Lloyd's develops cyber cover for smaller online retailers
Tue 01 Mar 2011
Share
Lloyd’s insurer Kiln and broker Lockton have teamed up to offer cyber insurance to small- and medium-sized online retailers. The security and privacy cover is being made available to members of the e-retailers association Interactive Media in Retail Group (IMRG).
The cyber cover is included in IMRG associate membership and costs as little as £1 per day. The policy offers protection from malicious hacking attacks, privacy breaches and loss of revenue from system down time.
High profile and growing problem
The deal follows the recent high profile cyber attacks on retailers caught up in the fallout from Wikileaks online publication of US government secrets. The Wikileaks saga illustrates the risk an organisation runs of losing sensitive data through a malicious insider, but it also demonstrates how retailers are at risk from politically motivated hackers that can bring down websites and disrupt their businesses.
Visa, MasterCard and PayPal were all hit by denial-of-service attacks after they withdrew their support for the controversial website, threatening to disrupt payments during the busy Christmas shopping season. Online seller Amazon was also hit by attacks for removing Wikileaks information from its servers.
Hardly a month goes by without reports of a major retailer, financial services company or public sector organisation suffering a malicious attack or loss of personal data. In 2007, TK Maxx suffered one of the largest data breaches ever when the details of 45.6m payment cards were stolen from the company’s servers. The cost of dealing with the theft was believed to have run close to $200m.
More recently, online customers of UK natural cosmetic company Lush had their credit card and personal details compromised after a hacking attack on the firm’s website in January.
Insurance solution seen as essential
Cyber attacks like those associated with Wikileaks emphasise the important role insurance can play in providing peace of mind to online retailers and their customers. The UK’s Trading Standards Institute (TSI) welcomed the “necessary” introduction of insurance to the online retail industry by IMRG.
Ron Gainsford, Chief Executive at the TSI says: “It is crucial for the continued development of the online market that smaller businesses receive the support and protection they need, allowing consumers to shop with greater confidence on their sites safe in the knowledge that a safety net exists should the business be threatened by circumstances beyond their control.”
Real business risk
Some of the most damaging losses for online retailers are from data breaches that involve personal information held by third parties such as credit card companies and website hosts, says Tom Draper at Lockton. There have been some large losses in the past two years from vendor data breaches, such as the breach at Heartland Payments, a credit card processor for 175,000 retailers and merchants.
“A website going down for a day will cost retailers in lost revenues, but loss of personal data through a malicious attack or through an employee mislaying a laptop can be even more damaging for a company’s reputation and will have costly consequences,” says Draper.
Online retailers are also increasingly exposed to fines from the Information Commissioners Office – which issued its first fines for data breaches in November, including a £60,000 fine for an employment services company for the loss of an unencrypted laptop that contained personal information relating to 24,000 people.
Reaching retailers of all sizes
The cyber policy is included for free as part of retailers’ membership of IMRG for companies with revenues below £25m. It provides cover for a wide selection of risks and includes protection for security breaches, loss of personal data, business interruption, hacking, loss of service, media exposures, regulatory fines and cyber extortion.
Limits at £100,000 for platinum membership and £250,000 for diamond membership provide meaningful levels of cyber cover for small to medium sized retailers, says Draper. IMRG members with revenues in excess of £25m can also work with Lockton and Kiln to arrange bespoke cover to suit their needs, he adds.
Raising awareness
Typically smaller retailers do not fully understand their cyber risks and are often unaware that these can be covered by insurers. “It has been [a] challenge for brokers to get online retailers to realise the insurable risks to their business and that there will be gaps with their traditional insurance policies,” says Draper.
Standard property policies will not cover loss of data or damage from a virus attack. “Online retailers are now more aware of the risks, but they do not realise that it can be covered by insurance for an appropriate price,” he says.
Awareness of cyber risk and insurance has been increasing in the UK as brokers like Lockton have been educating online companies and as the risk has grown more prevalent, say Malcolm Randles, underwriter at Kiln. Specialist insurance for cyber risks is now more widely purchased as the price has come down and as the cover has become more tangible, he adds.
The cyber policy has been tailored specifically to meet the needs of the small to medium sized online retailers among IMRG’s membership, said Mr Randles. This sector has not always been well served by the insurance industry that had previously focussed on larger e-retailers.
Comments
No comments
