to approximately 550,000 prospective blood donors, who had entered their details into the Red Cross (the insured) website was saved to a public-facing web server. The file was inadvertently placed on the web server by an employee of a third party provider. As a result, the data file was discovered and accessed by an unknown individual on 25 October 2016. This lead to a data breach, which if occurred now, would potentially need to be notified to the OAIC and impacted individuals, under the recently introduced Mandatory Breach Notification scheme. The breach could also have a significant impact on the organisations reputation. The below outlines how a Cyber Insurance policy may respond in such an event, to assist an organisation in the event of a breach.

Insuring Clause

Whilst there is no standard Cyber Insurance wording within the Australian market, we assume the Red Cross has a market leading policy in place. The above scenario involves an event, loss or a claim that would potentially trigger a number of Insuring Clauses broadly covering:

– Data asset loss/rectification costs;
– Regulatory/privacy liability;
– Third party liability.

Once triggered, the above clauses respond in the unique capacity, in that provided is a potential promise to pay, but also a service team offering. The combination of such is outlined below…Click here to read full article.

Share.