Cyber risk is commonly defined as exposure to harm or loss resulting from breaches of or attacks on information systems, or the potential of loss or harm related to technical infrastructure or the use of technology within an organization.
There have been a lot of Cyber Attacks to international big companies like Sony but attacks on smaller companies have also been spreading, causing big amounts of financial damage to thousands of companies worldwide. Because of contractual requirements companies usually have to be liable for these costs. For forward-thinking digital companies I should be obvious to have a comprehensive coverage to avoid the increasing risk from the Internet.
Typical expenses are for example:
- Investigation (what occurred and how to repair it)
- Business losses (network downtime, data recovery)
- Lawsuits (release of intellectual property, legal settlement)
In general, standard insurance policies are not enough for companies that are using computer systems in their business. Often they do not cover many risks associated with the digital world. For example, property insurance plans only cover tangible property, which data is not. Another example is standard crime insurance that covers employees and stolen money but not stolen third party data like intellectual property.