Hospitality and Travel

Cyber Security For Travel Agents & Tour Operators – How To Protect Your Business

Cyber Security For Travel Agents & Tour Operators – How To Protect Your Business 1280 853 James Hallam

Cyber criminals are actively targeting the travel and tourism industry. According to one report, 72% of SMEs in the travel sector have fallen victim to at least one cyberattack in recent years.

In this post we will outline the key cyber security threats for travel agents and tour operators, and explore some ways you can protect your business.

Cyber Security Threats for Travel Agents & Tour Operators

  • Ransomware – Cyber criminals can encrypt your files, making your online systems unusable unless you pay a costly ransom. If you do not pay this ransom, the cyber criminals will either delete your files, or they will leak them. This will put you and your customers at risk of further exploitation.
  • Data Breach – If hackers gain entry to your system, they might choose to steal your data outright, rather than encrypt it as part of a ransomware attack. A data breach will put your customers at risk of identity theft, and it will also result in significant reputational damage for your business.
  • SQL Injection – Structured Query Language (SQL) is a form of coding used in database management. An SQL injection involves submitting malicious code into a data entry field on your website, which can allow hackers to access your database.
  • Phishing – This is a means, rather than an end, of cyberattacking. It involves sending a fake message, usually via email or text, that appears genuine. This can trick employees into providing login codes, or other entry points into your system, leaving your business vulnerable to further cyberattacks.

Why Are Cybercriminals Targeting Travel Agents & Tour Operators?

There are a few reasons why travel agents and tour operators are prime targets for cybercriminals:

  • Valuable Data – You will handle huge amounts of sensitive customer data as part of your work, all of which can prove immensely valuable to cybercriminals.
  • Multiple Points of Attack – With an increasingly remote workforce, and multichannel booking and communication systems, cybercriminals have multiple points of attack.
  • Lack of Awareness – Your employees specialise in travel, tourism, and customer service. They may not be so experienced when it comes to IT and cybersecurity. As such, they may not recognise a phishing email until it is too late.
  • Lack of Resources – Around 80% of travel and tourism businesses are SMEs. Cybercriminals tend to target smaller businesses over larger businesses. This is because they know that smaller businesses are less likely to have the resources in place to protect themselves against cyberattacks. As a result, following a ransomware attack, many SMEs will have no choice but to pay the hackers’ ransom.

How To Protect Your Travel and Tourism Business Against Cyberattacks

Establish Your Cybersecurity Policy and Procedures

Your cybersecurity policy and procedures document should outline the risk your business faces, along with the steps you expect all employees to take in to safeguard your data. This can include basic procedures, such as always locking devices when they are not being used, along with policies for ongoing staff training.

Make sure everyone can access your cybercrime policies and procedures and take steps to communicate it across your organisation. You should also routinely review and update the document to meet new and emerging cybersecurity threats.

Staff Training and Development

Ensure that employees at all levels of your business understand the risks of cybercrime, and the part they can play in keeping themselves, and the business, safe. At the very least, you should ensure that every member of staff knows how to recognise a phishing attack.

Cybersecurity training should form part of your employee induction process, and all staff should receive refresher training at least once a year.

If any of your employees work from home, your cybersecurity training should cover how staff can safeguard customer data when accessing your system remotely.

Consider the Role of Cybersecurity Consultants

A third-party cybersecurity consultant can assist you in threat modelling, helping you to understand the vulnerable areas in your network. They can also run network vulnerability and penetration testing, which can involve simulating a cyberattack to assess how you might enhance your security.

Invest in Cybersecurity Software

A good antivirus system usually includes multiple cybersecurity features, including automatic blocks for malicious websites and unwanted network access. Invest in a good system, and make sure you update it as often as possible.

Software updates are a vital part of any cybersecurity policy, as cybercriminals are constantly looking for vulnerabilities in outdated software. As well as keeping your cybersecurity software up to date, also be sure to regularly update any software you use to manage your website, your customer database, and your accounts.

Ensure you have Cybersecurity Insurance

Finally, a cyber insurance policy can provide cover for customer data loss, and for system breaches. While this might not prevent attacks from occurring in the first place, it can at least help your business recover should you ever fall victim to a cyberattack.

At James Hallam, we can provide you with comprehensive cyber insurance cover as part of a wider travel and tourism insurance package.

Find out more about our cyber insurance for businesses as well as our comprehensive insurance policies for travel agents and tour operators.

For more information, call us on 0207 977 7856 or email Nic.Wheele@JamesHallam.co.uk.

Supplier Failure Insurance For Travel Agents & Tour Operators: What Is It and How Does It Work?

Supplier Failure Insurance For Travel Agents & Tour Operators: What Is It and How Does It Work? 1280 854 James Hallam

Supplier failure insurance is a critical form of cover for travel agents and tour operators, providing essential peace of mind for both you and your customers.

In this post we will explain what supplier failure insurance for travel agents and tour operators is, what it covers, and why you need it.

What is Supplier Failure Insurance For Travel Agents & Tour Operators?

If you book flights or other travel services for your customers, supplier failure insurance will cover you if the airline or other travel providers suffer financial failure and go out of business.

If an airline or travel provider goes bankrupt, then they will no longer be able to provide your customers with the services that they have already paid for. Supplier failure insurance, also known as end supplier failure cover, will allow you to submit a claim for your financial loss, so that you can provide your customers with an alternative means of travel or accommodation.

What Does Supplier Failure Insurance Cover?

If a supplier goes out of business after your customer has paid for their services, supplier failure insurance can cover:

  • Refunds for any unused tickets, hotel bookings, or other travel arrangements.
  • Additional expenses incurred if the customer needs to make alternative arrangements for travel and accommodation.
  • Return costs, if the customer is unable to continue their trip because of supplier failure.

This insurance can provide cover for a range of travel suppliers, including:

  • Airlines
  • Hotels
  • Car hire companies
  • Coach operators
  • Railways
  • Car ferries
  • Tour operators

What Is The Difference Between Supplier Failure Insurance and Financial Failure Insurance?

Financial Failure Insurance provides a means of reimbursing your customers if you go out of business.

While financial failure insurance covers your customers if your business ceases trading, supplier failure insurance provides cover should other businesses you work with cease trading.

All travel agents and tour operators should have both forms of cover in place in order to offer their customers full protection.

For more, read our full guide to financial failure insurance for travel and tourism businesses.

Do I Need Supplier Failure Insurance?

If you sell flight inclusive packages as part of your travel agent or tour operator business, then you have a legal obligation to get an Air Travel Organisers’ Licence (ATOL). As part of this, you need to provide a means of protecting your customers’ money in case airlines or other travel companies go out of business.

This means that if you arrange flights for your customers, and if you are part of the ATOL scheme as a result, then you may have a legal requirement to get supplier failure insurance for your customers.

Even if you do not book flights for customers, it is still a good idea to get supplier failure insurance. It will provide essential peace of mind for both you, and your customers.

How To Ensure You Are Fully Covered As A Travel Agent or Tour Operator

At James Hallam, we have provided dedicated insurance services for travel agents and tour operators for over 20 years.

We will take the time to understand your business so we can tailor the best possible travel and tour insurance programme for you and your customers. This can include supplier failure insurance, and we will also advise the additional cover you may need to get comprehensive insurance at a competitive price.

Find out more about our specialist insurance services for travel agents and tour operators.

What is Financial Failure Insurance for Tour Operators?

What is Financial Failure Insurance for Tour Operators? 800 466 James Hallam

This post is your essential introduction to financial failure insurance for tour operators. We will discuss what financial failure insurance is, how it works, and what it covers. We will also explore how you can ensure that you are fully covered for financial failure, and other risks.

For more information about your insurance obligations as a travel agent or tour operator, be sure to check our dedicated travel insurance hub.

What is Financial Failure Insurance?

Financial failure insurance is specialist cover for tour operators and travel agents. It provides a cost effective means of meeting your insolvency protection obligations, so you can comply with your ABTA or PTR requirements to put measures in place to protect their customers’ money in the event that your business ceases trading.

As part of their membership of the Association of British Travel Agents (ABTA), travel agents and tour operators have certain obligations concerning insolvency protection. The UK Package Travel Regulations (PTR) imposes similar obligations.

How Does Financial Failure Insurance Work?

In the unlikely event that you cease trading, you may not be able to refund customers for tours and packages they have previously booked with you. Financial failure insurance can provide your customers with a cash settlement, meaning that your customers will not lose any money.

This arrangement can also free up some cash flow for you, which may help your business to manage through periods of economic uncertainty.

Financial failure insurance works like any other policy, in that you pay a premium for your cover, either upfront or on a monthly basis. The premium you pay will vary depending on the nature of your business, the types of tours and packages you offer, and your risk level as a travel agent or tour operator.

Do I Need Financial Failure Insurance?

Under the 2018 Package Travel and Linked Travel Arrangement Legislations, it is against the law to sell travel packages without an appropriate level of insolvency protection in place. You can meet the requirements through entering into bonding arrangements as part of your ABTA membership. However, it can be a lot more cost-effective to instead invest in bespoke financial failure insurance cover.

How Much Does Financial Failure Insurance Cost?

If you purchase a financial failure insurance policy, the premium will be calculated based on your unique requirements and risk-profile. This means that you can expect exactly the level of cover you need at a price that meets your budget.

Dedicated financial failure insurance also provides greater peace of mind for your customers. If your customers know that their money will be safe, no matter what happens to your business, then they may be more likely to book with you.

How To Ensure You Are Fully Covered For Financial Failure, and Other Risks

The best way to ensure you are fully covered for all the risks you will face as a tour operator is through working with an insurance specialist who understands how you work, and what you need.

At James Hallam, we have provided dedicated insurance services for tour operators and travel agents for over 20 years. We have a thorough understanding of the unique risks businesses face in the fast-moving travel industry.

We will take the time to understand your business so we can tailor the best possible travel and tour insurance programme for you and your customers. This can include financial failure insurance, yet we will also advise on other insurance policies you may need to get truly comprehensive cover at the best price.

Find out more about our specialist travel industry insurance services.

How to Prevent Ticketing Fraud for Tour Operators

How to Prevent Ticketing Fraud for Tour Operators 800 533 James Hallam

Ticketing fraud is a growing threat for consumers, and for any business that includes events and experiences as part of travel and tour packages.

In this post we will explore what ticketing fraud is and explain why it is a problem for tour operators. We will also discuss some best practice guidelines that will help you protect your business and your customers against the risks of ticketing fraud.

For more information about your risk management obligations as a travel agent or tour operator, be sure to visit our dedicated travel insurance hub.

What is Ticketing Fraud?

Essentially, ticketing fraud is the practice of selling fake tickets for events or experiences. Fraudsters tend to target consumers with offers for tickets to major events, such as football games, festivals, or concerts.

Often, fraudsters will intentionally target events for which there was a high demand for tickets, but which have already sold out. People might be willing to pay any amount for tickets to such events. Yet with ticketing fraud, the tickets they buy may not actually exist.

How Much Does Ticketing Fraud Cost Consumers?

Action Fraud reports that ticket fraudsters rob their victims of up to £4 million a year.

Does Ticketing Fraud Affect Tour Operators?

Though ticket fraudsters are most likely to target individuals, tour operators may also fall victim to their scams. You may want to offer a travel package to an overseas concert or football game, for example. And in doing so, you will have to buy a ticket for the event in question. Or, you may book tickets for flights or other transport on your customers’ behalf.

What if the ticket you buy, which you will then offer to your customers, does not actually exist?

Why is Ticketing Fraud a Problem for Tour Operators?

Imagine offering your customers an unmissable experience as part of a travel or tour package. The customer shows up on the day of the experience, only to be told that their ticket is fake. It is not valid, and it never was.

Or worse, imagine if you sell a customer a ticket for a flight, or a different kind of travel connection, only for them to find that this ticket does not actually exist. This customer could then be stranded in a foreign country, miles away from anywhere.

Understandably, this customer will not be happy. But who do you think they will blame for the situation? The unscrupulous fraudster who sold the fake ticket to you? Or you, the apparently trustworthy tour operator who offered the fake ticket as part of a package?

Customers use tour operators because they take all of the stress and hassle out of making travel arrangements. They need to be able to trust that they are getting the best possible service from you. If anything serves to break this trust, it could be devastating for your reputation. Also, the customer may choose to take legal action against you, which could prove a lot more costly than a refund.

How Tour Operators Can Protect Against Ticketing Fraud

Various consumer rights resources offer numerous tips for staying resilient against the threat of ticketing fraud. While these guides are generally written for individual consumers, the general principles for avoiding ticketing fraud scams are the same for travel agents and tour operators:

  • Only ever use official channels to buy tickets. Ideally, you should work directly with venues, transport companies, and official tour promoters. This is the best way you can be sure that the tickets you buy, and which you will later offer to your customers, are genuine.
  • Look out for fake websites and emails. Be wary of spelling and grammatical errors in emails and on websites, and check website URLs for subtle signs that they might not be the site they claim to be – such as slight misspellings of brand names.
  • Make sure you are actually buying a ticket, rather than a promise of a ticket. This could be a physical ticket, with various watermarks and other signs to indicate that it is genuine. Or it could be a digital ticket with a QR code you can scan to check its authenticity. You should not expect your customers to collect their tickets from “representatives” outside venues.
  • Remember, if something appears too good to be true, then it probably is. Be wary of any individual or company claiming to have tickets for popular events that have already sold out. Also, be wary of anyone who appears to be offering a low price for an event, or a journey, that you know to cost significantly more. This may not be a bargain; it may literally be a steal.

Is Your Travel or Tourism Business Covered For Ticketing Scams?

Typically, Professional Indemnity cover specifically excludes claims arising from fraud.  However, there are dedicated commercial crime policies that provide protection against forgery of tickets and fraud.

At James Hallam, we have provided specialist insurance for tour operators and travel agents for over 20 years. We have a thorough understanding of the unique risks businesses face in the fast-moving travel industry.

We will take the time to understand your business so we can tailor the best possible travel and tour insurance programme for you and your customers. We can also advise on other insurance policies you may need to get truly comprehensive cover at the best price.

Find out more about our specialist travel industry insurance services.

Do Travel Agents Need Professional Indemnity Insurance?

Do Travel Agents Need Professional Indemnity Insurance? 800 533 James Hallam

Professional indemnity insurance, is by far the most important form of cover for travel agents. Your customers come to you because they want their trip to be as straightforward as possible. They do not want to spend hour finding the best flight, and the best rooms, at the best price. They want you to do this for them. But this puts a lot of pressure on you to get it right every time.

In this post we will discuss what professional indemnity insurance is, what it covers, and why you need it.

For more information about your insurance obligations as a travel agent or tour operator, be sure to check our dedicated travel insurance hub.

What is Professional Indemnity Insurance?

Your customers trust you to deliver certain standards of service. If you make any errors or omissions, at best your customers could be inconvenienced, or left out of pocket. Yet at worst, your oversight could place your customers in danger.

As a result of your mistakes customers may make a formal complaint, or they may even decide to take legal action against you. Professional Indemnity insurance can provide cover for any compensation your customers may be due, along with cover for any legal fees you may incur following a lawsuit.

Why Do Travel Agents Need Professional Indemnity Insurance?

Any business in any industry that provides paid services to clients needs some form of professional indemnity insurance cover. Travel agents and tour operators are no exception.

We all make mistakes from time to time. And as a travel agent, the slightest oversight on your part could have unfortunate consequences for your customers.

Plus, travel is unpredictable. Many things that could go wrong for your customers over the course of their trip might be out of your hands. The airlines you book could cancel flights. The hotels you book could be less luxurious or convenient than you were led to believe. A country could even change its entry requirements after you have arranged a trip.

Any of these instances could make life difficult for your customers, who could then take action against you. Professional indemnity insurance can help minimise the risk and liability, providing essential peace of mind for both you, and your customers.

What Does Professional Indemnity Insurance Cover?

  • Professional Negligence: As a travel agent you are responsible for various critical tasks such as booking flights, including connecting flights, and sourcing and securing accommodation. Professional indemnity insurance safeguards against potential claims made against you of professional negligence, errors, or omissions that could result in financial losses for your clients.
  • Client Compensation: If you are found liable for a client’s financial loss, professional indemnity insurance provides the necessary financial protection.
  • Legal Costs: If a client claims that your advice or service caused them financial harm, legal defence expenses can quickly add up. Professional indemnity insurance covers these costs, including legal fees and court expenses.
  • Protecting Your Professional Reputation: Professional Indemnity insurance allows you to promptly manage and mitigate the effects of potential claims, limiting the potential impact on your reputation.

What Does Professional Indemnity Insurance NOT Cover?

As with any insurance policy, most Professional Indemnity insurance policies include certain exceptions. These might include:

  • Liability. Professional Indemnity insurance does not provide cover for injury or property damage customers may experience. This will be covered by a separate liability policy.
  • Moral hazard. This is where parties mentioned in the policy, whether it is the travel agent or the customer, take unnecessary risks in the belief that their insurance will cover them should anything go wrong.
  • Wrongdoing: Professional indemnity insurance does not cover claims arising from intentional wrongdoing, fraud, or criminal acts committed by the travel agent or travel operator.
  • War and Terrorism: Losses resulting from acts of war or terrorism are typically excluded from professional indemnity policies.

Specialist Insurance For Travel Agents and Tour Operators From James Hallam

At James Hallam, we have provided specialist insurance for tour operators and travel agents for over 20 years. We have a thorough understanding of the unique risks businesses face in the fast-moving travel industry.

We will take the time to understand your business so we can tailor the best possible travel and tour insurance programme for you and your customers. We can also advise on other insurance policies you may need to get truly comprehensive cover at the best price.

Find out more about our specialist travel industry insurance services.

Do I Need Scheduled Airline Failure Insurance?

Do I Need Scheduled Airline Failure Insurance? 900 599 James Hallam

Scheduled airline failure insurance (SAFI) provides cover for travel agents and tour operators in the event that an airline goes out of business.

In this post we will provide an essential introduction to SAFI – how it works, what it covers, and who needs to consider it.

What is Scheduled Airline Failure Insurance?

For tour operators and travel agents, it offers financial protection if an airline fails, covering the cost of booking new flights or helping customers stranded abroad.

If your customers are yet to take their flights, it will be a struggle to get a refund from an airline that has gone into administration. Even worse would be if an airline goes out of business before they are due to fly your customers home. This could leave them stranded in a far-off airport, which is why SAFI is so important.

What Does Scheduled Airline Failure Insurance Cover?

The Tour Operator or Travel Agents Net Ascertained Financial Loss which can include:

  • The cost of booking new flights, usually up to an agreed limit.
  • Reimbursement for any flights customers were not able to take.
  • The cost of booking new return flights should an airline go into administration while customers are already abroad.
  • The cost of alternative modes of transport, if no other flights are available.

Most SAFI policies include a number of exceptions. For example, they might not provide cover if you procure flights from an airline that has already gone into administration. It will also not cover any costs associated with the airline’s failure, such as missed connections or reservations.

Who Needs Scheduled Airline Failure Insurance?

Scheduled Airline Failure Insurance is crucial for travel agents and tour operators who depend on reliable airlines to ensure smooth travel for their clients. It helps them book alternative flights and handle disruptions, protecting their reputation and their clients’ travel plans. Plus, this form of cover is highly recommended and encouraged by the Civil Aviation Authority for all ATOL holders which can be a major trust signal for potential and existing customers.

Get Comprehensive Travel Industry Insurance From James Hallam

At James Hallam, we have provided specialist insurance for tour operators and travel agents for over 20 years. We have a thorough understanding of the unique risks businesses face in the fast-moving travel industry.

We will take the time to understand your business so we can tailor the best possible travel and tour insurance programme for you and your customers.

Find out more about our specialist travel industry insurance services.

Protecting your Workforce

Protecting your Workforce 1920 1280 James Hallam

It has been widely reported that staff are fleeing the hospitality industry, following the uncertainty of Covid, Brexit and long working hours. Protecting your staff will always have been a priority, but now holding on to a good loyal team is more important than ever.

Everyone has the right to feel safe in their working environment, but sometimes when tempers are running high or customers are experiencing longer than intended wait times, it can be your team that bear the brunt of their anger.

The James Hallam team have been looking at ways to protect your team’s personal safety in the workplace.

Working Environment

It is important you are committed to creating and maintaining an environment within your hospitality business, that is healthy and where your employees are shown respect and dignity by others.

Where it is expected that all staff, guests, visitors, contractors and any other persons who are on your premises behave in a respectable manner.

You could display a poster for staff and customers making it clear what behaviour is not tolerated. You could include the following:

  • Bullying of any kind
  • Violence of any kind in the workplace
  • Abusive or aggressive behaviour of any kind
  • Harassment, especially of a sexual nature

If any of this behaviour is brought to your attention, take immediate action to investigate and deal with the relevant parties. If employees are found to be guilty of any wrong doing they should be disciplined. If other parties are at fault then the appropriate actions must be followed, this may involve criminal proceedings being brought against an individual.

Violent or Abusive Customers

Whilst we’re sure on the whole your customers are friendly and respectful, it is wise to offer some ‘best practice’ guidance should an incident occur.

Occasionally customers may become embroiled in altercations with other customers or aggressive to staff especially at busy times or when alcohol is involved.

You could ask your employees to look for the potential triggers that could lead to a violent situation:

  • Raised voices, shouting, or use of swearing and offensive language
  • Racial slurs or comments said with the intention of causing offense to others
  • Aggressive gesturing, pushing, to others
  • Veiled or open threats to others

If these potential triggers are identified then there are a number of steps that can be taken with the intention of preventing an actual act of violence or physical abuse occurring.

Firstly, staff should always think of their own personal safety and never try and deal with the situation alone, they should always call for assistance.

  • Advise another member of staff at the earliest opportunity if they sense that there is potential for an incident to occur
  • Talk to the relevant parties and remind them that such behaviour will not be tolerated – advise them not to raise their voice as this may aggravate the situation
  • Instruct that the Police will be contacted if the issues are not addressed

Actual acts of violence and physical abuse are thankfully very rare indeed but it is wise to have procedures in place to make your staff feel protected and safe.

As well as protecting your staff, protecting your business premises, income and liabilities is also key. For more details about insurance for your hospitality business speak to our Hospitality Division today on 020 7977 7856.

Independent Hotel Show 2021

Independent Hotel Show 2021 1920 1280 James Hallam

A fantastic start to the week for the James Hallam Hospitality and Leisure Team by sponsoring this year’s Independent Hotel Show in Olympia, London. The event was incredibly well attended with two days of inspiring showcases, seminars and outstanding networking opportunities.

David Noble, Our Director of Hospitality and Leisure, is pictured below presenting this year’s Outstanding Contribution Award to Peter Hancock. Many Congratulations Peter!

We look forward to seeing you all again next year.

How to look after your mental health while working from home

How to look after your mental health while working from home 1920 1283 James Hallam

The global pandemic, an unstable jobs market and the isolation of working from home has meant we have had to adjust to new ways of living and working. There are some perks to working from home that some of us can enjoy, but feeling stressed, bored, anxious and uncertain is also completely normal. We can all take steps to improve our own mental health by building our resilience and acknowledge your own self care.

For many of us work forms a massive part of our lives so it is not surprising that any changes could affect our wellbeing. Human connections are more important than ever as we continue to work remotely, here are some tips for supporting your mental health and feeling connected while working from home.

How can I help myself and those around me while working from home?

The work life balance. Many workers find it hard to switch off mainly due to the removal of the commute to a physical office location. However put a reminder in your diary to take a break and encourage your team to do the same.
• Get moving. Whether it is indoor or outside, this will help maintain your physical and mental health, you will feel more awake and alert, and your concentration and sleep will improve.
• Establish new ways of working – Trial and error will help you find out what ways of working works best for each individual.
• Get connected. Check in with your team regularly whether it is by video calls, check ins between managers and their teams, Q&A sessions for colleagues to chat through any concerns or any other collaborative platforms to connect with one another.
• Make your team aware of support organisations – There are numerous charities and organisations that can offer support with your mental health while we continue to work from home. Keep your teams informed on how they can get in contact with them.
• Set and stick to a routine – Working from home can be very challenging and isolating, but a structured day can be a good way to address this. Designate a place to work that is free of distractions. Scheduling exercise throughout the day are paramount to maintaining your energy levels.

For more advice on how to look after your own mental health and supporting colleagues while working from home –

Mind’s online community ‘Side by Side’ 

Hospitality Action’s COVID-19 wellbeing hub

Cyber & Data Risks Insurance

Cyber & Data Risks Insurance 1920 1280 James Hallam

Each year when completing a review of their insurances, most businesses will look at uninsured exposures with their insurance broker. Most of these can be reasonably ignored following simple cost-benefit analysis, but cyber is more difficult in that the associated risks and their potential cost to a business are still developing. It is anticipated though that the frequency and severity of such incidents will continue to rise, mirroring the experience of North America where cyber risks are given a higher regulatory and boardroom prominence. In the US it is now estimated that over 75% of corporate businesses purchase cyber insurance.

  • Different businesses will be exposed to cyber risk in different ways; some are reliant on their website to drive turnover, some rely on a hosted accounting or billing system to operate whilst others hold sensitive client data or intellectually valuable data on their systems. There are a multitude of scenarios that leave a business exposed to internal and external electronic threat. The failure of an IT network could be debilitating and a good first step is to identify and take steps to mitigate external and internal IT risks. These include:
    data theft or data loss
  • hijacks where hackers gain control of a system and demand a ransom to restore service
  • bot scams where viruses are used to take over large numbers of computers
  • basic human error (internally generated risks should not be overlooked and continue to be the most common proximate cause to a cyber loss)

Notification costs following the loss of third party data is now a major concern for EU business following GDPR. Safekeeping of data is the responsibility of the customer facing entity, notwithstanding that a third party processing company may have been the party that lost the data and/or contractual terms making a third party responsible for notification. This means if you are hacked and lose your customer data (names, addresses, credit card numbers etc.) you will need to report the loss to the data commissioner, possibly pay PCI fines, pay the cost of notifying your customers that they are at risk, pay for advice to manage their risks and pay PR costs to manage the potential damage to your brand and reputation. All of these risks can be insured and cyber insurance will additionally cover fines and penalties associated with regulatory investigations due to a privacy event.
The other major threat to a business may be the loss of a website and a resultant loss of revenue. Again, this can be insured.

  • The cyber insurance market has been developing at a rapid pace over the past five years as experience has been gained by insurers. Areas of cyber-risk that can now be insured include:
    replacing, restoring or recreating data that has been corrupted or destroyed by network failure or first/third party intervention
  • loss of data and notification management costs
  • criminal threat or extortion to release sensitive information or bring down a network unless demands are met
  • loss of income and extra expenses resulting from when a network is interrupted by attack. Covers criminal hackers, malicious insiders and denial of service (DOS) attacks, (including extortion monies)
  • payment fraud (deception of the insured’s customers into transferring over funds)
  • public relations expenses and crisis management
  • disaster recovery activation costs
  • fines and penalties where insurable by law
  • use of leased / rented external equipment
  • use of third party services
  • additional staff expenditure and overtime payments
  • terrorism risk, including ideological risk (LulzSec, Anonymous etc)

James Hallam Insurance Brokers have been placing cyber risk in the London market for over fifteen years. We source cover to insure against all of the above threats and, in addition, we can protect against risks that the majority of cyber insurers omit. For example, our favoured market will also provide:

  • the provision of first party cover on an “each and every claim” basis, ensuring that policyholders aren’t restricted by a policy aggregate and that the full benefits of cover are available each time a crisis strikes, even if they experience multiple cyber incidents in the same policy period
  • full retroactive cover as standard, meaning that policyholders are covered for breaches they discover during the policy period, even if it first occurred long before. Symantec has reported that the average time to discover a breach is 205 days, making this a particularly important feature
  • an extensive in-house incident response capability to ensure that cyber incidents are dealt with quickly and efficiently in real time. Initial response services are offered with no deductible payable by the insured
  • broader cover for senior executive officers who are regularly targeted in cyber attacks, covering theft of personal funds of individuals as well as those of the company
  • if a suit is brought against directors and officers following a cyber attack, the policy provides affirmative cover in the event that their management liability policy doesn’t respond
  • incident response costs are provided in addition to the policy limit
  • no excess is applied to the initial reporting and investigation costs
  • full systems failure is covered, including resultant business interruption
  • full Supply Chain is covered, including Technology suppliers (and non-Technology suppliers if named)
  • Cryptojacking and Botnetting are included under the definition of Cyber Crime
  • Additional Extra Expense coverage is included for costs above the normal operating expenses of a business
  • Hardware Replacement coverage is included for computer hardware or tangible equipment damaged as a result of a cyber event

Some points to consider when discussing Cyber Risk with your clients

Dealing with a ransomware incident is rarely a simple matter of the ransom payment being made and the business in question automatically regaining access to their systems and data. Even after a ransom payment has been made, and assuming the system can be successfully decrypted, the ransomware can have the unintended side effect of severely impairing the functionality of one or more of a business’s vital systems.

The use of legacy systems can significantly increase the risk of a cyber loss. Generally speaking, legacy systems are not only far more vulnerable to attack, they are also much more susceptible to dysfunction following a cyber attack.

The importance of having data re-creation cover is becoming increasingly apparent. Many cyber policies only provide cover for the cost to recover or restore data from back-ups, but not the costs to re-create or re-enter lost data from scratch. The bulk of the costs to a claim can come from the labour costs associated with manually re-entering data, and brokers should be sure to check that their clients have this important cover in place.

Almost all modern businesses have some form of cyber exposure. Even if a policyholder does not solely rely on their computer systems to carry out work, they will still have an office function that playing a key role in the running of the business. When the computer systems in an office are affected by a cyber event it will almost certainly have a negative impact on the overall business operation and having a cyber insurance policy in place will provide a valuable safety net for the company.

James Hallam can place cyber insurance in the London Market for business domiciled almost anywhere worldwide so please feel free to get in touch if you would like us to assist you and your clients.