By Craig Holland

All businesses should recognise that the liabilities and risks of an information breach are numerous and financial losses can be significant. The Sony Playstation hack showed that commercial general liability policies may not cover cybersecurity risks adequately and companies should be aware of overreliance on these. Other traditional insurance policies may provide limited cover, but they do not specifically consider the information breaches and the losses that ensue. Some even specifically exclude cybersecurity risks. 

Following the Playstation hack, Sony reportedly took out a dedicated cybersecurity policy which means that the 2014 Sony Pictures hack may be covered. Sony's attacks show that even the most sophisticated companies and computer systems are not immune from information breaches. Moreover, it is a misconception that smaller companies are not at equal risk. They may be targeted by cybercriminals who perceive them as an easy target.

A dedicated cybersecurity insurance policy will help companies to manage and transfer economic risk. Insurers will take into account a company's information security processes when considering what cover will be offered, so it is important to keep these up to date and applied in practice. 

Consider your existing and required insurance arrangements prior to purchasing a policy. A single integrated umbrella policy which includes cybersecurity may be possible, or a standalone policy may present better value. Be sure to carefully review the policy's exclusions, terms, conditions and limits to ensure that it will respond if a risk materialises.