Traditional insurance policies have not been written with Cyber risk in mind and often neither include or exclude cover. Does the ambiguity mean you are, or are not covered?
Is Cyber risk mentioned in your insurance policy?
While dedicated Cyber liability insurance has been specifically designed for modern risk, explicitly laying out what your practice will be covered for, there is a silent Cyber risk in other policies that you typically would have.
Silent Cyber risk is relevant to insurance policies, such as property or liability cover, when potential Cyber exposure is not specifically included or excluded.
While ideally as a practice owner you will have dedicated Cyber liability insurance, many are unsure what they need to choose in their policy. With Cyber insurance being a relatively new type of cover, there is not yet consistency across the policies available – making it hard for practice owners to compare their options. Speak to a specialist broker at All Med Pro for expert advice on where your Cyber risks lie.
In terms of Cyber claims, these can be for malicious or non-malicious reasons, the difference being loss of tangible or intangible assets that are intentional or unintentional:
- Malicious – such as a Cyber attack or a virus infecting your IT system
- Non-malicious – such as loss of customer data, accidental acts or omissions.
Traditional policies might not explicitly talk about Cyber cover, but if it is also not excluded in the terms and conditions then there is a case to make a claim in the event of a Cyber-related attack on your practice.
However, with the increase in volume and sophistication of digital crime, it is likely that this cover will begin to be explicitly mentioned in policies. The Supervisory Statement SS4/17 issued in July 2017 by The Prudential Regulation Authority (PRA) discussed this exposure to insurance companies and suggested three courses of action for their relevant policies:
- Adjust the premium to reflect the additional risk and offer explicit cover;
- Introduce robust wording exclusions; and/or
- Attach specific limits of cover.
The future for Cyber Liability insurance
As Cyber claims increase and the market better assesses the losses associated with digital crime, Cyber liability insurances will become more standardised. This will not only help healthcare professionals and practice owners to choose the right level of cover for them, but also will likely make clearer what can be claimed for under the traditional policies.
When Cyber risk is more understood and insurance options more prevalent, it is likely that explicit clauses will be added to many non-Cyber policies, or premiums will simply be increased to account for expected losses.
You can’t ignore your Cyber risk
It can be easy to sit back and hope that your practice is covered for losses occurred under your current insurances. However, savvy business owners should consider the Cyber risks they face. The healthcare industry is the most commonly targeted sector due to the lucrative sensitive data held.
Loss of patient data or an intrusion to your IT system can mean a disruption to your service, a loss of revenue and damage to your reputation. If you are found to have lax procedures in place, you could also face fines of up to €20million under General Data Protection Regulation (GDPR) laws.
Cyber criminals have clever techniques to hack or elicit data from your systems. Cyber liability insurance not only gives you peace of mind that you are well protected, but your insurance provider will should also provide support to protect your practice from potential threats.