During this challenging time, we understand that many of your clients – and their employees – will now be using personal devices for work purposes, and your clients might be wondering what this means for their cyber insurance cover with Hiscox.
Generally speaking, your clients cover will be unaffected by this. There is no need to notify us of this if:
- any personal devices being used for work purposes have the same level of security as the company’s network. Your clients may wish to check this with their IT or service provider if they are unsure. This includes personal devices being used to connect to cloud resources that were live prior to policy inception; or
- your clients and their employees are connecting to company IT systems through secure remote access channels, such as a VPN ( to connect to corporate services such as remote desktop, email or file servers), or to SaaS resources (i.e. Gsuite or Office 365), that were established prior to policy inception. If a larger percentage of your clients workforce is now connecting via such channels, there is still no need to notify us, so long as the same security standards apply.
Where this is not the case, please notify us of changes to your situation directly or via your broker. Where possible, your please take the steps necessary to ensure that personal devices being used for work purposes benefit from the same level of security as the corporate network.
You will also need to notify us if your clients or their employees are handling or processing payment card information (PCI data) while working remotely – whether this is on a personal or a work device.
More information on secure home-working can be found in the guidance produced by NCSC, the UK Government’s National Cyber Security Centre: https://www.ncsc.gov.uk/guidance/home-working(external link) (external link).
The Association of British Insurers has published some information to help insurance customers which your clients might find useful – they can find answers to commonly asked questions at: https://www.abi.org.uk/products-and-issues/topics-and-issues/coronavirus-qa/(external link) (external link).
My staff are now working from home. Will this affect my policy?
In most cases, you will continue to be covered for data breaches and cyber attacks against your business. You should take steps to dissuade employees from sharing business information – particularly if it contains personally identifiable information – to personal email or online storage accounts, such as Dropbox, Google Drive, etc. Damage to employees’ personal devices will not be covered.
I have had to buy new laptops for those staff working from home; do I need to notify you of this?
There is no need to notify us about new equipment, so long as the security measures in place are of the same standard or better than as originally advised.
If my systems can’t cope with the number of remote log-ins, am I covered?
In most instances this will not be covered. Hiscox cyber policies do not cover the degradation, deterioration or reduction in performance of your computer system, nor the reduction or loss of bandwidth unless caused by a malicious act. If, however, you purchase the optional Operational Error cover and the incident is caused by a misconfiguration or other human error then you may have cover.