Cyber-Risk Update

Last summer we published two blogs highlighting the increasing focus on cyber-risks and associated insurance cover*, largely based on the fact that cyber-crime is now one of the world’s fastest growing categories of organised crime.

Indeed, the recent cyber-attack on Talk-Talk, in which approximately 156,959 of the company’s customers’ personal details were reportedly accessed by hackers, and approximately 15,656 bank account numbers and sort codes were said to have been accessed, has only served to further demonstrate the dangers. Whilst the attack is in the process of being investigated by the Metropolitan Police Cyber Crime Unit and the National Crime Agency, as well as the Information Commissioner’s Office, it has further been reported that customers of the company, who are concerned about whether their personal data has been accessed and misused, are considering whether there is cause for a group legal action against Talk-Talk arising from a potential breach of the Data Protection Act 1998. That is not withstanding, of course, the reputational damage caused by the attack.

A market bulletin published earlier this month by Lloyd’s of London to its various syndicates, in which it emphasised the opportunities presented to the insurance market as a result of such cyber-risks, has further served to demonstrate that the market is becoming alive to such issues, thereby suggesting that the development and uptake of stand-alone cyber insurance policies in the UK market is likely to increase. That said, the issues raised by Lloyd’s of London in this recent bulletin demonstrate that the market itself is still considering how best to approach matters, with syndicates being asked to consider their risk-appetite and potential for exposure to cyber-risks throughout a consultation period.

Businesses that believe they may be at risk would be well-advised to seek advice from a specialist insurance broker, in order to identify suitable policies to cover the risks presented by a potential cyber-attack, together with the appropriate levels of cover. Whilst standalone policies are currently not that widely available, this is expected to change. As set out in our previous blog, the risks posed by cyber-attacks are vast and can include the following: intellectual property theft, business interruption, data and software loss, cyber extortion, cyber-crime, breach of privacy, network failure liabilities, impact on reputation and physical asset damage, together with subsequent incident investigation and response costs. Whilst the risks also include death and bodily injury, these may be covered to a degree by separate general liability and employer’s liability products.

The fact that the cyber insurance market is rapidly developing from its infancy stages means that the potential for future disputes over policy wording, and advice concerning the arrangement of appropriate cover, is expected to be prevalent over the coming years.

For further information or advice on these issues, please contact Nicola Maher, Partner at Edwin Coe LLP.

* Cyber Risks and Insurance – Part One: An Introduction to Cyber Risks; and Cyber Risks and Insurance – Part Two: Cyber Insurance

Please note that this blog is provided for general information only. It is not intended to amount to advice on which you should rely. You must obtain professional or specialist advice before taking, or refraining from, any action on the basis of the content of this blog.

Edwin Coe LLP is a Limited Liability Partnership, registered in England & Wales (No.OC326366). The Firm is authorised and regulated by the Solicitors Regulation Authority. A list of members of the LLP is available for inspection at our registered office address: 2 Stone Buildings, Lincoln’s Inn, London, WC2A 3TH. “Partner” denotes a member of the LLP or an employee or consultant with the equivalent standing.

Please also see a copy of our terms of use here in respect of our website which apply also to all of our blogs.