Password Managers, Your Business, and Cyber Insurance

Cyber insurance has become an increasingly important consideration for businesses in Hong Kong and around the world in recent years, as the frequency and severity of cyber-attacks continue to rise.

The recent hack of LastPass, a popular password management service, is a reminder of the importance of having adequate protection in place to mitigate the financial and reputational risks associated with any cyber incident.

LastPass was hacked in June 2021, twice again in 2022, and finally notified users on December 22 2022 that the attackers managed to gain access to the email addresses, password hints, and hashed passwords of all users.

The company stated that no sensitive user data was accessed or stolen. However, it should be noted that although no plain text passwords were compromised, the hackers who successfully accessed the LastPass systems do have access to the vaults of customers. This means that the attackers know which platforms contained accounts relating to the compromised vaults, and can consequently attempt further (targeted) attacks.

The incident is severe and highlights the potential consequences of a cyber breach for both LastPass and customers which use the service to manage their login data.

In the aftermath of a cyber-attack, including attacks like those which have impacted LastPass over the last year, businesses may face a range of financial losses. These losses can include the costs of simply responding to a cyber incident; such as hiring forensic experts and legal counsel, as well as the cost of lost business and damage to the company's reputation.

Cyber insurance can help to mitigate these risks by providing financial protection against the costs associated with a cyber-attack.

Cyber Insurance for Businesses in Hong Kong

There are a range of cyber insurance policies available in Hong Kong, with coverage options including data breach response, business interruption, and cyber extortion.

Some of the specific coverage options offered to businesses purchasing cyber insurance include:

• Data breach response: This coverage helps businesses respond to a data breach by providing access to legal and technical expertise, as well as covering the cost of notification and credit monitoring services for affected customers.
• Business interruption: If a cyber-attack disrupts a business's operations, this coverage can help to compensate for lost income and additional expenses incurred as a result of the interruption.
• Cyber extortion: If a business is threatened with the release of sensitive information unless a ransom is paid, this coverage can help to cover the cost of the ransom and provide legal and technical support to deal with the threat.
• Liability coverage: This coverage protects businesses against claims made by third parties, such as customers or suppliers, who may have suffered losses as a result of a cyber-attack.

It is important for businesses to carefully review the terms and conditions of a policy to ensure that it provides adequate coverage for their specific needs.

One key consideration for businesses in Hong Kong is the need for a policy with global coverage, as the interconnected nature of the internet means that a cyber-attack can originate from anywhere in the world and still have a significant impact on a local business.

Business Support with Cyber Insurance

In addition to financial protection, a good cyber insurance policy should also provide access to a range of support services, including legal and technical expertise, to help businesses respond to and recover from a cyber-attack.

These services can be invaluable in helping businesses navigate the complex and often confusing aftermath of a cyber incident. This could include public relations support to mitigate damage to the company's reputation, as well as business interruption coverage to compensate for lost income and additional expenses incurred as a result of the interruption.

While cyber insurance can provide valuable protection for businesses in Hong Kong, it is important to note that it is not a substitute for robust cybersecurity measures. It is essential for businesses to have strong security protocols in place to prevent cyber-attacks from occurring in the first place. This includes regularly updating software and systems, using strong passwords, and educating employees on how to identify and prevent cyber threats.

Investing in cybersecurity measures is not only important for protecting against cyber-attacks, but it can also help businesses qualify for lower premiums on cyber insurance policies. Many insurers consider the security measures a business has in place when determining the price of a policy, and businesses with strong cybersecurity measures may be eligible for lower premiums.

The need for Cyber Insurance in Hong Kong

The recent hack of LastPass serves as a reminder of the importance of cyber insurance for businesses in Hong Kong and the need to prioritize cybersecurity measures. By taking the necessary precautions and investing in cyber insurance, businesses can protect themselves against the financial and reputational damage caused by a cyber incident.

In the case of the LastPass hack, businesses that had invested in cyber insurance may have been able to turn to their policy to cover the costs associated with responding to the incident and mitigating the impact on their customers. This could have included access to legal and technical expertise to help with the investigation and remediation efforts, as well as the cost of notification and credit monitoring services for affected customers.

Free Cyber Insurance Advice

If you, or your business, would like to explore your Cyber Insurance options in Hong Kong our team of expert insurance brokers is ready to assist you. We offer independent, no-cost, no-obligation consultations enabling your key stakeholders to benchmark the products that best meet your risk profile and only pay for the coverage you need.

For more information Contact Us Today.

CCW Global – We’re simplifying your insurance.