News stories about hacking make regular press headlines around the world and the incidents are likely to get worse...
The issue of hacking should be a growing concern to all professional businesses holding sensitive client data or client money. But whether or not hacking is covered under a professional indemnity policy is an area in need of some investigation and clarity.
In this article we consider the following key points;
- Is cyber crime covered by PI insurance?
- Are first party claims covered?
- Do we need cyber insurance?
- What happens if different policies overlap?
- Getting some expert advice
Although this is a relatively new area of risk, some professional indemnity policies will already cover certain hacking claims which emanate from external sources. This probably won’t be because they have specific hacking or 'cyber' sections built into the wording, but simply because the policy wording is already wide enough to capture it.
So if your client suffers a financial loss as a result of their important information being hacked from your systems, it's possible you already have some cover under your professional indemnity policy.
Some policies will provide limited cover in the form of 'inner limits'. For example, if a PI policy provides a £ 1 million limit of indemnity, the cover for hacking could be limited to £ 100,000.
Loss of client money as a result of hacking will also vary widely between policies although with the exception of the legal profession, most policies will not be providing cover.
But the insurance market offers different levels of professional indemnity wordings from basic 'negligence' to full 'civil liability' and it's likely that not all of them will cover claims arising from hacking. Also, the standard of care expected of companies in relation to cyber threats is increasing and needs to be considered constantly in the context of insurance coverage.
The true extent of cover and how a PI policy should respond to a breach in a firms IT and Communication systems, has yet to be tested properly in court. So this is new territory, often described as a minefield.
Whether or not you have cover under your professional indemnity insurance policy, it would still only be cover against third party losses. Your own losses wouldn’t be covered.
The gaps in cover against hacking can be filled by a cyber liability policy so this should be considered. There are plenty of ‘cyber’ insurance products now coming into the market although these need to be looked into very carefully to ensure they actually cover the scenarios where you feel your business is most at risk.
Cyber insurance is new territory for many insurance companies. Some of the insurance products available are excellent while some have been described as 'not worth the paper they are written on'. At the moment it's easy to buy a product which doesn’t cover what you think it does or perhaps duplicates cover already provided under another policy (PI, office etc). So good advice is essential.
It’s important to get some good specialist advice from a professional indemnity insurance expert. We can help you with this so please get in touch.
This article is intended for information purposes only. Whilst all care has been taken to ensure the accuracy of the article, it is not to be regarded as a substitute for specific advice. © 2019 Professional Indemnity Insurance Brokers Ltd