Cyber-risk has become the most significant concern for today’s boards. How does a company protect itself and how does a board deal with it?

Cyber-risk forms an important part of an organisation’s risk management concerns. Wise companies have a chief risk officer or a special committee of the board that deals with this type of risk. It is even suggested that a member of the board should have knowledge and understanding of this type of risk and is able to exercise oversight over it.

One mechanism to transfer the financial risk is to get cyber-risk insurance.

Specialised insurance is required.

Traditional property and comprehensive general liability insurance is not sufficient to cover the risk. Specialised insurance is required. The insurance needs to cover aspects such as business interruption, income loss, third party liability originating from the harm caused from the cyber-attack and defence costs.

Companies need to make sure that their broker understands how the company uses data and stores data in order to ensure that the insurance policy covers cyber-risks as far as possible. Brokers must advise their client of what is covered, what is excluded and the management tools that need to be implemented to ensure that the policy responds.

Cover will be limited and may be costly because no one is accepting open-ended liability for cyber-attack losses.