House of St John's (Leaderboard Ad)

Let's Talk

Your Total Guide To business

Ask the Experts: Data & Cyber Insurance

Question: How can I protect my businesses' electronic data?

Increasingly sophisticated means of collecting and storing data are not only changing our working lives and social contacts, but also establishing new parameters for industry, trade and commerce. Electronic data is becoming one of the most valuable assets a company owns as a result of the rapid advances in IT.

Despite the importance of this data, many companies still report that they permanently lose data. A global survey of 4506 businesses determined that 67% of them had lost important information over the past twelve months. Another 2013 survey noted that 43% of respondents had lost data in the cloud and had to recover from backups – and the recovery process had failed at least once for most respondents.

Over the past several years, there has been a lot of attention paid to third party cyber liability policies which indemnify a company for legal obligations related such matters as data breaches, the inability to access computer systems, or inappropriate use of internet media content. Cyber policies, along with property and equipment policies, seldom provide sufficient first party coverage if the data is permanently lost due to an accident – i.e. not retrievable from any storage medium. To address this gap, Lockton has partnered with Data Insurance Licensing Ltd. to offer a new policy that provides broader coverage and easier access to higher limits.

Data Loss and Safety Factors

Loss Scenarios – hardware failures, and the lack of comprehensive monitoring for critical systems account for the greatest majority of permanent data loss. Other common causes include human error, software failures, employee sabotage, power failures, viruses and natural disasters. Many large losses are the result of two or three scenarios unexpectedly occurring at the same time. For example, a head office server crash at the same time as a data storage centre fire, a tornado that destroys the two locations where data is stored, or a disgruntled employee with access to multiple copies of data.

Data Safety versus Data Storage

Off-site redundancy is better than onsite because it minimizes fire, theft and flood risks at the client site. Offiset data centres are rated by either SSAE No. 16, ISAE 3402 or the Uptime Institute which focus more on uptime (the ability to obtain data when required) than data safety. Management should consider the impact of multiple loss scenarios when deciding the redundancy strategy. What happens when a data service company accidently loses a customer’s data? What recourse is possible? The answer is none – because they know it is possible and to provide any meaningful financial compensation would severely damage their balance sheet. It is the responsibility of the data owner to create a data loss prevention strategy.

Cost Impact

Can generally be classified as business interruption, extra expense or consequential damage. The magnitude of the loss can vary from small to bankruptcy depending on the quantity and importance of the lost data. If data were irrevocable lost with no chance of recovery, respondents in a survey stated the damage would be lost customers (49%), damage to the brand (41%), increased expenses (39%), and tumbling stock price (20%) (i). Loss of data can significantly impact the company, customers, suppliers, employees and shareholders. Determining the cost impact of losing data is perhaps one of the most difficult things to determine – but it can be accomplished if the review is conducted by department or business sector.

Loss Prevention

Creating a strategy to protect against the loss of a valuable asset is critical in an organization. The data strategy should be documented and evaluated on a regular basis. Unlike static assets like buildings, data is in constant flux. Backing up data is one effective strategy and can be accomplished through various services, technologies and mediums. Just as important are the firewalls, login protocols, access restriction, and considerations regarding power supply, location, natural catastrophes and terrorism. When using different storage methodologies, consideration should also be given to retrieval time and time lapse between backups.

Insurance Coverage

Cyber policies should give some first party coverage for permanent data loss due to hacking, viruses or malicious damage, property policies for loss due to insured perils and equipment policies for accidental breakdown. The coverage provided varies greatly from payment for extra expenses such as re-inputting data to compensation for lost revenue.

Unless the insured has undergone an on-site review by the broker or insurer, it is likely that the data loss indemnity is sublimited to a value much less than the policy limit and also much less than the true cost impact of losing the data. Working with a broker that specializes in data risk will allow companies to obtain the best coverage possible.

To overcome these limitations, Lockton is introducing a Lloyd’s data loss insurance policy under license from Data Insurance Licensing Ltd. that provides high indemnities and broad coverage. This innovative policy focuses entirely on providing coverage against the permanent loss of data.

Once the desired indemnity is chosen, the data is automatically insured once it is backed up via a Lloyd’s approved data service. The policy provides compensation if data is lost and the data cannot be returned by the approved backup service. This policy truly provides the next generation in data loss insurance.

Lockton

North Quay, Temple Back, Bristol, BS1 6FL

Clear as Day Productions
Correct Careers Coaching (Animated Ad)
Wiltshire Teak (Animated Ad)
LV Electrix (Animated Ad)
TGt Recommended By
Longleat (Festival of Light Animated Ad)
The Bristol Montessori
National Self Build & Renovation Centre Generic (Animated Ad)
NSBRC (Jan 2025 Show - Animated Ad)
ANZ Leaderboard Ad

Weather in Bristol