Take a quick look around your office. How many computers do you see? How often do you communicate with your colleagues or clients using web calls or email? If you’re one of the millions of people who are able to work from home, how many digital devices are there in your home office that allow you to connect to your colleagues, join remote meetings and collaborate on work documents?
There’s no doubt that we’re living and working in a digital age, and it’s connecting us like never before. Companies also handle more data than ever about their customers and workforce. From names and addresses to bank details, health conditions and even location. This sensitive data and the hazards posed by working in an online world mean that companies are at risk from cyber-attacks and are considering cyber insurance.
Cyber insurance is a relatively new kind of insurance for businesses, and many people will be unsure about what it covers, or if they even need it. The first modern policy for cyber insurance was only created in 2000, but the market is expected to hit $27.83 billion by 2026. Cyber insurance take-up in the UK is relatively low, only 13% of SMEs have cyber insurance as of 2020. It’s understandable that businesses want to protect their bottom line and not buy more insurance policies than they need, but if your business is vulnerable and left unprotected from cyber attacks, then this could be a false economy.
With the rise in global cyber incidents, businesses need to prioritise their cyber security and decide whether cyber insurance should be a part of their strategy. If you’re unsure about whether you need cyber insurance, what it covers and how it could help your business, then read on to find out more.
What is cyber insurance?
Cyber insurance—also known as cyber liability insurance or cyber risk—is a kind of insurance cover that protects your business in case of cyber incidents. This kind of insurance helps to minimise business interruption as well as the financial fallout from a cyber attack. Cyber insurance protects businesses from internet-based risks and covers your business’ liability in the case of a data breach.
As well as dealing with financial losses associated with a data breach or cyber attack cyber insurance can also help your business manage and recover its reputation which can take a serious blow if customer data has been exposed.
Why is cyber insurance important?
Cyber insurance is important because more and more companies rely on technology and connectivity to the internet to store information, conduct daily business tasks and connect with others. This puts them at risk from attacks by cybercriminals who can leak sensitive customer data or hold it hostage. Hackers can also get into computer systems and block businesses from accessing their digital assets or stealing money from the company. These are just a few ways that companies can fall victim to cybercrime, and even the best cyber security policy may not always protect against these risks.
With more people working from home due to the COVID-19 pandemic, businesses have increased their reliance on technology out of the office. Their employees need to be able to connect with their colleagues, which means connecting to the internet at home. With this comes increased risk. Plus, some employees may not be as robust with their computers and laptops at home as they should be. Their internet at home may be less secure than in the office. If they don’t follow the company’s cyber security policy diligently or forget to update their laptop’s virus protection software, then they are potentially putting company data at risk.
Sadly, cyber attacks aren’t isolated events. According to a The NFIB Fraud and Cyber Crime Dashboard there were over 400,000 reports of fraud and cybercrime in the UK in 2021, and this kind of criminal activity is costing businesses serious money. The average cost to small businesses from cyber attacks is thought to be around £65,000. This includes costs from business interruption, financial penalties and damaged assets. A malware attack alone can cost a business an average of £25,000.
The introduction of GDPR (General Data Protection Regulation) has forced companies to carefully consider how they store data and protect the privacy of their customers. The regulation has also given companies more obligations in dealing with customer data, such as ensuring the customer’s right to be forgotten.
Companies who fall foul of the GDPR rules run the risk of serious fines (up to €20 million, or 4% of the firm’s worldwide annual revenue from the preceding financial year, whichever amount is higher for serious infringements) and as such will want to make sure that they have a strong cyber security policy in place as well as the right insurance cover in case the worst should happen. However, it should be remembered that cyber insurance can’t insure you against all GDPR-related liabilities, such as fines, and you should check the details of your policy to ensure you have appropriate cover.
As well as business interruption and financial losses, cyber attacks can severely damage the reputation of companies. Cyber insurance can help companies manage their reputation after an attack by giving them access to crisis management experts.
All these reasons demonstrate why cyber insurance is so important and how easy it is to fall prey to cyber incidents. The risk is significant, and companies need robust protection from their insurers.
Is cyber insurance a legal requirement?
No, cyber insurance is not a legal requirement. However, following the introduction of GDPR and the increased risks to businesses from data breaches and the high costs associated with cyber attacks many companies feel that it is worthwhile to invest in cyber insurance.
What does cyber insurance cover?
Cyber insurance coverage will vary from provider to provider. However, it will usually include some of the following:
- Costs associated with recovering lost data
- Reputational costs
- Business interruption costs
- Loss or damage to digital assets
- Support during and after a cyber incident
- Costs associated with your legal defence
- Customer notification about a data breach
What does cyber insurance not cover?
If a data breach or cyber attack is caused by the company itself or poor cyber security, then it’s likely that it will not be covered by a cyber insurance policy. Also, if the company loses business due to a reputation of having poor cyber security, then these losses will not be covered by a cyber insurance policy.
Many cyber insurance companies won’t cover costs associated with paying cybercriminals after a ransomware attack, although some do so to ensure you check your policy.
Preventable cyber attacks are generally not covered by cyber insurance. For example, if a company knows about something that will leave it vulnerable to a cyber attack, and doesn’t take steps to fix it, then this will not be covered.
Who needs cyber insurance?
You don’t need to be a business that focuses on digital services to be worried about cybersecurity or find cyber insurance useful. Any business that handles, creates, or stores customer data online could benefit from having a cyber insurance policy. This data could include credit card details, email addresses, dates of birth or any other personal information which is valuable to cybercriminals.
This kind of data can be sold by criminals on the dark web, with stolen banking logins sold for an average of $120 and some credit card details fetching an average of $240. Essentially, the data you hold on your customers is worth money to hackers, and it is worth their time to try and get hold of it. As such, cyber insurance (and a sturdy cyber security system) will give you peace of mind.
Also, if you think your business would suffer from downtime caused by a cyber incident, then cyber insurance could be a valuable investment for you.
The fact is that almost any company, however big or small, could find itself the victim of a cyber attack. Several well-known companies have found themselves hitting the headlines due to data breaches and have had to pay some significant fines as a result.
In September 2018 Hotel Marriott International discovered that it had suffered a data breach that impacted 500,00 guest records (the actual breach had happened in 2014). Data compromised included guests’ phone numbers, addresses, passport numbers date of birth and even card data. The company was fined £18.4 million Information Commissioner’s Office (ICO) in 2020 for failing to meet security standards.
Smaller companies will find themselves less of a target as they will have fewer data records, but they are still at risk from hackers, and as such cyber insurance can provide peace of mind in case something should go wrong.
What are the most common cybercrimes?
Some of the most common cybercrimes that affect businesses today include:
Malware: This is dangerous software that can install itself on your systems by a user clicking on a malicious link or attachment.
Phishing: A fraudulent message, often sent by text message or email, designed to trick someone into revealing sensitive information or installing malware. Often this message appears to be from a legitimate institution, like a bank and uses a sense of urgency to get their victims to respond.
Ransomware: This kind of attack encrypts your digital assets and then demands a ransom for you to get them back. If the victim doesn’t pay the ransom, then the hacker may threaten to publish the encrypted data online.
Denial of Service (DoS): These attacks work by oversaturating machines or networks, making them unusable for their intended users.
Managing cyber risks
To help keep your business as secure as possible there are things you can do to manage cyber risks. These include:
Back up your data. Obviously, it would be preferable not to be attacked or lose data in the first place, but having a backup can help to minimise the disruption to your business in the worst-case scenario. You could also encrypt your data for extra security.
Educate your employees. Make sure that your employees know the risks and how to act safely online, such as not opening suspicious emails and attachments.
Create safety protocols. Enforce safe password practices and make sure that all company machines are protected by up to date anti-virus software.
Perform due diligence. If you need to share data with a third party, check their privacy and security standards first.
Have a cyber risk plan. In case you are targeted by hackers, have a cyber risk plan in place that details how the company will respond.
Keep software up to date. Outdated software can expose your company to threats from hackers looking to exploit vulnerabilities.
Do I need cyber insurance if I have cyber security?
Even if a company has the toughest cyber security practices, it can’t guarantee that it will never fall victim to a cyber attack. If your company does suffer a data breach, then insurance can offer a valuable lifeline, and help you to cover the costs for things such as legal fees
Likewise, if you have cyber insurance, this will not protect you against a cyber attack, although most insurers will require you to have protection in place before offering cover. Even if you have cyber insurance, it is good practice to have cyber security systems in place to protect your business from attacks.
How much does cyber insurance cost?
There’s no single answer when it comes to the cost of cyber insurance. The amount you pay will depend on the nature of your business, and the size of its annual revenue. The cost will also go up or down depending on the level of risk, such as how much and what kind of data the business handles, how many employees work at the company and the industry you work in.
The strength of the business’ cyber security policies will also have an effect on how much cyber insurance costs, another reason to invest in the cyber security of your company.
Cyber insurance is a relatively new kind of insurance. As online risks evolve and hackers become smarter, then companies will have to step up to ensure that their data is well protected and that they have the right insurance in place in case they fall victim to a cyber attack. Cyber insurance can protect your business and provide a financial lifeline and support your business if you find yourself dealing with this type of crime.