During this challenging time, we understand that many of you – and your employees – will now be using your personal devices for work purposes, and might be wondering what this means for your cyber insurance cover with Hiscox.

Generally speaking, your cover will be unaffected by this. There is no need to notify us of this if:

  • any personal devices being used for work purposes have the same level of security as the company’s network. You may wish to check this with your IT or service provider if you are unsure. This includes personal devices being used to connect to cloud resources that were live prior to policy inception; or

  • you and your employees are connecting to company IT systems through secure remote access channels, such as a VPN ( to connect to corporate services such as remote desktop, email or file servers), or to SaaS resources (i.e. Gsuite or Office 365), that were established prior to policy inception. If a larger percentage of the workforce is now connecting via such channels, there is still no need to notify us, so long as the same security standards apply.

Where this is not the case, please notify us of changes to your situation via the contact details listed in your policy documentation, and where possible take the steps necessary to ensure that personal devices being used for work purposes benefit from the same level of security as the corporate network.

You will also need to notify us if you or your employees are handling or processing payment card information (PCI data) while working remotely – whether this is on a personal or a work device.

More information on secure home-working can be found in the guidance produced by NCSC, the UK Government’s National Cyber Security Centre: https://www.ncsc.gov.uk/guidance/home-working (external link).

The Association of British Insurers has published some information to help insurance customers which you might find useful – you can find answers to commonly asked questions at: https://www.abi.org.uk/products-and-issues/topics-and-issues/coronavirus-qa/ (external link).

 

Cyber Insurance Coronavirus FAQs

My staff are now working from home. Will this affect my policy?
In most cases, you will continue to be covered for data breaches and cyber attacks against your business. You should take steps to dissuade employees from sharing business information – particularly if it contains personally identifiable information – to personal email or online storage accounts, such as Dropbox, Google Drive, etc. Damage to employees’ personal devices will not be covered.

I have had to buy new laptops for those staff working from home; do I need to notify you of this?
There is no need to notify us about new equipment, so long as the security measures in place are of the same standard or better than as originally advised.

If my systems can’t cope with the number of remote log-ins, am I covered?
In most instances this will not be covered. Hiscox cyber policies do not cover the degradation, deterioration or reduction in performance of your computer system, nor the reduction or loss of bandwidth unless caused by a malicious act. If, however, you purchase the optional Operational Error cover and the incident is caused by a misconfiguration or other human error then you may have cover.