Zurich Insurance
126 Hagley Rd Birmingham, West Midlands, B16 9PF +44 121 456 1999
+44 121 456 1999
https://www.zurich.co.uk/business/broker
  • About Zurich

    Zurich is a leading multi-line insurance provider with a global network that spans more than 170 countries. Working closely with customers and brokers alike, Zurich is proud to offer a spectrum of life insurance and services and general insurance to personal lines, SME, mid-market and global corporate customers.  When it comes to brokers, Zurich is not only focused on offering the best products but practical expertise, tools and knowledge that they can pass on to their clients too. Our key online resource and newsletter Insider allows UK brokers to enjoy free access to the latest expertise, thoughts and opinions on the insurance industry.

    Simply register online to start getting the latest industry insights from Zurich’s Insider newsletter and information hub> www.insider.zurich.co.uk

    For more information on Zurich’s products and services please visit www.zurich.co.uk/broker

How to build Cyber resilience

Cyber-Risk-article-from-Zurich-'Building-Cyber-Resilience'

Data breaches are increasing both in terms of size and frequency. Companies need to rethink their risk strategies, especially when it comes to cyber security and insurance protection.

Cyber space has become a dangerous source of crime and disruption. Data breaches are increasing both in terms of size and frequency, and companies need to rethink their risk strategies, especially when it comes to cyber security and insurance protection. Businesses can no longer simply rely on existing traditional insurance coverages such as general liability or property, and should be looking at the procurement of standalone cyber policies, not only to ensure the organisation is fully protected financially, but also the risk mitigation services that frequently accompany such policies which allow companies to become more cyber resilient.

Increasing awareness

Cyber risk is still a difficult area for many companies to get their arms around. It is constantly evolving, is full of complexities, and involves intangible data, which presents a challenge for many companies. However, boards are starting to get more involved and taking a high-level and holistic approach to how cyber matters are handled within organisations – and this is good news.

Evolving Regulation

Changing regulations are also having an impact on the cyber landscape. In Europe, the recently enacted GDPR has spurred a spike in interest in cyber insurance policies. The U.S. has long been considered to be a more mature market and has had data breach notification laws for many years, but it is worth remembering that every state in the U.S. has a slightly different variation on what is required in terms of notification. This can create a significant challenge for international companies which operate on a global basis, as the laws of the U.S. and E.U. could apply, but also laws in Australia, Singapore, and Mexico to name a few. Brazil will also have a new law going into effect in early 2020 – and the numbers continue to grow. It can therefore be a challenge for companies to understand what laws have to be complied with, and to whom and how notification has to be made. A standalone policy will provide the services of a network of experts to enable a company to follow that compliance process.

Insurance Landscape

From an insurance standpoint, there is a growing awareness that traditional property-casualty policies were never designed for cyber-related risks. Standalone cyber policies, on the other hand, have been specifically designed to respond to these incidents and address the expenses and costs associated with cyber related risks that a business might incur. For example, a typical cyber policy will afford coverage for privacy breach costs which are generally incurred as a result of data breach notification laws, such as credit monitoring expenses, legal expenses, public relations and crisis management, and forensic investigations. Insurers also have relationships with expert firms that are well versed in cyber incidents. This is crucial because, every hour, every minute, is of the essence when responding to a breach.

But there is still an education process required around cyber policies, especially for mid-market companies which often have to weigh the cost relative to the scope of coverage provided. That said, publicity around cyber events has undoubtedly increased awareness of the need for cyber policies. Cyber-attacks are increasing in terms of frequency and size, across all regions and all sizes of companies. There has been a significant surge in data breaches since 2015*, and the scale is getting much bigger in terms of the number of impacted records and the magnitude of business interruption.

Cyber resilience

We work with companies to help them become as cyber resilient as possible. This is partly about helping them to protect their data and their networks as best they can. But it is also about ensuring that they are fully prepared in the event of a cyber incident, and have embraced cyber resilience at all levels of the organisation, and continue to improve and build their resilience over time.

There are three main elements to a successful cyber security strategy. First, it is about building a culture of awareness, making sure that the board of directors is engaged in the process and is setting the tone at the highest level. And making sure that this filters down through the C-suite, to senior management, all the way down to the employees, as they all play an important role in keeping themselves and their company cyber safe. Secondly, it is about adopting a mindset of resilience. You can educate employees, and have the best firewalls and intrusion-detection software, but at the end of the day an incident can still happen that affects the network and causes a data breach or a disruption. In the event of an incident, how quickly can you get back up and running? Organisations that have adopted that mindset of resilience are the most successful in handling any sort of cyber incident.

Thirdly, it is about practicing – have a business continuity plan, a disaster recovery or incident response plan in place, but also practice it on a regular basis, engage in drills and exercises and different scenarios, just as you would with a fire drill.

The Next Frontier

Companies now have a much greater appreciation of the coverage included in cyber policies and the services that wrap around these products, whether that is pre-breach mitigation or post-breach response. These are important to ensure that a company is prepared for a cyber incident. It is all about cyber resilience, as for many big businesses, the question is not whether a cyber incident might occur – it’s simply a matter of when.

If you would like to talk to Zurich about the issues raised in this article CLICK HERE, leave a message and youTalk-insurance will pass your enquiry on

Latest video

Zurich UK CEO Tulsi Naidu talks about their 2018 financial results

Watch CEO Tulsi Naidu talking about Zurich Insurance Group's 2018 UK financial results.If you would like to view the full results CLICK HERE click here for more