Cyber Insurance; Casinos, Banks, and Your Business
On Thursday September 13th 2023 headlines were announced that both Caesars Entertainment had paid “tens of millions of dollars” to hackers who had compromised the networks of both Casino Operators. Caesar’s ransom payment follows a similar attack that targeted MGM Resorts. This is the latest cyber event to impact global businesses – and the fallout will be vast, simply because of the international nature of both companies’ operations. While Caesars Entertainment is not active in Macau, MGM Resorts does have holdings in the territory – so it may not be only American customers who will feel the fallout of this Casino hack.
The announcement that two major, well-funded, and well-prepared companies were the victims of an extensive hacking event should be a wakeup call to businesses around the world – especially as this was only one instance of cyber crime impacting businesses this month. From banks suffering extensive network penetrations through the hospitals and hotels announcing that they too are the victim of hacks and cyber threats, it is a statement of fact that cyber criminals are growing increasingly daring and competent with respect to their crimes.
Cyber Crime In Hong Kong
Hong Kong, a city with an extensive service sector and which is home to myriad financial services companies including, banks, investment managers, funds, accountants, and even insurance advisors, presents a very attractive target to cyber-criminal syndicates worldwide. In the modern world with the decentralized nature of business and the increasing opportunity for employees to take their work home it is no longer a question of if your company will suffer a cyber-attack but rather when.
It is important for businesses of any size to be adequately prepared in a worst-case scenario— and, unfortunately, a worst-case scenario is all too likely to happen in the modern world, especially for companies and organizations that are dependent on technology to achieve their objectives. While technology is undoubtedly an incredibly useful tool for businesses around the world it also presents one of the single greatest risks for any company.
Even with the best network security in the world, and highly competent network managers working inside your office, there is still the possibility that a vendor outside the company gives access to the wrong person— which is exactly what happened in the case of Caesars Entertainment. The interconnectivity that powers our day-to-day business decisions can also be a massive weakness that exposes companies to the whims of malicious elements. So, in addition to trying to prevent these events from happening (which is going to be an uphill battle at best) it is also important to be prepared for the fall-out of a cyber event when it does occur.
Cyber Insurance can assist with this challenge.
What is Cyber Insurance?
In the insurance world there are almost an infinite number of products, designed to protect against myriad different risks. If it is a risk there is probably a Syndicate, Underwriter, or Cover Holder, somewhere in the world that is willing to protect against that risk.
Cyber Insurance is the product that protects businesses and individuals from the financial results of being a victim of a cyber-attack. This is a fairly wide ranging and broad definition of coverage and can be a little bit more complex than a policy dealing with, for example, professional indemnity coverage.
Unlike professional indemnity insurance the coverage provided under a Cyber Insurance policy applies directly to a company – rather than any clients or customers. While customers may benefit from a cyber insurance policy, this is not the aim of this type of coverage.
Under a cyber insurance or digital risk insurance policy a business or individual is protected against any losses they make directly experience following a cyber event — like a hack or social engineering event that enables a bad faith actor to gain access to an organization’s network and computer systems.
This is a blanket form of protection that can be tailored to meet the specific needs of the organization or entity purchasing the coverage. Whether a business is concerned about business interruption after a cyber event (while they have to pause operations and figure out what’s going on), or having to repair their website after a vandal has gained access and altered the content on the platform, the scope of a cyber insurance product can be made to meet the requirements of the company holding cover.
Financial coverage offered under a Cyber Insurance policy can include:
- Privacy Notification Expenses
- Crisis Management Expenses
- Business Interruption Expenses
- Digital Vandalism and Recovery Costs
- Reward and Ransom Payment Expenses
Cyber Liability Insurance
Many cyber insurance products offer the ability to include coverage for 3rd party liability as it relates specifically to cyber events and digital crime.
Because the nature of cybercrime can be so vast and varied, an event targeting a single company can have far reaching consequences— knock on effects could mean an organization holds some form of financial liability towards its customers, or even the residents in the city in which it operates following a cyber event.
Disclosure Liability Insurance
Having to disclose a cyber event can be a costly time-consuming process, so many cyber insurance plans offer the ability to include Disclosure Liability Protection. In the event of a cyber-crime targeting an organization which holds this protection, the costs associated with providing the required details to a data regulator or financial regulator would be covered by the insurance.
Reputational Liability Insurance
Falling victim to cyber-crime as a business causes many headaches on its own. But having to disclose that event can lead to negative opinions on a company.
Questions may be asked as to how the attack was perpetrated, or why a company did not take the necessary steps to protect itself (and consequently its customers) from malicious actors. This can lead to a significant drop in business as clients avoid the company that was the victim of cyber-crime. Under a cyber insurance policy, it is possible to include Reputational Liability Insurance protection to deal with the financial consequences of a business reputation being affected by a hack.
Content Liability Insurance
Many companies do business through their website, and if that front facing marketing platform falls victim to bad actors, then the company owning it can be facing a lot of trouble.
Content liability insurance protects businesses in the event that their website or social pages are hacked and unauthorized content is placed on the systems. This could be anything from false financial statement through to criminal material, but the existence of non-authorized content on a website or other marketing materials is extremely problematic and can cause extensive issues. Under a cyber insurance policy with a content liability coverage benefit a business would be indemnified against malicious content that was placed on its digital platforms.
The Need for Cyber Insurance
With major organizations getting exposed as the victims of cyber-crime the need for adequate protection cannot be overstated for smaller businesses and companies. This is particularly true for any business that holds or utilizes client data for its business needs; a great example of this would be a bank or a wealth manager.
All businesses will be the target of a cybercrime at some point in their existence. Whether or not that crime or that attempt is successful depends on a large number of factors — like, for example, how interconnected is that company with its vendors, how recently has it updated its network systems, and how aware of the potential for social engineering is that company’s workforce?
In a worst-case scenario, with a persistent and dedicated attacker, a company could lose all its sensitive information and be locked out of its systems entirely. If that eventuality ever came true for your business, how would you respond? What tools would you use to overcome the time and financial investment that is going to be required by any sufficient recovery?
Cyber insurance exists to answer these questions even if many businesses are not asking.
CCW Global has been offering Cyber Insurance support to businesses in Hong Kong and across the Asia Pacific Region since 2013. Our expert Insurance Broker are able to consult with your key stakeholders to create the perfect coverage for your company.