Cyber crime and professional indemnity insurance
News stories about hacking make regular press headlines around the world and the incidents are likely to get worse...
There’s a common misconception that cyber-attacks are only a “big business” problem and it’s easy to see why. Attacks on larger businesses tend to grab the attention of the press because they involve familiar brand names and involve substantial amounts of customer data. In reality, 96% of all cyber-attacks are directed at small and medium-sized businesses.
The issue of hacking should be a growing concern to all professional businesses holding sensitive client data or client money. But whether or not hacking is covered under a professional indemnity policy is an area in need of some investigation and clarity.
In this article we consider the following key points;
- Is cyber crime covered by PI insurance?
- Are first party claims covered?
- Do we need cyber insurance?
- What happens if different policies overlap?
- Getting some expert advice
Is cyber crime covered by professional indemnity insurance?
Most professional indemnity insurance policies carry an exclusion of cyber insurance risks.
Some professional indemnity policies will cover certain cyber risks which emanate from external sources, although this probably won’t be because they have specific hacking or 'cyber' sections built into the wording, but simply because the policy wording is already wide enough to capture it.
So if your client suffers a financial loss as a result of their important information being hacked from your systems, it's possible you already have some cover under your professional indemnity policy, but you would need to review your policy wording and any exclusions.
Some policies will provide limited cover in the form of 'inner limits'. For example, if a PI policy provides a £ 1 million limit of indemnity, the cover for hacking could be limited to £ 100,000.
Loss of client money as a result of hacking will also vary widely between policies although with the exception of the legal profession, most policies will not be providing cover.
But the insurance market offers different levels of professional indemnity wordings from basic 'negligence' to full 'civil liability' and it's likely that not all of them will cover claims arising from hacking. Also, the standard of care expected of companies in relation to cyber threats is increasing and needs to be considered constantly in the context of insurance coverage.
The true extent of cover and how a PI policy should respond to a breach in a firms IT and Communication systems, has yet to be tested properly in court. So this is new territory, often described as a minefield.
Are 'first party' claims covered?
Whether or not you have cover under your professional indemnity insurance policy, it would still only be cover against third party losses. Your own losses wouldn’t be covered.
Do we need a cyber insurance policy?
The gaps in cover against hacking can be filled by a cyber liability policy so this should be considered. There are plenty of ‘cyber’ insurance products now coming into the market although these need to be looked into very carefully to ensure they actually cover the scenarios where you feel your business is most at risk.
What if cover overlaps between different policies?
Cyber insurance is new territory for many insurance companies. Some of the insurance products available are excellent while some have been described as 'not worth the paper they are written on'. At the moment it's easy to buy a product which doesn’t cover what you think it does or perhaps duplicates cover already provided under another policy (PI, office etc). So good advice is essential.
Get some expert advice.
It’s important to get some good specialist advice from a professional indemnity insurance expert. We can help you with this so please get in touch.
This article is intended for information purposes only. Whilst all care has been taken to ensure the accuracy of the article at the time of writing, it is not to be regarded as a substitute for specific advice. For specific advice please contact your insurance broker or solicitor. © Professional Indemnity Insurance Brokers Ltd