Contracts: Addressing Cyber Risk
In an era where businesses increasingly rely on technology, contractual requirements have evolved beyond traditional risk exposures to encompass the critical realm of cyber security. While clauses addressing professional indemnity, public liability, and property-related risks have been commonplace, the surge in cyber threats has led to delays in contract negotiations as organisations grapple with determining contractual liability for cyber incidents.
The implementation of the EU General Data Protection Regulation (GDPR) and governmental initiatives, such as the Cyber Essentials scheme, have propelled cyber risk to the forefront of contractual negotiations. Concerns about responsibility for technology service downtime, response strategies for ransomware attacks, and obligations in the event of a data breach have prompted many firms to assume liability for risks that could jeopardise the value of certain contracts or result in lost opportunities.
In the private sector, organisations have extended these requirements in conjunction with GDPR regulations, compelling third-party service providers to not only obtain Cyber Essentials certification but also take steps to transfer liability arising from a cyber event. Particularly, third-party providers of technology services, including data hosting, software, hardware, or outsourcing services, often find themselves required to fully indemnify the other party in the event of a cyber incident.
To bolster risk management efforts, many organisations have made cyber insurance a mandatory component of contracts, akin to long-standing requirements for professional indemnity and other insurances. The specified insurance limits typically range from £1,000,000 to £10,000,000, contingent on contract value and the nature of services provided.
The potential penalties for non-compliance with data protection regulations, such as fines of up to 4% of global revenue for a GDPR breach, have driven a surge in cyber risk transfer requirements across all industries in the past year. Legal surveys indicate that failure to comply with such requirements is a rapidly cited reason for contract frustration.
A common misconception is that outsourcing IT-related services to third-party specialists absolves an organisation of liability in the event of a data breach or cyber-induced business interruption. However, many contracts, especially with large multinational providers, may shift liability back onto the user of these services. Therefore, organisations must scrutinise contracts carefully to understand the allocation of liability.
As the importance of effective risk transfer solutions continues to grow, having a comprehensive, easy-to-understand, and robust cyber insurance policy is paramount. Cyber Cover provides straightforward solutions tailored to an organisation's specific risk exposures. Their full-cycle online policy platform eliminates onerous information requirements and the need for specialist insurance brokers, leading to a significant reduction in the cost of cyber insurance policies.
Moreover, Cyber Cover offers access to a range of specialist providers to facilitate quick and cost-effective Cyber Essentials certification. This one-stop-shop approach not only ensures compliance with contractual requirements but also positions organisations ahead of their peers by demonstrating a commitment to cybersecurity.
Given that 60% of small businesses declare bankruptcy within six months of a data breach or cyber-attack, a Cyber Cover policy emerges as a simple yet crucial solution to provide peace of mind. It ensures that, regardless of the nature of the cyber event, an organisation can continue to thrive in an increasingly interconnected and digital business landscape.
Get quotes from the UK's leading cyber insurers quickly and easily