What is cyber insurance?

With nearly half of businesses reporting incidents of cybercrime, digital security should be high on the priority list. Here’s how cyber insurance can help keep you and your customers safe.

What is cyber insurance?

Cyber insurance policies protect your business from a range of digital threats including data breaches and hacking. Individual policies will vary but cyber insurance means you’ll be able to access expertise and cover any losses.

Policies are also known as cyber risk insurance and cyber liability insurance.

Who needs cyber insurance?

If your business stores or collects any sort of data or has an online presence, cyber insurance could be a wise investment. For example, if you:

• Keep a database of employee information including names, National Insurance numbers, bank details.
• Store customer information including names, addresses, and payment details.
• Have an online store or website.
• Rely on online services or computers to run your business.

Cyber insurance isn’t a legal requirement, but it does mean you’ll be able to resolve cyberattacks quickly, helping you minimise reputational and financial loss.

What does cyber liability insurance cover?

Cyber insurance covers losses because your IT network has been compromised.

It’s important to remember that policies will vary according to your needs, but you’ll typically be covered for:

• Breach expenses – investigating the cause of the breach.
• Data loss – funds the cost of repairing corrupted data.
• Business interruption – compensates you for loss of income and can also cover any extra costs incurred by downtime.
• Criminal activity – including extortion and fraud through compromised data.
• Reputational damage – crisis management and PR costs.

What does cyber insurance not cover?

All insurance policies come with exclusions although the specifics may be different according to the insurer’s own terms and conditions. Common exclusions include:

• Recklessness or negligence – for example, you might not be covered if your network is unsecured or hasn’t been properly patched.
• Loss caused by infrastructure – you’re unlikely to be covered if you suffer data loss because of failed utilities such as a power cut or problems with your internet provider.
• Physical property – hardware is rarely covered unless your policy specifically covers equipment rendered inoperable because of a cybercrime.

It’s also worth checking whether your policy has a time limit – for instance, you might have to report a cyber attack within a certain time period. This isn’t an issue when an obvious crime is taking place like a ransomware attack. But, if an attack is subtle or can masquerade as something else like a DDoS attack, it can be harder to spot.

How much does cyber security insurance cost?

Cost is influenced by a number of factors, including:

• The size and nature of your business.
• The amount and type of data you store or the activities you carry out.
• How many employees you have.
• The size of your network.
• What security features you have in place.

Fundamentally, insurance is all about risk and premiums are often a reflection of that. In other words, the more vulnerable a business is to attack or the more expensive the consequences, the more you can expect the premium to be.

What to look for in cyber insurance coverage

Whatever policy you choose should give you the protection you need based on the types of risks you face.

Bear in mind that levels of cover can vary significantly, ranging from £100,000 up to £5 million although this can be increased if your needs are particularly complicated.

Identifying your cyber insurance needs is also a good opportunity to review existing security measures such as firewalls and malware detection.

Plus, don’t underestimate how important it is to ensure employees are aware of the different types of cyberattack. In particular, staff should be on high alert for phishing scams which can give hackers and criminals access to sensitive information.

What can I do to minimise the risk of cyberattacks?

Cybercrime is constantly evolving and as the latest government survey highlights, incidents are becoming more frequent.

To ensure your business stays one step ahead, a wealth of information is available, including:

• Cyber Essentials – this is a government backed scheme that encourages best practice to help you protect your business from common cyberattacks.
• Undertake a cyber security audit
• National Cyber Security Centre – a centralised resource for advice and guidance on all digital security matters.
• Crime reporting and sharing agencies – a number of organisations enable individuals and businesses to report cybercrimes as well as offer a platform for information sharing such as:
  • National Cyber Crime Unit
  • Cyber Security Information Sharing Partnership
  • Action Fraud
  • Cyber Incident Response

Does my business need cyber insurance?

Cyber insurance can’t stop your business becoming a victim of cybercrime but it can help you manage the consequences and help your organisation get back on track.

Not having a policy could mean your business is expected to investigate any breaches, recover data and deal with customer concerns. All this can take time, costs money and can quickly exhaust the resources you have. With that in mind, can your business afford not to have cyber insurance?

If you want to find out more, head to our cyber insurance hub where you can explore case studies and policy highlights. For more bespoke advice, you can also contact a member of the team directly on 01603 218000.

Read more: Guide to cyber security incident response planning