iTOO Cyber Insurance
About Cyber Insurance
Access expert knowledge and resources to help your business manage and recover from a cyber incident.
Who is it for?
Our cyber risk insurance is designed for companies and individuals to protect both their data and systems from loss or attack.
What is covered?
Our cyber security insurance covers the resulting costs and damages from a privacy breach or a network security breach. Along with an expert incident response process, the policy gives comprehensive first and third-party coverage for numerous incidents such as cyber extortion and malware, denial of service, downstream attacks, hacking and much more.
Questions about Cyber Insurance?
Call Policy Administration on
0861 767 778 or email
cyber@itoo.co.za
Call Claims on
0861 767 778 or email
cyber_claims@itoo.co.za
Optional extras
Overview | Description | ||
|---|---|---|---|
Incident response costs(Incident mitigation) | Costs to respond to a systems security incident, including:
| ||
Privacy liability(3rd party cover) | Defence and settlement of liability claims arising from compromised information. | ||
Network security liability(3rd party cover) | Defence and settlement of liability claims resulting from a system security incident affecting systems and data as well as causing harm to third-party systems and data. | ||
Media liability(3rd party cover) | Defence and settlement of liability claims resulting from disseminated content (including social media content) including:
| ||
Regulatory fines(1st party cover) | Fines imposed by a government regulatory body due to an information privacy breach. | ||
Business interruption(1st party cover) | Loss of income and increased cost of working as a result of a systems security incident. | ||
Data restoration(1st party cover) | Costs to restore, re-collect or replace data lost, stolen or corrupted due to a systems security incident. | ||
Cyber extortion(1st party cover) | Costs to investigate and mitigate a cyber extortion threat. Where required, costs to comply with a cyber extortion demand. | ||
Initial Response Phase(Optional extensions - risk specific) | Expenses for specialists to contain and manage an incident, for a pre-determined time without a deductible being applicable. | ||
Outsourced service provider(Optional extensions - risk specific) | Cover for exposure to named outsourced service providers including:
| ||
Theft of Funds(Optional extensions - risk specific) | Unrecoverable loss of money, belonging to or for which you are legally responsible, as a direct result of a system security incident by a third party. Cryptocurrency losses are excluded. | ||
Payment card industry fines and penalties(Optional extensions - risk specific) | Cover for direct monetary fines, penalties, assessments, chargebacks, reimbursements and fraud recoveries which you become legally obligated to pay in terms of a merchant services agreement as a direct result of a network security breach resulting from non-compliance with PCI-DSS. Reasonable costs to demonstrate your ability to prevent a future breach as required by your merchant services agreement. | ||
Phone phreaking(Optional extensions - risk specific) | Call and/or bandwidth usage costs you are legally obligated to pay as a result of unauthorised use of your telecommunications system by a third party. | ||
Physical damage(Optional extensions - risk specific) | Costs to replace or repair direct physical damage of tangible property belonging to or rented, leased or hired by you as a direct result of a system security incident, e.g. hacker turns off a water pump which causes material damage – because the causation was a hack traditional policy would not trigger but a cyber policy could respond. | ||
- to obtain professional (legal, public relations and IT forensics) advice, including assistance in managing the incident, co-ordinating response activities, making representation to regulatory bodies and coordination with law enforcement;
- to perform incident triage and forensic investigations, including IT experts to confirm and determine the cause of the incident, the extent of the damage including the nature and volume of data compromised, how to contain, mitigate and repair the damage, and guidance on measures to prevent reoccurrence;
- for crisis communications and public relations costs to manage a reputational crisis, including spokesperson training and social media monitoring;
- for communications to notify affected parties; and
- for remediation services such as credit and identity theft monitoring to protect affected parties from suffering further damages.
- defamation;
- unintentional copyright infringement; or
- unintentional infringement of right to privacy.
- defence and settlement of liability claims resulting from your data being compromised from an outsourced service provider;
- business interruption losses resulting from a systems security incident at an outsourced service provider; and
- costs to change to an alternate outsourced service provider if required.
Description
Incident response costs
(Incident mitigation)
Costs to respond to a systems security incident, including:
Privacy liability
(3rd party cover)
Defence and settlement of liability claims arising from compromised information.
Network security liability
(3rd party cover)
Defence and settlement of liability claims resulting from a system security incident affecting systems and data as well as causing harm to third-party systems and data.
Media liability
(3rd party cover)
Defence and settlement of liability claims resulting from disseminated content (including social media content) including:
Regulatory fines
(1st party cover)
Fines imposed by a government regulatory body due to an information privacy breach.
Business interruption
(1st party cover)
Loss of income and increased cost of working as a result of a systems security incident.
Data restoration
(1st party cover)
Costs to restore, re-collect or replace data lost, stolen or corrupted due to a systems security incident.
Cyber extortion
(1st party cover)
Costs to investigate and mitigate a cyber extortion threat. Where required, costs to comply with a cyber extortion demand.
Initial Response Phase
(Optional extensions - risk specific)
Expenses for specialists to contain and manage an incident, for a pre-determined time without a deductible being applicable.
Outsourced service provider
(Optional extensions - risk specific)
Cover for exposure to named outsourced service providers including:
Theft of Funds
(Optional extensions - risk specific)
Unrecoverable loss of money, belonging to or for which you are legally responsible, as a direct result of a system security incident by a third party. Cryptocurrency losses are excluded.
Payment card industry fines and penalties
(Optional extensions - risk specific)
Cover for direct monetary fines, penalties, assessments, chargebacks, reimbursements and fraud recoveries which you become legally obligated to pay in terms of a merchant services agreement as a direct result of a network security breach resulting from non-compliance with PCI-DSS.
Reasonable costs to demonstrate your ability to prevent a future breach as required by your merchant services agreement.
Phone phreaking
(Optional extensions - risk specific)
Call and/or bandwidth usage costs you are legally obligated to pay as a result of unauthorised use of your telecommunications system by a third party.
Physical damage
(Optional extensions - risk specific)
Costs to replace or repair direct physical damage of tangible property belonging to or rented, leased or hired by you as a direct result of a system security incident, e.g. hacker turns off a water pump which causes material damage – because the causation was a hack traditional policy would not trigger but a cyber policy could respond.
Why Hollard and iToo Cyber Insurance?
We are different
Our cyber insurance offering includes a defined incident response process including a wide range of experienced specialists with a local presence as well as global experience and expertise, spanning the following key areas:
- IT response costs to understand, mitigate and recover from the incident.
- Crisis communications and public relations costs, to reduce potential reputational damage and customer churn.
- Notification and remediation services, to prevent affected parties from suffering further damages.
How to get cover
All iTOO business must be done via independent brokers so please ask your broker to contact us if you’d like to get a quote for a cybersecurity insurance policy.
Frequently asked
questions
Why would my company be a target?
Attacks such as ransomware can affect any company and every industry. Smaller companies are often a target for hackers, particularly if they’re found to have less sophisticated IT infrastructure. The issue is that smaller companies can be severely impacted following a breach, as they have to absorb the high incident response costs. Compromises at larger companies tend to yield larger data sets for theft and breaking into the news, which can also boost a hacker’s reputation.
Can I protect my business without purchasing cyber insurance cover?
There are many ways to mitigate the risk of cyber threats such as staff education, encryption, bring-your-own-device policies and password policies, however, even the most diligent businesses can be exposed to a cyber-attack.
We use state-of-the-art protection; do we still need cyber insurance?
Having the latest technology, firewalls and encryption will reduce the risks of a breach occurring however, many cyber threats originate internally from employee mistakes (misplacing a laptop, or not disposing of confidential information securely). Having state-of-the-art protection is not a 100% guarantee against an incident occurring, which makes a cyber insurance policy highly recommended.
What if we use a cloud provider to store client data?
You’re the custodian of the data and remain responsible for any data lost in a breach. Look to use a cloud service provider that can provide reasonable assurance that your data will be protected, however, there’s still a chance your business could be held liable for data compromised from the cloud environment (the same would apply for other outsourced providers you use and share data with).
Does any other liability policy provide cyber cover?
- A cyber risk insurance policy provides the most comprehensive cover for system and data-related risks.
- A Professional Indemnity policy provides limited cover for third-party data loss, but only as it relates to the providing of professional services.
- A General Liability policy (as data is deemed intangible) provides no cover.
- A Business Interruption policy requires physical damage to trigger the policy and incidents such as ransomware or hacking a server may reflect no physical damage.
- A Commercial Crime policy provides cover for first-party financial loss only.
- A Directors & Officers policy will likely be triggered after a cyber breach but won’t cover the business interruption, incident response or liability damages suffered by the company.
Other popular products
