Managing cyber risk in life science and health tech when insurance is hard to get

As a result, insurers’ premium rates are soaring, policy limits are being reigned-in, and insurers are forcing policyholders to have more ‘skin in the game’ by applying higher policy excesses. Where policyholders haven’t done enough to secure their data and networks, cyber insurance coverage is often unavailable.

Insurers are being very conservative in how they deploy their underwriting capacity, especially when it comes to underwriting large volumes of records, particularly where medical/sensitive information is involved.

Cyber insurance comes in many shapes and sizes; there’s no “one size fits all”. It’s important to tailor cover for your specific business – and getting the right advice has never been more important. To be of real value, a cyber policy should perform 3 key tasks;

• “Third party” cyber coverage – the policy must protect you from liability following a privacy breach or denial of access event due to a cyber event;
• “First party” cyber coverage – the policy must protect you (as the “first party”) against your own costs incurred in dealing with a breach, such as having to pay for IT forensics, subject breach notification costs, public relations expenses to mitigate damage to your brand, as well as legal costs following a cyber event; and
• Breach Response Service – where your insurer acts as a rapid response force, connecting you with the specialist service providers you need to help you recover from a cyber-attack.

First party coverage is currently the biggest issue, with claims costs associated with cybercrime, fraud and ransomware on a seemingly unstoppable upward curve.

The difficulty in securing underwriting capacity is market-wide; everybody is in the same boat. Against this backdrop, we’re here to help you get to the best position you can be; in preparing for a world where certain types of insurance coverage may simply not be available, we need to look at other ways to build resilience.

1.  Managing risk: we can support you with a range of powerful tools at your disposal:
   a.     KYND Reports: through our partners at KYND, we provide detailed reports on the cyber vulnerabilities threatening your business, and tell you how to fix them.
   b.     “Cyber Essentials”: a government-backed standard for cyber security – this ensures basic cyber security measures are in place, preventing approximately 80% of cyber attacks.
   c.     eLearning: did you know that 80% of cyber breaches are triggered by staff error, yet 45% of employees receive no cyber security training from their employer? Partners& can provide a scenario-based eLearning solution that can turn your staff into your first line of defence against cyber-attack.
   d.     Phishing tests: over 3.4 billion fake emails are sent on a daily basis, carrying malicious links and attachments. We can help you design, run and manage your own phishing tests.
   e.     Penetration Testing: 40% of UK businesses will suffer a cyber-attack or breach this year. We can identify all known weaknesses in your network, cloud, website, apps, mobile, VoIP, database, Wi-Fi and even physical space. We will identify your security vulnerabilities with penetration testing which makes you more resilient to cyber-attack.
2. Managing contracts: look carefully at the insurance clauses in your contracts – are you “on the hook” for unreasonable cyber risk? Remember you should always act as though you don’t have any insurance and behave prudently when entering into contracts – which means taking legal advice.
3. Restructuring your policy: talk to your adviser about differential section limit options, higher excesses and co-insurance deals, which may help to achieve the scope of protection you need while putting your insurance on a more sustainable footing.

Visit our ground-breaking Augmented Reality cyber security information portal, CyberSpace, to find out more.

To talk through your options on cyber risk, contact Hanna Beaumont.