Cyber risks in the Life Science industry

An overview of cyber insurance

Cyber is an element of insurance that is often misunderstood, due to its complexities and wide ranging covers.

The cover can broadly be split into two; first party costs arising from an incident interrupting your own systems, and third party costs due to an inadvertent virus transmission or compromising data.

For many, claims arising from criminal acts is the primary cause of concern and can be added to most Cyber polices.

Threats to the life science industry

Breaches in cyber security exist for most businesses in an age where technology has significantly changed human behaviours. Cyber criminals are increasingly sophisticated and such attacks are commonplace; Government statistics show that 75% of large firms suffered some form of hacking in 2019.

Even the most proactive of life science businesses are at risk within this fast-paced and evolving industry. Digitisation for example has created considerable efficiencies by converting physical reporting to digital reporting. This naturally reduces costs and human errors, but brings with it an increased reliance on internal systems which could be compromised.

In the event of an attack, the interruption to a business and its cash flow could be considerable. Systems may be impacted indefinitely, causing an operational challenge and reputational risk, not to mention the associated loss of profit. The same can be said in the event that a business compromises confidential third-party data or has been alleged to have transmitted a virus.

Insuring cyber risks

The ever changing risks of cyber security can be transferred to an insurer, adding reassurance and security. There are plenty of key benefits, not least cash flow being protected.

Insurers commonly now provide a host of additional benefits to risk manage the threat of cybersecurity, such as phishing software, employee training tools and real time intel. This, in addition to 24/7 breach experts often provided, can significantly improve internal practices to manage this risk.

From a cover perspective, insurers will indemnify a business for its costs incurred from any extortion or ransom demand, costs of repairing system damage and rectifying data, breach notification costs, and importantly the associated loss of gross profit.

In the event of cyber infringements harming a third party, insurers can also cover defending and settling such allegations, in addition to associated PCI fines.

A pivotal tool to recovering from any cybersecurity incident should be averting and mitigating any damage to the reputation of businesses and a specialist Cyber insurance policy will can provide an outsourced PR consultancy, specifically for this purpose.

Summary

For life science businesses that rely on their IT systems, preventative measures and internal procedures should be at the forefront of handling cybersecurity risks.

Insurance cover should be an important component too, transferring the various risks and consequences to insurers. Insurers will not only cover the financial and reputational costs, but provide added value services to compliment existing internal procedures.

About the author