RM-9.1.12

Location:

Versions

Past version: Effective from 01 Oct 2019 to 30 Sep 2021
To view other versions open the versions tab on the right

Licensees must arrange to seek cyber security risk insurance cover from an independent insurer once the assessment of cyber security risk is complete. The insurance policy may include some or all of the following types of coverage, depending on the risk assessment outcomes;

a) Crisis management expenses such as costs of notifying affected parties, costs of forensic investigation, costs incurred to determine the existence or cause of a breach, regulatory compliance costs, costs to analyse the insured's legal response obligations;

b) Claim expenses such as costs of defending lawsuits, judgments and settlements, and costs of responding to regulatory investigations;

c) Policy must also provide coverage for a variety of torts, including invasion of privacy or copyright infringement. First-party coverages may include lost revenue due to interruption of data systems resulting from a cyber or denial of service attack and other costs associated with the loss of data collected by the insured.

Added: October 2019