From confusion to clarity: the importance of cyber insurance

From confusion to clarity: the importance of cyber insurance

< Back

2024 October 21

In New Zealand, businesses increasingly rely on Managed Service Providers (MSPs) to enhance cybersecurity and streamline operations but are Kiwi businesses really clear about the implications of a cyber attack?

In today’s global landscape, IT has become a cornerstone of business operations, driving efficiency and innovation. However, many businesses remain unclear about the potential implications of a cyber-attack and the importance of cyber insurance in ensuring that businesses have the right support when things go wrong.

MSPs are not immune

Whilst MSPs have quality cyber security, even they are not immune to being a victim of a cyber-attack. In 2024 there have been a number of high profile MSPs suffering cyber events which have resulted in losses to businesses reliant on them.

CrowdStrike, a leading cybersecurity firm, experienced a significant outage that disrupted its services globally. The incident affected customers' access to crucial threat intelligence and security operations, raising concerns about reliance on a single provider for cybersecurity needs. While CrowdStrike quickly addressed the technical issues, the outage highlighted vulnerabilities in the cybersecurity landscape, particularly for businesses heavily dependent on MSPs. This outage has been estimated to have resulted in well over USD $5 billion in direct financial losses to businesses.

Another example is in April this year, Dropbox reported unauthorised access to its Dropbox Sign platform, impacting customer data but no other services. A hacker compromised a highly privileged account through a system tool, prompting Dropbox to reset passwords and log users out for security. While there’s no evidence of document access, names and emails of non-account holders who used the service may have been exposed. Experts warn that this breach could lead to identity theft and increased phishing risks, urging users to change passwords and enable two-factor authentication.

Cyber insurance implications

As businesses across all types of industries start to adapt and evolve within a digital marketplace/landscape, cyber security and cyber insurance is becoming a more prevalent consideration. It is often a misconception of businesses that utilise the services of an MSP that it provides sufficient cyber security and costs in the event a company experiences a breach and loses data. CERT NZ has recorded year on year increases of data attacks and hacking against New Zealand businesses. As technology and generative artificial intelligence (AI) continue to evolve and become more sophisticated, so too are the cyber attacks experienced globally.

The average cost of a cyber insurance claim in the past twelve months was $45,000, with around 80% of these claims being a result of cyber incidents caused by, or relating to, the services of an MSP. The standard terms and conditions of an MSP makes it very hard to recover any costs from the MSP directly, typically only paying back part of their annual subscription.

A cyber insurance policy, however, provides businesses coverage for a large number of costs that may arise from a cyber-attack and sometimes even non-malicious incidents. These costs include:

Third Party Claims: The policy would cover you for legal costs, investigations, and compensation in the event that your business was unable to keep client’s data secure from events such as data breaches and cyber-attacks, as well as potential regulatory fines and penalties for accidental breaches of the Privacy Act

First Party Claims: The policy can reimburse costs that you would incur to respond to a breach, such as IT forensic costs, credit monitoring costs, public relations expenses, and cyber extortion costs (including ransom payments to attackers)

Business Interruption: This section of the policy would provide reimbursement for your loss of profits resulting from a breach, as well as any additional necessary expenses you may need to incur in order to continue business as usual

These costs form only part of what a Cyber Insurance policy can offer. Learn more in our article: What does cyber insurance actually cover

The team at ICIB Brokerweb has a great degree of familiarity with cyber insurance and will be happy to assist businesses in ensuring that they are properly covered for any costs that may arise from a cyber attack or incident. If you have any questions, please reach out to our Liability specialists on liability@icib.co.nz.