FAQs

A breach is an event where records are believed to have been compromised.

Business interruption (BI) is an impediment to business for some duration due to computer error, a hack, operational error or accidental hardware damage.

Cyber security is made up of two fundamental dynamics: the offensive threat landscape in which an organisation operates and the defensive posture which said organisation adopts. Like any dynamic, the shape of both shifts over time.

It’s a term we’re starting to see used throughout the industry, and what it really boils down to is risk management. In the same way that there is risk management for other more established threats, cyber hygiene is risk management for the non-physical threats – the things that are happening in the digital environment.

As well as people and culture within an organisation, it’s also the components that make up IT infrastructure. It’s the classic combination of security of digital assets within your IT estate, plus the people within your organisation, and the things that are happening from a policy, procedural and training perspective.

The major benefit of cyber insurance lies in the post incident services. Insurers provide relatively turnkey access to panels of expert vendors that will assist clients in managing an adverse cyber event. Rapid access to experienced professionals at the moment they are needed most is invaluable. Successfully managed breach events will be much less costly, have a lower liability impact and can even improve reputations!

Brokers are often asked this question, which opens a great door into a conversation centered around the value of a cyber policy rather than the cost. The perception of value is largely driven by understanding the benefits of cyber insurance.

Another contributing factor to a value assessment lies in comparing the likely cost of a cyber insurance policy to the likelihood of a cyber event occurring and the possible cost of such an event. Cyber risk analytics platforms can calculate answers to these questions.

Brokers experience many common objections during cyber insurance purchase negotiations. These may include ‘a breach won’t happen to us’, ‘we are 100% secure’, ‘we’ve never been hacked,’ ‘all of my information is safe because it’s in the cloud.’ Check out our Overcoming the Top 5 Objections to Buying Cyber Insurance to find out how to overcome these commonly presented objections.

Like credit scores, cyber security ratings are an attempt to measure risk. A cyber risk score, in theory at least, allows cyber risk to be quantified, compared and priced. In other words, cyber risk scores should facilitate cyber insurance transactions. For more information on the value of cyber risk scores, see our article What’s the Value of a Cyber Risk Score?

Silent cyber, or ‘non-affirmative’ cyber risk exists when cyber losses occur due to coverage from policies that are not designed to cover cyber risk.

Next generation risk analytics quantify business interruption (BI) as well as breach. Previous generations of analytics were definitely about the quantification of cyber risk, but that was mainly focused on breach. Because of notable business interruption events such as malware attacks including WannaCry and Petya, quantifying business interruption as well as breach has been brought to prominence. We’re seeing modelling to the ‘enth degree’ of companies related to other companies and their entire ecosystems – so things have become much more sophisticated in terms of understanding of sources of business interruption and quantifying these beyond breach.