an intro to cyber insurance for smes · an intro to cyber insurance for smes stephen ridley, lead...
TRANSCRIPT
An intro to cyber insurance for SMEs
Stephen Ridley, Lead Cyber Underwriter
Business insight
3
ENHANCE FLEXIBILITYBeing able to choose what and how much to include
is appealing
01
SIMPLIFY LANGUAGEThey still may not know enough to decide which to
include – simplify policy language and buying
process
INCLUDE SERVICESThese came through as very appealing aspect of
proposition – consider including this component in
the base product
02
03
What do businesses want?Getting the structure right
CONSULTATIONAs many don’t know exactly what they need to do, a
consultation when they first sign up to evaluate
existing policies and measures and advise on
improvements would be valued
04
4
SPECIALIST ADVISORCyber is a new purchase. Customers want objective
guidance to ensure they get the right cover for their
needs. Can an advisor go through a series of
scenarios one on one?
01
SIMPLE QUESTIONSThey don’t know exactly what they need. Questions
to form the quote need to be simple and easy to
answer
ADVICE ON BUILDING
QUOTEThey are open to being educated and adding
additional cover – in order to do they need
objective, genuine advice but not a sales pitch
02
03
What do businesses want?Enhancing the purchase process
5
LEAD WITH SERVICESThe most unique feature and addresses key needs,
especially for those less engaged in category
01
TAILORED APPROACHPromote ability to pick and choose to suit business
size and needs
PROVIDE EVIDENCESuccess stories to show what happened when they
claimed, especially showcasing how a loss is
valued
LEAN ON HISCOX
EXPERTISEFew have a cyber insurance benchmark but believe
you get what you pay for so want to go with reliable
providers
02
03
04
What do businesses want?Communicating about the new product
Spotlight on cover:
Hiscox CyberClearWhat does a typical policy look like?
Own lossesClaims and
investigations
Financial crime and
fraud
Property damage
Hiscox CyberClearWhat does a typical policy look like?
Own losses
• IT forensics to get to the bottom of what has occurred
• Legal costs to determine next steps
• Notification costs to regulators and customers, if
necessary
• Provision of credit monitoring to affected individuals
• PR / communications support, including call centre
set up
• Ransom payments – where necessary
• Data / system rectification costs
• Lost revenue or increased costs incurred as a result
• Temporary recruitment costs
Hiscox CyberClearWhat does a typical policy look like?
• Legal costs to defend lawsuits
• Damages awarded or settlements made
• Regulatory investigations, including GDPR
• Fines / penalties, where insurable
• Breaches of PCI-DSS
• Claims for onward transmission of a virus
• Defamation or breach of IP arising from online
content, including social media
Claims and investigations
Hiscox CyberClearWhat does a typical policy look like?
• Systems being hacked and funds / property stolen
• Employees being conned in to transferring funds to
criminals
• Customers / suppliers being conned in to paying to
criminals, following a hack of your system
• Corporate identity theft
• Fake, imitation websites being set up
Financial crime and
fraud
It’s not just about insurance cover
The Hiscox CyberClear AcademyBackground
12
The CyberClear Academy is an online cyber security training tool available for Hiscox cyber insurance policy holders and their employees. Its benefits:
• Extensive training on cyber security, featuring over ten modules including phishing, social engineering, password safety, BYOD and social media use
• Content is tailored based on existing knowledge
• Learning is continuous – on-going employee cyber awareness training
• Helps clients to stay cyber compliantwith regulatory obligations
Cyber claims proposition
Cyber insuranceClaims proposition for traditional vs cyber
14
Cyber insuranceClaims proposition for traditional vs cyber
15
vs
Cyber insuranceThe claims proposition
What are the mechanics of getting covered?
18
Hiscox CyberClearPortfolio underwriting
Question 0-1m 1m- 10m 10m - 50m 50m +
Are you Cyber essentials accredited? Yes Yes Yes Yes
Do you have a formal password policy that explains good password hygiene, such
as not using obvious or repeated passwords, for all systems providing access to
personal or confidential information?| No Yes Yes Yes
Do you update all systems including firewalls and anti virus software at least every
30 days? No Yes Yes Yes
Are full system backups taken at least weekly and stored either off site or
disconnected from your network? No No Yes Yes
Do you hold, process, transact or store any of the following personally identifiable
information (other than your employees' information);
credit or debit card information;
bank details;
medical information;
or government issued identification? No Yes Yes No
For how many people (including customers, employees and suppliers) do you
process, transact or store any of the following information;
credit or debit card information;
bank details;
medical information;
or government issued identification? No Yes Yes Yes
How many people do you process, transact or store basic profile information
(name, address, email, phone number)? No Yes Yes Yes
Do you have a policy to encrypt mobile computing devices (for example laptops,
tablets, mobile telephones, PDAs) and portable data storage media (for example
external drives or magnetic tapes) which hold, process, transact or store any of
the above personal data? No Yes Yes Yes
Are you compliant with the Payment Card Industry Data Security Standards
(PCI/DSS)? No Yes Yes Yes
Turnover
Cyber insuranceHow is cover priced?
19
Vehicle groupDriver’s
age/experienceLocation Usage
Security devices
Modifications = Premium
Base ratingCulture /
awareness
Understanding data /
assigning responsibility
Managing security
Patch management
Identifying issues
Readiness for breach
= Premium
Motor
Cyber
Thank you