Updated 22 June 2022
6min read
Modern business depends fundamentally on technology, which makes the risk and impact of cybercrime higher than at any time in the past. What’s more, this trend is likely to continue – making cybersecurity as essential as simply having locks on your office doors.
Cyber insurance exists to help businesses large and small recover in the event of cyberattack. Standard insurance policies don’t typically cover the loss or damage of digital assets, so this sort of policy will be highly advisable unless your business is one of the diminishing number that uses the internet very little.
Here’s how this kind of insurance works.
Cyber insurance is a type of business insurance, designed to protect businesses of any size from the financial consequences of attacks on their work computer systems.
Every day, hackers attempt to access business and personal data. According to the 2020 UK Cyber Security Breaches Survey, 46% of businesses suffered a cybersecurity breach or attack in the last 12 months. Of these businesses, one in five lost money or data to the breach, while two in five faced business interruption.
Cyber insurance policies help minimise the financial and business damage of these hacking attempts, covering costs related to data recovery or business disruption. The policies can also protect against non-criminal loss or damage, such as an IT system failure.
Let’s say you’re a small business that sells leather goods online. Because customers order and pay for your products via ecommerce, you collect customer data including credit card numbers and billing addresses. A cybercriminal hacks into your system, stealing data from 1,000 customer accounts. They shut down your website and demand a ransom in exchange for the data. You spend the day figuring out what to do.
In this scenario, not only is your customers’ data being held ransom, but your website is down and customer accounts are blocked, so you’re losing business and taking hits to your trust levels. Restoring everything will cost you – and this is where cyber insurance will help.
Like any other insurance, you’ll take out a level of cover appropriate to your business and risk level, pay a monthly premium and claim back in the event of an incident. Sometimes, you may not be aware you’ve been attacked until much later. Fortunately, many insurance providers allow you to claim from the date you discovered the breach, and not just from when it actually happened.
There are two types of cyber insurance. Depending on the type of business you have, you can take out one or both:
If your business doesn’t handle a lot of customer data electronically, third-party insurance might not be necessary for you.
Ransomware attacks involve a piece of hostile software (‘malware’) that might encrypt your files, lock your computers or otherwise threaten your IT systems, and then demand money from you in order to release your data or equipment. Such incidents are on the rise, so many cyber insurance policies offer cover for them. Cover might be included in your policy, or it might be available as an optional extra. Check with your insurance provider to see what they offer and at what level. Be sure to ask if they cover the full cost of ransom payments (bearing in mind that these might even not be effective but just another scam), system recovery and other indirect costs (such as business disruption and reputation management) related to the incident.
Like any insurance, cyber insurance policies have their exclusions. These can differ by provider, but, in general, this insurance does not cover:
If your business deals with sensitive customer data, does a lot of business over the internet, and doesn’t have cover from any external cybersecurity providers, cyber insurance is worth investigating.
Businesses with good anti-virus software, or businesses that are small-scale, often think they’re at less risk. It’s true that data protection software is getting more advanced and sophisticated – but so are the cybercriminals. Even with the best defence, no business is fully immune. As for being a small business, it’s worth remembering that size is no obstacle to hackers, when a piece of malware can be multiplied at no extra cost. As larger corporations become harder to target, small businesses may find themselves in the front line of attacks.
A 2018 Hiscox study also found that small businesses face some 65,000 attempted cyberattacks every day. Small businesses are less targeted than medium to large organisations, but more vulnerable to financial collapse from the attack, since they often lack the funds to sufficiently recover.
There are four common types of cybercrime that often catch businesses out:
The price of your cyber insurance policy depends on a few key factors, such as your annual turnover, risk level and the amount of cyber security you have in place. Certain industries, like financial services, are bigger targets for cybercrime because of the amount of sensitive data they carry, so these businesses will need more cover.
There are lots of cyber insurance providers in the UK, and this is a growth industry. To find the insurer best suited to your needs, first talk to your accountant to work out the level of cover you may need, and also consult with your IT provider. An IFA who specialises in small business advice should also be able to help. The important thing is to be clear about your business’s needs before rushing into any particular policy.
Cyber insurance offers a safety net, but prevention is always better than cure. Because a company cannot be completely secure from cybercrime, you should focus on being resilient and proactive. Here are a few steps to introduce today: