CyberEdge is a comprehensive risk management solution for cyber insurance offered by AIG. In a rapidly changing landscape, CyberEdge provides innovative protection to help businesses safeguard against sensitive data breaches (personal and corporate data), computer hacking, dumpster diving, computer viruses, employee sabotage or error, pilferage of information, security failures, business interruption and identity theft.
- Personal Data Liability - Breach of personal information/data protection laws
- Corporate Data Liability - Breach of corporate information
- Outsourcing Liability - Breach of personal or corporate information by an external vendor where the company remains legally liable
- Data Security Liability
- Defence Costs
- Data Administrative Investigation
- Data Administrative Fines
- Notification & Monitoring Costs
- Repair of the Company’s and Individual’s Reputation
- Electronic Data
- Pro Active Forensic Services
- Data Crisis Response Services
- Media content
- Cyber Extortion
- Network Interruption Insurance
Who is it for?
Any business which handles and relies on data as part of its day to day operations.
AIG’s CyberEdge insurance policy provides protection for the obvious and less obvious consequences of cyber risks.
Hong Kong’s Personal Data (Privacy) Ordinance came into force on 1st April 2013. There are important changes to this newly revised ordinance which may significantly expose your business to legal risk. The new legislation: - imposes stringent new provisions regarding the use and transfer of personal data for direct marketing; - exposes you to fines of up HK$1 million (and imprisonment of up to 5 years) in the event of noncompliance - requires you to make specific arrangements with any outsourced service providers to whom you entrust personal data; - gives the Privacy Commissioner enhanced powers of enforcement following investigation of any complaints against you; - empowers the Privacy Commissioner to provide legal support to complainants seeking compensation from your business for any breach of the legislation. Financial Services Providers handle personal information in one shape or form on a daily basis (such as employee or customer information) so this legislation has wide-ranging implications across the entire business community. This, of course, exposes business to risk.
THE FULL COST OF A BREACH
Your company may be exposed to the following costs: - Regulatory fines - Damages and legal expenses associated with defending claims from third parties - Diagnosing the source or loss of a breach - Reconfiguring networks, re-establishing security and restoring data and systems - Notification costs - Credit file or identity monitoring - Implementation of disaster recovery plan - Loss of net income A professional indemnity policy is unlikely to indemnify you for breaches of data protection legislation or the costs to your company following a breach.
News of cyber incidents and data breach can spread quickly, especially in the age of social media. Public and investor confidence in a company can diminish within hours, so managing the incident requires careful management and consideration of media, customers, staff and stakeholders. Swift action and a carefully managed public relation response will be needed to regain trust and protect your company’s reputation. CyberEdge provides 24/7 access to crisis communications and public relation management specialists as well as legal specialists to assist in managing the organisational and individual reputational damage.
ARE FINANCIAL SERVICES PROVIDERS AT RISK?
Criminals and hackers seek out sensitive information that they can sell on or exploit for financial or competitive gain. Data that could be considered attractive includes information regarding high net worth individuals and other financial institutions, investment strategies and targets, corporate data of portfolio companies, or potential merger and acquisition activities. As financial services providers increasingly turn to online platforms to reach out to their clients including the use of online systems in their day-to-day business transactions, the potential risk of a data breach multiplies. Remote and wireless working environments combined with the storage of sensitive client information on networks can also increase vulnerability to an attack.
CHECK FOR GAPS IN YOUR INSURANCE COVER
It is unlikely that coverage required in the event of a data breach will be adequately covered under the standard Professional Indemnity, Directors & Officers or Commercial Liability policies and it is possible that you may not be compliant with your regulatory obligations. The limited cover provided under the traditional policies will not be adequate in certain claims scenarios such as hacker attacks, virus transmission or business interruption due to the security failure of your company’s computer system, and mandatory and voluntary notification costs.
Any organization operating a Web site or conducting e-business needs protection from an invading army of exposures, such as e-theft, destruction of critical data, defamation, libel, copyright or trademark infringement, e-vandalism, e-threats, denial of service, and more.
CyberSecurity by Chubb is a flexible insurance solution designed by cyber risk experts to address the full breadth of risks associated with doing business in today's technology-dependent world. CyberSecurity by Chubb:
- Combines third-party (cyber liability) and first-party (cyber crime expense) coverages into one worldwide policy.
- Covers direct loss, legal liability, and consequential loss resulting from cyber security breaches.
- Is designed to easily integrate with your existing insurance program from Chubb and provides options for enhancing your cyber coverage based on your needs.
- Provides you with a complete online network security risk assessment, resulting in a comprehensive report of your company’s exposures.
CyberSecurity by Chubb Coverage Highlights
- Third-party cyber liability coverage for:
- Disclosure injury, including claims alleging unauthorized access to or dissemination of private information.
- Content injury, including claims arising from copyright and trademark infringement.
- Reputational injury, including claims alleging disparagement of products or services, defamation, and invasion of privacy.
- Conduit injury, including claims arising from system security failures that result in harm to third-party systems.
- Impaired-access injury, including claims arising from system security failure resulting in the insured’s systems being unavailable to its customers.
- First-party cyber crime expense (optional) for:
- Privacy notification expenses even if the notification is voluntary on the part of the insured (with an alternative limits of liability or number of affected persons approach outside the limit of liability).
- Crisis management and reward expenses, including the cost of forensic and public relations consultants.
- E-business interruption, including rst-dollar extra expense.
- E-theft and e-communication loss, extended to networks outside of your company’s system (financial institution risks only).
- E-threat, including the cost of a professional negotiator and ransom payment.
- E-vandalism expenses, even when the vandalism is caused by an employee.
- Endorsement capability for:
- Premier privacy injury, including coverage for claims alleging actual or potential unauthorized access to the private information of natural persons, as well as the non-public information of third-party organizations.
- Regulatory defense costs and nes, penalties and consumer redress associated with actual or potential unauthorized access to private information.
CHUBB Cyber Preparedness Report 2019
The second, annual Chubb Hong Kong SME Cyber Preparedness Report - ‘Ignorance is Risk’, revealed Small and Medium enterprises (SMEs) in Hong Kong SAR have a low level of confidence in their employees’ ability to manage cyber risk.
In fact, 47% of SME leaders in Hong Kong SAR say that their employees do not recognise the severity of cyber risks to the business, and 41% say there is no consistent understanding across their organisation of what cyber risk means.
The report showed an increase in the number of cyber incidents affecting SMEs in the past 12 months. It also examined the common types of cyber breaches, concerns among SMEs post-breach, as well as the incident response plans.
Key Findings from Chubb's SME Cyber Preparedness Report 2019
SMEs are most concerned about the effects on their relationships with customers (51%) after a cyber incident.
The most commonly experienced types of cyber incidents in 2019 were
- data loss through system malfunction, technical fault (29%)
- human error (24%)
- business interruption from system malfunction, technical fault (18%).
- More than half (54%) of SMEs do not have a data breach response plan in place.
- Nearly a third (32%) of SMEs did not purchase cyber risk insurance before or after a cyber breach.
DUAL also offers Cyber Insurance.
See below for application form and sample policy.
Cyber Comprehensive Insurance - Renewal only 2020 onwards
Pacific Insurances's CYBER COMPREHENSIVE INSURANCE, is tailored for Hong Kong enterprises, providing five types of cyber risk coverages across two categories, as follows:
Category A : Compensating insured enterprise's own loss
(1) The following costs incurred from personal data breaches:
I. Forensic services
II. Legal consultancy
III. Notification to data subject(s) and relevant regulatory body(ies)
IV. Credit monitoring
(2) Business interruption loss: the revenue loss during business interruptions and the extra expenses to maintain normal business operation due to cyber attack rendering business inoperative.
(3) Hacking attack loss: all relevant repairing or replacing expenses arising from damages to computer programmes and electronic data caused by hacking attack.
(4) Cyber extortion loss:the ransom paid directly in response to cyber extortion threat
Category B : Compensating insured enterprise's third-party liability loss
(5) Third-party privacy infringement claims: covering the insured enterprise's legal liability regarding personal data security and privacy, against any third-party claims arising from failure to keep safe the customers' personal or sensitive data. The compensation of claims, legal costs, defence costs and investigation fees, if any are included.
Pacific Cyber Comprehensive Documents
The threat represented by cyber risks is now as tangible as physical threats to a company’s assets.
Cyber risks are evolving and becoming more complex as technology and criminals increase in sophistication, heightening the propensity of cyber incidents and data breaches.
Once a breach occurs there are potentially significant and adverse ramifications for a company.
In its 2019-2020 survey identifying risk perceptions of more than 2,700 risk management experts, identified Cyber Incidents as the top peril for companies, globally, followed closely by business Interruption and changes in legislation.
Statistics published by Hong Kong Government's Information Security Website and Hong Kong Police Force, the number of computer related crimes in Hong Kong has doubled on year to year basis, causing billions of HKD in financial losses.
Previous incidents like "Wanna Cry" ransomware and numerous computer hacking incidents have affected a wide range of Hong Kong industries; including airline companies, travel agencies, educational institutions, telecommunication providers and internet providers.
This underlines the fact that technologies used in cyber-attacks are ever-changing and are almost impossible to prevent. Huge volumes of personal information, data and sensitive materials are stolen, as a result the affected enterprises are required to bear legal liability to their customers' losses and the consequence of a tarnished reputation due to weakened customers' trust and loss of public confidence.
Consider some of the costs that you may incur in the event of a cyber attack.
Network Expenditure Costs Or Damage To Digital Assets: The costs of retaining specialists to
ascertain where, when and how a breach occurred, plus the costs associated with repairing any damage to
data and programmes.
Network Extortion Costs: Payments for extortion or threats against your network. These include demands for funds to avoid corruption, damage, destruction, or introduction of a computer virus, malicious code, or a denial of service to any aspect of your computer network; or any threat/ series of related threats to release or disclose
Crisis Management Costs: The costs of notifying your affected customers, offering credit monitoring,
setting up call centres for concerned customers, and bringing in forensic teams.
See below, Allianz Risk Barometer
Cyber insurance covers such things as:
- Business interruption loss due to a network security failure or attack, human errors, or programming errors
- Data loss and restoration including decontamination and recovery
- Incident response and investigation costs, supported by a 24/7/365 multilingual incident reporting hotline and on-demand vendors
- Delay, disruption, and acceleration costs from a business interruption event
- Legal costs including exercising contractual indemnity
- Crisis communications and reputational mitigation expenses
- Liability arising from failure to maintain confidentiality of data
- Liability arising from unauthorised use of your network
- Network or data extortion/ blackmail (where insurable)
- Online media liability
- Regulatory investigations expenses
For more information Contact
Mr Robin Brown email@example.com or
Ms Romi Gill firstname.lastname@example.org
Tel +852 2530 2530
Circle Asia is a reletive newcomer to the Cyber market.
Its Financial lines, Cyber insurance, is underwritten on behalf of Talbot Syndicate 1183 at Lloyd’s; thui providing policyholders with Standard & Poor’s A+ (Strong) financial strength and security.
Circle's Cyber offers a market first in Asia; a
- First Party,
- Third Party and
- Business Interruption
Cyber solution, that comes with:
- free Avast Business Antivirus
- Firewall protection for up to 10 devices and
- 100GB of Cloud Storage with every policy
- a dedicated 24/7 incident response team to assist with any covered cyber incident.
Key Policy Features & Benefits Cyber Liability
• Cyber Liability Limits up to HKD 80,000,000 available
• Business Interruption Loss
• Waiting Period in respect of Business Interruption Loss - 8 Hours
• Remediation Cost
• PCI Fines & Assessment
• Social Engineering Coverage
• Funds Transfer Fraud
• Telephone Hacking Free Pro Plus
• Firewall 24 Hour Local Incident Response Line
• Crawford & Co Worldwide Jurisdiction on All Cover
This coverage reimburses companies for expenses related to recovering from damages to computer programs and electronic data.
Not all cyber claims are related to an actual data breach. For example, malware downloaded from an email could lead to lost, encrypted or otherwise damaged files, requiring expenses to repair and restore.
Third-Party (liability) and First-Party Coverage
What it does: Companies have an obligation to keep their customers’ protected health information (PHI) and personally identifiable information (PII) confidential. They may face potential liability if the information is exposed in a data breach. This coverage protects companies for liability to others and reimburses companies for expenses related to a data breach, which could include legal counsel and defense, a digital forensics team, notification costs, crisis communications and setting up a call center and credit monitoring for those affected by the data breach.
Many companies store their customers’ confidential information, PHI and PII, as well as confidential corporate information, either for themselves or for another company. For example, a recruitment company may have personnel records for the employees of dozens of companies it serves, which can mean that a single breach presents the potential for a significant liability.
Business Interruption Coverage
What it does: This coverage applies to expenses and lost revenue due to a ransomware attack, distributed denial-of-service (DDOS), operator error (accidentally deleting data), or any other computer virus or malware attack that impairs a computer system.
While many companies may have business interruption coverage as part of another insurance, cybercrimes are often excluded from the coverage.
Social Engineering Coverage
This coverage can be broken into two areas:
- funds transfer fraud (FTF) and
- telephone hacking (TH).
In short, fund transfer fraud involves a malicious hack, telephone hacking involves unauthorized access to a phone, such as intercepting calls or recording conversations.
Social engineering is a type of cybercrime that uses techniques to trick people into sending money or divulging confidential information such as passwords, bank data or other personal, protected or proprietary material. When directed toward business entities, often the goal is to fool employees into sending money, diverting a payment or transferring funds to the fraudster.
Why it is important: Even with the best security and practices in place, your business may still fall victim to social engineering fraud. Fraudsters continue to show their tenacity in developing new tactics. Therefore businesses need to be equally tenacious in your efforts to protect your business and your clients.
Zurich's 'Security & Privacy Protection', Cyber product is one of the newest in the Hong Kong market.
|1.1||Privacy Breach Costs||Costs associated with hiring professionals, such as lawyers, accountants, forensic and PR firms needed to investigate and manage a security breach|
|1.2||Digital asset replacement and Betterment expenses||Costs associated with replacing or restoring digital records, including hardware betterment costs to help prevent recurrence of a security breach|
|1.3||Security and Privacy liability||Costs associated with your legal liability to pay for some neglectful act, error or omission, resulting in breach of privacy or network security being compromised or damaged in some way|
|1.4||Business income loss and Dependent business income loss.. aka Business Interruption||Covers revenue you may lose and mitigation costs you may incur during a period of restoration due to a cyber event that interrupts serice..|
|1.5||Cyber extortion threat and payments||Repays any extortion payments you actually make.|
|1.6||Internet Media liability||Covers your legal liability to pay on account of material on your site that is judged as libelous, a plagiarism, some breach of copyright etc|
|1.7||Cyber fraud and Fraudulent impersonation||Covers a loss incurred on account of a staff being induced to make a transfer on a request that reasonably appears, to have originated from someone authorised by the company|
|2||Extensions of Cover|
|2.1||Company reputation cover||Pays costs of countering adverse media event.. ie publication of previously confidential information specifically arising from an actual or alleged breach of privacy|
|2.2||Continuous cover||If you accidentally overlook to advise of a claim or potential claim, and you have kept your cyber cover current, the insurer will honour the original intent of the policy, though may reduce its payouts if in some way it considers your delayed notice has prejudiced them in someway.|
|2.3||Data breach notification costs||Reimburses costs associated with investigating and reporting on some privacy breach.|
|2.4||Emergency Costs||The insurer will give retrospective approval to your incurring costs without their permission for say protecting your reputation, remedying damage to digital assets, mitigation the extent of the damage etc|
|2.5||Extended Reporting Periods||As this is a 'claims made' policy, it is important to make your claim during the currency of the cover..IF you did not renew such cover there would be an automatic extension of cover for 90 days and an option to continue cover an additional 12 months.|
|2.6||General Data Protection Regulations proceedings||Covers the costs of responding to a GDPR proceeding regarding some privacy breach or alleged privacy breach|
|2.7||PCI Security Standards fines and penalties||Pays fines you incurr for a violation of Payment Card Industry regulations|
|2.8||Regulatory proceeding defence costs and penalties||Reimburses losses you incurr in responding to any regulatory proceeding|
|2.9||Reputational damage income loss||This is not always easy to quantify, but the insurer will reimburse you for the loss you incurre due to reputational damage caused by acyber event|
|2.1||Reward payments||Repays reward payments you make, with the insurers agreement, for information that leads to conviction of the perpetuators of the cyber event.|
Allianz - CYBER PROTECT
Allianz Global Corporate & Specialty (AGCS) has more than a decade of experience in cyber insurance, protecting organizations against cyber crime and digital threats.
The types of risks they cover include first-party losses (e.g. business interruption, restoration, and crisis communications) and third-party losses, (e.g. data breaches, network interruption, and notification expenses). However, cyber insurance offers much than just compensation for potentially significant financial losses.