Cyber and Internet Risk Insurance: The Importance for every Company and the Role of the Legal Advisor
Coverage of the risks arising from the implementation of e-services and from the use of internet constitutes a new insurance product. This product is expected to show strong growth in the coming years due to the continued development of technology. Further use of the internet and of social media, as well as the development of cloud computing, are parameters that highlight the importance of this new product. In addition, its aid factor is the very low – in proportion to the use and dissemination of Internet services – number of companies and businesses that currently have insurance against this particular category of risks.
The Necessity of Cyber and Internet Risk Insurance
It has now been accepted that the development of technology as well as the wide use of the internet, form the ground for the development of criminal behavior, either through negligence or fraudulent one. Such criminal behavior is found both in the professional field and in the context of the privacy of citizens. Indeed, they are growing daily, as they are favored by the loopholes in the regulation of internet use. They are also favored by the corporate entities’ low insurance coverage of cyber and internet risks.
In this context, it should also be borne in mind that today:
(a) the protection of personal data and privacy is a fundamental human right, while
(b) a rigorous legislative environment is built both in the European Union and particularly in Greece on the use of the Internet and cyberspace and, more specifically, on the protection of the personal data of persons and users of electronic services.
However, it is generally recognized that the gap between e-reality and its legislative/ regulatory environment constitutes an additional risk for businesses. E-reality is changing, evolving and growing rapidly, while legislative initiatives attempt to follow cyber developments late and often incomplete.
Consequently, there is no doubt that insurance against cyber and internet risks is now a necessity. This necessity concerns large companies, which are major targets for malicious actions. It also concerns smaller companies, which are more vulnerable to malicious actions and more vulnerable in dealing with the damage that can be caused by such.
Choosing the Right Insurance Product
In this corporate environment of the constantly evolving and changing e-reality, it is crucial to choose the appropriate insurance product against the specific category of risks.
This choice can no longer be made based on the less expensive premium. Instead, this option should be part of an integrated corporate policy. This policy should aim to tackle offending/criminal behavior that have to do with the use of the internet and e-services. The concern for both the planning of an integrated corporate response and of the choice of the appropriate insurance product can only be the responsibility of the legal entity’s legal advisor.
However, generally speaking, each company has to plan its reaction to cyber and internet risks and consequently to choose the appropriate insurance product, taking into account its object, the degree of penetration of electronic services in its operation and the type and the range of personal data it processes.
The Insurance Market in Greece
While checking the insurance programs offered by the insurance companies operating in Greece, one shall find wide variations and discrepancies in the coverage against cyber and internet risks. Specifically, it is noted that the largest insurance companies in Greece:
(a) either do not provide insurance plans for such risks,
(b) either include coverage against specific risks within the framework of the electronic equipment insurance and as an optional and supplementary coverage of business insurance, i.e. not providing a specialized insurance program,
(c) or have introduced specialized and innovative insurance programs, which combine insurance against these insurable risks with the provision of legal, technical and advisory services, forming a single package.
It is therefore clear that, as far as tackling the dangers arising from the deployment of e-services and the use of the internet, the tools do exist.
The company’s responsibility towards its entity, its partners or shareholders, its employees and third parties is to choose the most appropriate tools. Additionally, the company is required to incorporate these tools into its Cyber Risk Management plan to address these breaches. Accordingly, the responsibility of the lawyer – legal counsel of the company is the evaluation of the offered insurance products and the assistance in choosing the optimal solution. In addition, the duty of the lawyer – legal counsel is also the maximum possible safeguard of the company through the control of the insurance contract. Finally, in the event of the insured risk occurring, the duty of the lawyer – legal counsel extends to the formation of a substantiated claim of the insured company for the fulfillment of the obligations of the insurance company.
Υ.Γ. The article has been published in Greek in MAKEDONIA Newspaper (October 27, 2018).