Cyber Risks and Insurance:
The Legal Principles
Dean Armstrong QC
Thomas Steward
Shyam Thakerar
This book is for my son, Freddie Armstrong. He is my whole world. For my mum and dad, Merle and Paul Armstrong, whose love and support continues to light my way. For my sister, Paula Cooke, and for Oliver and Anna Cooke, who are always there with help, support and kindness. And for Georgie.
For Daisy
I dedicate this book to my Mum and Dad whose sacrifices and endless support enabled me to reach the Bar. To my elder siblings, Harshiv and Janaki, thank you for pushing me with the examples you set. To my fianc, Anahita, thank you for inspiring me to better myself every day. Welcome to the world, Baby K!
BLOOMSBURY PROFESSIONAL
Bloomsbury Publishing Plc
50 Bedford Square, London, WC1B 3DP, UK
1385 Broadway, New York, NY 10018, USA
29 Earlsfort Terrace, Dublin 2, Ireland
BLOOMSBURY and the Diana logo are trademarks of Bloomsbury Publishing Plc
Copyright Bloomsbury Professional Ltd 2021
All rights reserved. No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or any information storage or retrieval system, without prior permission in writing from the publishers.
While every care has been taken to ensure the accuracy of this work, no responsibility for loss or damage occasioned to any person acting or refraining from action as a result of any statement in it can be accepted by the authors, editors or publishers.
All UK Government legislation and other public sector information used in the work is Crown Copyright . All House of Lords and House of Commons information used in the work is Parliamentary Copyright . This information is reused under the terms of the Open Government Licence v3.0 (http://www.nationalarchives.gov.uk/doc/open-government-licence/version/3) except where otherwise stated.
All Eur-lex material used in the work is . European Union, http://eur-lex.europa.eu/, 1998-2021.
British Library Cataloguing-in-Publication Data
A catalogue record for this book is available from the British Library.
ISBN: PB: 978-1-52651-413-4
ePDF: 978-1-52651-415-8
ePub: 978-1-52651-414-1
Typeset by Evolution Design and Digital Ltd (Kent)
To find out more about our authors and books visit www.bloomsburyprofessional.com. Here you will find extracts, author information, details of forthcoming events and the option to sign up for our newsletters
The rapid advancement of technology over the past two decades has altered almost every aspect of our daily lives from the way we work, to the way we interact with our friends and family, to the way we engage with society as a whole.
With every development comes risk. The huge benefits that a digital age brings should also come with a health warning. The risks in cyber can affect national security, personal identity and economic well-being. Data loss, the hacking of machines and ransomware attacks are just a few examples of the risks that companies and legal practitioners should be aware of, and the aim of this book is to provide readers with practical advice as to what to look out for and how best to prevent or mitigate any damage caused when a cyber incident occurs.
When damage or harm occurs, we look to insurance to compensate for financial harm. Cyber insurance, in its many and varied forms, is now a must-have for the vast majority of businesses but how does it differ from traditional insurance cover? What are the key clauses that a business needs to be aware of when taking out a policy and where might they still be vulnerable even after doing so? The challenge when a traditional market has to deal with new issues is always strong. This book seeks to address, consolidate and inform practitioners, corporate officers and in-house advisers how best to meet these obstacles with reference to practical examples.
In addition to covering overarching themes we focus on specific sectors such as shipping and energy to see how cyber risks and insurance operate in a commercial setting. Readers will therefore find not only an overview of cyber risks and insurance, but also one that is embedded in commercial reality.
We would like to thank Ceri Davis of 36 Commercial for her invaluable input into the content of chapters 2, 3, 7 and 14.
The law quoted in this work is up to date as of 31 May 2021.
Dean Armstrong QC
Thomas Steward
Shyam Thackerar
[All references are to paragraph number.]
Automated and Electrical Vehicles Act 2018 |
Pt 1 (ss 18) |
s 2(1) |
s 2 (1)(c) |
s 2 (2)(a) |
s 2 (3)(a) |
s 3(2) |
s 8(1)(a) |
Computer Misuse Act 1990 |
s 1 |
s 2 |
s 3 |
s 3ZA |
s 3ZA (1) |
s 3ZA (2), (3) |
s 3ZA (4) |
s 3ZA (6), (7) |
s 3A |
s 4(1), (2) |
s 5(1A) |
s 5 (2)(3A) |
Data Protection Act 1998 |
Pt V (ss 4050) |
s 55 |
ss 55A55E |
Data Protection Act 2018 |
Pt 2 Ch 2 (ss 620) |
Pt 2 Ch 3 (ss 2128) |
s 17A |
s 17C |
s 21(1), (2), (4), (5)(7) |
s 22(1) |
ss 2428 |
Pt 3 (ss 2981) |
s 55A(3B), (3C) |
Pt 4 (ss 82113) |
s 115(1) |
s 116(1) |
s 119A |
s 122(5) |
Pt 6 (ss 142181) |
ss 142145 |
ss 146147 |
ss 149153 |
ss 155159 |
ss 167, 168 |
s 170 |
s 170 (4)(5) |
s 171 |
s 173 |
s 182(2) |
s 196(1)(2) |
s 197(1) |
s 199(1) |
Sch 1 |
Pt 1 (paras 14) |
Pt 2 (paras 528) |
para 5(1) |
para 20 |
para 20 (1) |
para 20 (2), (3), (4) |
para 20 (5) |
para 20 (6) |
Pt 3 (paras 2937) |
paras 36, 37 |
Pt 4 (paras 3841) |
paras 39, 40, 41 |
Sch 16 |
para 2(2) |
para 3 (3) |
Sch 20 |
para 58 |
Sch 21 |
para 4(1) |
para 5(1)(a)(b) |
para 5(1) (e)(f) |
para 5(1) (e) |