Here’s a longer video, around 18 minutes (it’s longer as this is so important) on why, in today’s online digital world, it is critical to have Cyber Insurance in place to protect your business and the personal and sensitive information you keep on behalf of your clients.
This is an interview with Sallie Payne, Account Manager | Corporate at Gallagher.
If you prefer to read it, see below.
Kim: Do any of you have data that you store online, important information about your clients and do any of you use say the cloud, or if you came into work one morning and your computer didn’t fire up and you couldn’t access any of the information… would that be a problem?
Well, I’ve got a really really important Make It Count today because for most of you, you’ve got your PI cover so that you know that if you give some advice and something goes pear-shaped, you’re going to be covered.
However, what I’m finding through talking to a lot of advisers out there is that they’re not covered if something happened in the digital space.
Now this is what I’m calling the whole cyberspace, and look I’ll be honest, it kind of eludes me a little bit too.
So I’ve got a very very smart person here with me today, who does this for a living and she protects businesses that if something in that cyber world was to come in and stop them from doing business, she’s gonna make sure they’re protected.
Bonus for me, it’s actually my sister.
This is Sallie Payne, so welcome Sallie.
It’s so cool to have you here.
And a couple of years ago, Sallie does all my PI cover and all the cover that I need and she’s the one who said to me, listen Kim, given a lot of your data is actually online and in the cloud, you really need to have Cyber Insurance.
Now to me, that didn’t me a lot.
I had a kind of cyber policy, but I didn’t have Cyber Insurance.
I have for the last two years and I want her to discuss why potentially, as an adviser, you might need Cyber Insurance too.
So firstly, Sal, can you share why is this so important… today?
So, a lot of businesses are going digital.
When I say a lot, pretty much every business that wants to have a client base that can contact them and understand where their business is coming from, you need to be online.
And we understand that.
But particularly for Financial Advisers.
I’m not in your business, but I do have a Financial Planner and I know that they hold a lot of my personal data, that includes my address, my personal details but most importantly, my bank account, my finances, everything.
And that it super sensitive data.
So, what we’re seeing a lot of is, particularly in the corporate insurance space, is how many businesses are being affected by cyber incidents and cyber attacks.
Australia is relatively new to this space because we haven’t had a Privacy Act Law come into place.
For regions such as the US and Europe have had Privacy Act issues in place for decades.
We’ve just now had the new Privacy Act notification of breach laws, effective as of the 23rd February.
Kim: What year’s that?
Kim: Oh it’s now, oh right it’s that new, wow, ok.
And that means that there are more onus and responsibility for business owners and directors and the like to ensure that their clients’ data is safe and secure.
If they do incur a breach, they are now, by law responsible to notify the Privacy Act Commissioner that there’s been a breach and then they need to reach out to every single client or customer that they have.
Even though it may have been a breach to only a certain percentage of their clientele.
The law states that you must notify every single one of your clients that there’s been a breach and how you are going to remediate that.
Kim: So if I have just say been hacked on line and it hasn’t directly affected any of my clients or my dealings with those clients, you’re basically saying that I still have to tell all my clients that I have been hacked?
Is that what you’re saying?
Sallie: Yes, absolutely, and by law.
Sallie: Yes, and if you are in breach of that, and you do not do the right thing then you are up for some major fines and penalties.
Kim: Wow, ok, ouch.
Sallie: Mmm, so it’s a huge onus and new responsibility now for businesses to be more aware of what cyber and digital space that we’re in now.
Kim: So, let me get this right.
And obviously now having cyber insurance myself and still understanding very little about it.
The other day I was talking to a friend of mine who’s a PDM and works with a lot of advisers and she was saying that one of her advisers did get hacked and they were asking for a ransom, now a ransom of only a couple thousand dollars.
However, this adviser came into work that morning, they could not access any of their information, they called their IT provider and they said “this is now out of our scope”.
And basically, if they wanted any of that data back they had to pay the ransom of a number of thousand dollars.
Now they’re a small business owner and literally they had to pay the money.
So is this kinda the thing where Cyber Insurance would have, I’m assuming there are lot of conditions attached to that, but it might have helped?
Sallie: Yes, to put it simply, the cyber policy works in two ways.
It covers first-party costs which means the costs and exposures to your business.
So that includes for example, business interruption as a result of not being able to be able to access all of your systems and accounting software and what not.
So, any business interruption that you incur and of course any costs to try and rectify the fact that your software or your website or anything that’s been hacked and you need to reinstate that.
There’s also a third party cost so that is what we’re talking about before, so that is your liability to others as a result of a cyber incident.
Now your Professional Indemnity Policy that you purchase which would cover you for negligence, errors and omissions, basically… so if you provide negligent advice and that results in a third party suffering a financial loss, your Professional Indemnity Insurance would cover that.
If you are a victim of a cyber incident and you don’t notify your customers appropriately or a customer finds out, the client finds out and they wish to proceed against you, your cyber policy will cover the legal defense costs and any compensation to your third party.
So that’s when we say third-party costs, that’s your legal liability to others.
That also extends to that Privacy Act Law that we’ve been talking about.
If you if you are in breach of that and do have a fine or penalty against you, your cyber policy will provide that cover.
But I think the most important thing is what with Kimmy’s example is if you are, if you find you get into work the next morning and you go and log on and you can’t access your data and you’re all of a sudden faced with this huge dilemma, what do I do?
And you’ve called your IT provider and they put their hands up and say this is not our problem and we’re seeing a lot of that shift of responsibility.
A cyber policy gives you immediate access to 24/7 hotline service.
So a couple of insurers that are well known in this space globally, who lead the way in Cyber Insurance for example such as Chubb or CFC underwriting, they have, they offer you a 24/7 hotline so that means if you have this incident you call them at any time, so say you’re an early bird like myself, you might get into work at 6 o’clock in the morning and you want to get started early and you find yourself either in an extortion circumstance or you just can’t access things and you know that you’ve been hacked.
You ring the cyber hotline and there is a panel of insurers, a panel of experts that sits behind them, so you might have a forensic accountant that might be there, you might have an IT specialist, a PR specialist to ensure that your brand is not affected as a result of this.
As we move forward from this Privacy Act Law being introduced as I said there’s is a lot more onus and responsibility to directors and owners of businesses to ensure that they are complying.
So, you want to make sure that your brand is protected as well.
Kim: Oh absolutely.
And in my understanding, just say I came to work today and I couldn’t access anything.
My IT department has said, not something we can help with, I would call the hotline and they would handle everything for me.
They would maybe negotiate this ransom, but they would tell me everything that I had to do to try and get out of this pickle and get me back operating as soon as possible.
And it’s the insurers interest is to make sure that they can mitigate any further losses from occurring.
So they’re going to want, it’s in their interests to make sure that you’re doing everything right, because at the end of the day your policy, depending on the limit that you purchase, your policy can respond to any of those items that were discussed, so any of those first-party expenses that you incur or the liability that you have.
So, the sooner that you call them they will be able to put, cause they want you to get back to your business as usual as quick as possible because, of course, they don’t want to be paying out the money.
So, it’s having that sleep easy and that comfort knowing that you have the protection and someone there to help you when you’re not sure what to do.
And certainly, I’ll be honest, I’m not an IT savvy person but certainly if I was presented with that event I would want someone to have my back and that’s why, that’s predominantly why businesses purchase that.
Kim: You’ve heard about this now, either beforehand or because of Sallie, and you just want to know, is this something you need, which quite frankly if you’ve got any online data I’m assuming the answer’s… yes.
Kim: This is not advice though.
You must seek your own professional advice.
However, if they did want advice, because all of the advisers out there that would be potentially listening to this have PI cover at a minimum, so what would they do next, where would they go?
Sallie: So yes, that’s a good question.
So, I would contact your broker straight away that places your PI insurance.
If you are through an Association, so your insurance is placed through an Association, then I would speak to the Association because I’m not sure if there would be a cyber policy through the Association.
But I highly doubt it because it is quite a new product, in Australia particularly.
I mean, as I said it is quite a mature product in the US and Europe.
But what I would do is if you have your own broker that’s placed your Business Insurance and PI Insurance then certainly raise the question with them.
What I would say is this is one of the most critical parts of risk at the moment that we are seeing.
Yes, property, liability, professional indemnity, management liability, those are all extremely important, but I think particularly for certain industries, such as yourselves where you are holding highly sensitive data, but also for example, retailers.
I know I’ve got a couple as my clients who are national and international retailers.
You know having personal information potentially being breached, I mean that is, if you think about it yourself, it is very scary.
So, considering that you deal with peoples sensitive financial matters, this is something that you really want to make sure you are protected against.
So my advice would be certainly, speak to your broker and find out what they can offer you.
There are certain insurers that are now coming out with these products that may be immature in the way that are able to provide additional services, so we would recommend making sure you’re aligned with an experienced and Global Insurer that has a profound amount of experience to ensure that you are covered correctly and have those 24/7 back up services available to you, which is super important.
Kim: Great, and I know you work with Arthur Gallan, who is a big global insurer themselves, so if just say their broker, this is not the space that they work in, and I know that is the case as I’ve spoken to a number of advisers lately who have mentioned that their adviser or their broker hasn’t been in this space, could we put some details of say your team below in the notes if someone does want to talk about this in a bit more detail and find out, is this something that you need yourself?
Sallie: Absolutely, so Gallagher is a multinational broker…
Kim: Gallaher, I said Gallan, ah sorry, ok…
Sallie: That’s ok, but do I need to redo it?
Kim: No, let’s carry on.
Sallie: But Gallager is, we’ve just had a name change so it was Arthur J Gallagher but we’ve had a bit of a brand refresh.
We are Gallagher.
We’re one of the top US brokers, we’ve got offices all round the world, we’re probably the top, one of the top three brokers internationally.
Kim: So, you know your stuff?
Sallie; We know our stuff. We definitely do.
And we have an actual dedicated cyber area specialist and a team behind that, that assists.
So, we’re more than happy to provide any assistance if there’s any queries that result out of this broadcast.
Kim: Thank you and I’ll put those details below, and I mean especially, I mean this is now April 2018 and most of you would have heard about all the drama that’s gone on with Facebook and the breach with, well data and the data sharing issue, so cyber is now part of our life and I know personally that my website has been hacked and it was quite mortifying, I won’t share the detail now just cause I’m trying to keep this reasonably brief, but I was quite gob smacked and thinking that won’t happen to me, that only happens to those out there that have got the big data.
That’s not the case.
It can happen to the person out there, just the one-man band, running their own show.
But if you’ve got data online and you want to protect it, just on that note, I was going to say for the sake of the cost of your Cyber Insurance, is it a bucket load of money, or… I know it’s case by case, but what sort of ballpark?
Sallie: So, what we’re seeing is, as I said we are becoming, we are still an immature market in this space, but we are, you might know of Management Liability Insurance which is…
Kim: Yes, because you made me get it
Sallie: Which is to cover yourself for any wrongful acts committed, not from a professional, but to, as operating your business.
Now that used to be an extremely expensive product.
As many more people were aware of it and more products were being sold, the price actually became more competitive as more insurers offered that product.
We’re seeing that space now in cyber as I mentioned before that there new entrants in this space so the pricing is becoming affordable.
However, in saying that, from a global perspective, because of the fact that are so many more increased cyber incidents the awareness and I suppose the risk exposure, depending on the industry, the pricing is going to, I guess, I’m seeing the pricing will go up eventually.
So that’s why it’s extremely important…
Kim: to get it now.
Sallie: so I would say get in now, secure your cover, but what, you know really you can start as low as, we, I for my clients I always recommend that a mill ($1M) would be my minimum starting point.
Kim: Ok, so a million dollars would cost roughly what?
Sallie: Ah, depending on your turn over, your number of clients, the industry of course.
Kim: the conditions, terms…
Sallie: Yep all that, but you could be expecting around maybe $1,000 maybe $2,000 anywhere from that point going forward.
Kim: Which, if you were attacked, is actually a reasonably small price to pay.
Cause at the end of the day and I keep saying to my clients, and I’ve had clients that have had this happen to them, and the most important thing that they have said was having that immediate support and knowing what to do next because many clients might not have a dedicated in house IT department and even if you do have that, they’re not equipped to handle these types of situations.
So yep, we find that.
Kim: Yeh, and honestly, if you run your own business you want to be getting back to business as soon as possible.
And as you say this is such a big thing nowadays.
So really the moral of this whole video is…
Sallie: You need to take out Cyber Insurance… it’s the way forward.
Property insurance, which used to be the main thing, everyone was scared of having a fire.
That’s, I mean, that’s a thing of the past these days.
We’re now all digital, were all now responsible, and especially with the Privacy Act that’s come in place and certainly we have some additional information we can share there.
Kim: I’ll put it down below.
Sallie: But you are now super responsible for holding that and making sure that information is secure so that, just to make sure that your business can continue to operate without those exposures.
Kim: So worst possible, just get some advice, see if it’s appropriate for you and then whatever you do with that, make it count.
So on that note I do want to say a big big big thank you to Sallie Payne, my sister, but super super smart and in terms of protecting you and most of you are in the financial advice game of some way, shape or form, you know mitigating risk is so important.
So, on that note, whatever you do with this, Make It Count.
Ps. If you want to know more and find out if Cyber Insurance is applicable for you, please feel free to contact Ben at Gallagher:
Gallagher | Commercial Team Leader
Ph: 03 9412 1314
For more information about the Privacy Act and the Data Breach Guidelines, click here and check out the Privacy for Organisation’s sections.
If you are looking for more ideas to grow your business and want it delivered straight to your inbox, join me here and I’ll make sure you don’t miss a thing.