Berkshire Hathaway Specialty Insurance Company (BHSI), in strategic partnership with Symantec, has set the bar for cyber insurance in Australia with its latest offering, said the firm’s newly-appointed local head of cyber liability insurance.
BHSI’s Cyber Liability Insurance provides policyholders with rapid access to specialists in the event of a breach, Emma Osgood, BHSI’s head of cyber liability insurance, told CSO Australia
“Cyber policies are more of catastrophe or crisis cover in that an insured suffers a breach and they need an immediate response,” said Osgood.
“When people buy a cyber policy, they're not buying a promise to pay; they're buying a service.”
BHSI’s Cyber Liability Insurance include coverage for business interruption and third-party liabilities arising from a data breach and rectification costs, as well as emergency response costs to enable rapid access to the Symantec breach-response team.
In the event of a breach, BHSI will organise a group call with Symantec security specialists who will gather information about the breach and triage the incident, allowing them to variously focus on remediation activities, troubleshooting, forensic investigations, and more, CSO Australia
The “breach coach,” who is a qualified lawyer, will be the one to work with all concerned parties to manage the incident to a resolution.
Paul Black, Symantec Incident Response Team APJ leader, explained that the joint response “is all built around speed and basically provides direct access to Symantec.”
“If you've got bad guys in your environment, speed is of the absolute essence. The way in which BHSI has constructed their policy gives their insureds the fastest possible response, and access to our team to start investigating. That's critical in the time of an incident,” said Black.
Osgood said policyholders will also have access to legal expertise, forensic IT services, and public relations, and credit monitoring firms to manage the reputational damage that can accompany a cyber incident.
Osgood said BHSI has also used simplified and refined language in its cyber-insurance policies to avoid significant exclusions. This included the use of “all” and “any,” broad terminologies often avoided in the industry where hedging exposure is a way of life.
“Often insurers like to pinpoint specific risks that are covered. Given the evolving threat landscape, we want to be broad and say that if [a breach] happens it doesn't matter where it happens from. We're happy with that exposure, and we fully anticipate that we will pay losses. We want to be able to demonstrate that we can do that – and do that effectively,” said Osgood.
Zurich takes ‘different approach’ to cyber risk
Financial institutions face growing hacking and malware threat