Skip to Content

Key Sales Themes

CyberEdge recognises the extreme importance of an early, expert and effective response to a cyber event.  It delivers exactly that as quickly as possible for the initial 48 or 72 hours, with no policy retention or erosion of policy limits.

A RAPID RESPONSE    

Our expert Legal and IT first respondents are contracted directly by AIG for the first 48 or 72 hours.  There are no time consuming pre-approvals during this period so they can get straight to work without delay, often over holidays and weekends, to assess the threat and protect the business as quickly as possible.

NO PROOF?    

A cyber event doesn’t have to be confirmed to get the benefit of First Response.  Even if your clients  just suspect they may have been breached, our rapid, expert team of Legal and IT Forensic respondents is standing by to assist any time of the night or day, 365 days a year.

TOO BIG TO BENEFIT?    

We know from experience of handling cyber claims that even large businesses with their own Security Operations Centers (SOCs) have benefitted from First Response.   Often the SOC can advise the business what has happened after a cyber breach, but may not have the expertise to effectively address it.

NO RETENTION!    

CyberEdge First Response is provided for either 48 or 72 hours.  The costs are taken care of directly by AIG with the relevant respondents without any policy retention and no erosion of the client’s CyberEdge policy limits,

ORDER FROM CHAOS     

The impact of a cyber event can be traumatic. Internal tensions can run high and pressures from stakeholders can be intense especially when systems are unavailable endangering revenue.  In this crisis environment First Response establishes a clear legal and IT framework for business protection and recovery.

First Response Slideshow

Our independent expertise legal and forensic IT specialists have assisted clients with numerous cyber incidents, Cyberedge  is on call to deliver this expertise to your clients 24/7.

LEGAL    

An essential aspect of a cyber breach, especially given the GDPR, is for businesses to understand and discharge their responsibilities around reporting the incident to regulators and notifying individuals potentially impacted.  CyberEdge covers the costs of specialist legal support to guide clients through these requirements.

FORENSIC IT  

CyberEdge covers the costs of expert forensic IT services to investigate and assess: how the third party attacker entered the system, what they did while they were there, whether they are still in the system, what data has been infiltrated, and what needs to be done to contain the incident and prevent reoccurrence.

DATA RESTORATION  

A key concern for many businesses after a cyber-attack is restoring the data and getting their systems back online.  CyberEdge covers the costs of data recovery and reinstalling software which can be done by either our specialist IT advisors or the Insured’s own IT providers.

 

NOTIFICATIONS   

The numbers of customers to communicate with will depend on the data breached, and could potentially be very large.  Communication to customers has to be made without “undue delay”.  CyberEdge pays for the necessary costs of doing this (for instance setting up mass mail programmes or call centres).
 

 

MANAGING COMMUNICATION   

The Insured is also entitled to PR and communications advice, such as professional “behind the scenes” advice and guidance around managing communications with customers and potential customers, preparing on and offline statements for stakeholders etc
 

 

AS LONG AS IT TAKES  

With CyberEdge, there’s now no time limit on how long we’ll pay event management costs to get the incident under control. CyberEdge clients get the benefit of expert cyber services (including  Legal, IT, PR, Data Restoration and Breach Notification costs) until the incident is resolved – no matter how long it takes.
 

CyberEdge delivers expert legal help navigating the regulatory landscape (in the spotlight after the GDPR) and covers liabilities to other people resulting from a cyber breach.

GDPR SUMMARY    

The GDPR sets standards for organisations holding peoples’ personal information (eg names, emails, photos).  The standards include that data held has to be: limited to what’s necessary, accurate, accessible, removable if people so wish and secure. Data breaches have to be notified to the data regulator and affected people within 72 hours and maximum fines for non-compliance are €20million, or 4% of turnover.

GDPR COVER    

CyberEdge covers insurable GDPR fines, the costs of expert legal guidance around regulatory notifications after a breach and the necessary legal defence and representation costs (e.g. should there be an investigation).

THIRD PARTY CLAIMS    

People can claim against organisations for financial loss and distress if they feel their personal data has been misused or not taken care of.  Cyberedge Security and Privacy Liability covers defence costs and damages for such claims. (Looking ahead any trend towards class action claims that we’ve seen in the US for large security breaches, would generate very high costs, also covered.)

As one of the more increasingly prevalent cyber threats facing businesses, CyberEdge covers an extensive range of specialist services to combat the use of ransomware for cyber extortion.

INDISCRIMINATE ATTACKS

Indiscriminate ransomware attacks threaten businesses of all sizes and sectors. Typically, malware may be introduced into a business by a phishing attack leading an employee to click on an affected link resulting in the automatic encryption of files which are rendered inaccessible. The encryption key is offered in exchange for a payment.

TARGETED RANSOMWARE    

At the other end of the extortion spectrum, our cyber claims teams are seeing more targeted attacks.  Often mounted against larger hand-picked organisations, we have seen instances where large chunks of the businesses’ server have been encrypted followed by large 5 and even 6 figure ransom demands.

POST RANSOM ISSUES    

Even after a ransom is paid to decrypt files, the cost and the disruption caused by the attack is still not over.    A painstaking forensic process is necessary to double check that the decryption will work, affected data needs to be isolated to prevent reinfection and files need to be cleaned before everything is reinstalled.

 

EXTORTION COVER   

CyberEdge recognises these escalating threats to businesses, and covers a full range of cyber extortion services from investigations to validate a threat, to containment and negotiations to end an extortion event through to ransom payments.  We also cover the increasing use of Cryptocurrency to pay agreed ransoms.
 

CyberEdge Network Interruption includes major improvements to get clients’ businesses back on track after a cyber loss.

WHAT’S COVERED  

Network Interruption covers loss of income, mitigation expenses and forensic accountant’ costs to quantify the loss when business operations are interrupted by selected events: cyber-security breach, system failure and voluntary shutdown to contain a cyber incident.

OUTSOURCED SERVICE PROVIDERS

Cyber Network Interruption can also be extended to cover losses from security breaches or system failures at clients’ Outsourced Service Providers such as cloud providers, web hosting providers or payment processors.

HOUR ZERO COVER     

Once cover is triggered after the waiting period has elapsed and subject to the deductible, CyberEdge Network Interruption covers losses from the moment the cyber event occurs. This makes it as easy as possible to calculate the direct impact of a cyber event on the clients’ revenue and profit.

 

BEST-OF-BOTH-WORLDS   

Different geographies may have different methods of assessing interruption losses. To ensure clients get the best settlement for their business wherever they are, we can calculate the loss on a Gross Profit or on a Net Profit basis - whichever is the most appropriate for the client.

Our smart cyber proposal form adapts to the clients’ business and cyber exposures as it’s completed, it then generates an immediate analysis of the client’s cyber posture with a more detailed analysis if they bind a CyberEdge policy.

IMMEDIATE SUMMARY    

If a client provides an email address they will receive a summary report based on their application responses.  This includes their score summary, baseline risk trending, top cyber risk scenarios, cyber risk reducing controls, and more.  See the movie below for sample content.

DETAILED ANALYSIS    

Upon binding coverage, the client will be emailed a more detailed analysis of the their cyber maturity, including additional risk scores, prioritized practices for improvement, scenario likelihoods, control effectiveness details, and more. See the movie below for sample content.

Cyber Smart Application

AIG Cyber clients with premiums over £5,000 are entitled to a range of loss prevention tools adding valuable layers to their lines of cyber defence.

£10,000 VALUE    

Complimentary tools and services worth up to £10,000 are included with each CyberEdge policy for eligible clients to provide knowledge, training, security, and consultative solutions. These services include:

ELEARNING AND PHISHING    

Cybersecurity simulations for employees available in 11 languages.  These measurable training programmes are designed to reinforce employee understanding and implementation of clients’ security policies.

BLOCKING AND PROTECTION   

Blacklist IP Blocking and Domain Protection, reduces an organisation’s attack surface by up to 90% ahead of the firewall by leveraging vast threat intelligence repositories, geo-blocking and black-list automation.

VULNERABILITY SCANNING  

Clients select up to 250 of their IP addresses for expert analysis for critical vulnerabilities that are open to criminal exploitation, with a follow up scan 90 days later to verify remediation efforts.

 

CYBER ORIENTATION   

One-on-one session with AIG Cyber Risk Consulting to address client’s questions about their cyber risk posture and to introduce AIG and vendor services to improve their cyber risk.
 

 

ENDPOINT DETECTION   

Clients can implement an advanced threat detection capability across their environment, coupled with an incident response retainer, for on-demand access to aid in protecting and responding to cyber events.
 

 

SECURITY RATINGS   

Using an easy A-F grading system, clients are scored from an “outside-looking-in” perspective of their overall cybersecurity in ten key risk categories .
 

 

PORTFOLIO DIAGNOSTIC   

Experts review the client’s entire property and casualty portfolio to determine how it is anticipated to respond to the spectrum of cyber predicated financial and tangible losses.
 

 

NETWORK SECURITY SCORING  

Using an easy A-F grading system, clients are scored from an “outside-looking-in” perspective of their overall cybersecurity in ten key risk categories .

CyberEdge’s standard essential coverages and a range of extensions mean you can calibrate your clients’ cyber protection around their specific operational requirements.

FIRST RESPONSE  AND EVENT MANAGEMENT     

Covers a wide range of services to get the business back on track after a cyber event including Legal, IT, PR, Data Restoration and Breach Notification costs. Underpinned by 24/7 First Response with immediate legal and IT support after a cyber breach – with no policy retention for the first 48 or 72 hours.

SECURITY & PRIVACY LIABILITY    

Third-party liability cover from breaches of confidential info, security failure, failure to notify the regulator and breaches of PCI compliance. Includes defence costs and insurable fines in relation to any regulator of Data Protection legislation worldwide.

CYBER EXTORTION    

Covers an extensive range of specialist services to combat the use of ransomware for cyber extortion. From conducting investigations to validate a threat, to containment and negotiations to end an extortion event through to ransom payments.

NETWORK INTERRUPTION    

Covers loss of income, mitigation expenses and costs to quantify the loss when operations are interrupted by selected events: cyber-security breach, system failure and voluntary shutdown. Can be extended to cover losses from security breaches or system failures at OSPs.

ELECTRONIC DATA INCIDENT  

Covers accidental damage or destruction of a company’s computer system (including  for instance power surges, natural disasters, overheating, physical vandalism).

 

DIGITAL MEDIA   

Covers damages and defence costs for breaches of third party intellectual property, or negligence in connection with electronic content.
 

 

TELEPHONE HACKING   

Covers charges from unauthorised access and use of a business’s telephone system, regardless of whether initiated on or off their premises.
 

 

COMPUTER CRIME   

Covers direct financial loss from fraudulent electronic fund transfers from the client’s account arising from a cybersecurity breach.
 

 

GOODWILL COUPON   

Covers costs of offering customers a Goodwill Coupon if confidential information has been breached or if individuals have been unable to access a service due to disruption.

 

CRIMINAL REWARD FUND   

Covers costs of a reward fund for information leading to the arrest and conviction of individuals (including staff, hackers etc) committing illegal acts relating to cover provided under a CyberEdge policy.

As a world leading cyber insurer AIG has handled thousands of cyber claims.  In such a fluid and volatile environment we have clear view of the emerging trends facing businesses, and regularly publish our findings to inform brokers and businesses. 

(See “Resources” section.)