Speak directly to our team
01603 218000
Speak directly to our team
01603 218000
  • Resources
  • Do you need cyber insurance to protect your...
Home
14 mins read
Guides and advice Self-Drive Hire Business & Commercial Insurance

Do you need cyber insurance to protect your self-drive hire business?

Over 600,000 UK businesses have experienced a cyber security breach or attack in the last year, according to figures from the government’s latest cyber security report. The survey also reveals increasing awareness that criminal tactics are becoming more sophisticated as technology improves.

1.12.25

By Jess Cliffe

Cyber insurance to protect your self-drive hire business

For firms that suffer a cyber attack (which covers a wide range of malicious activities targeted at your computers, networks, and data), the financial and reputational impact can be devastating.

Recent attacks on car hire firms across the world have highlighted the importance of protecting systems and business operations; here’s how you can stay one step ahead.

Why are self-drive hire businesses vulnerable to cyber attacks?

All businesses that store data are at risk of cyber attack. For self-drive hire firms, the risk is just as notable as the information stored is particularly sensitive or personal, including details such as customers’ date of birth, address, and driving licence number. If you’re allowing hirers to drive abroad, passport data and medical conditions could also be stored for insurance purposes.

Another area of vulnerability is the increasing use of sophisticated technology. Although technology is a means to secure cars, enhance overall safety, and improve customer experiences, it can also be used against firms. For example, remote immobilisation could be activated by criminals. Newer vehicles that connect to smartphones can also be used as a conduit to hack into customer devices and access personal information.

How likely is a cyber attack on my business?

Over the last 12 months, 43% of small businesses reported a cyber breach or attack. For medium and large businesses, that figure increased to 67% and 74% respectively. With that in mind, cyber attacks remain a significant risk to all businesses, regardless of size.

Two recent cyber incidents involving car hire firms show just how disruptive cyber attacks can be. In February 2025, Hertz confirmed a cyber security incident that affected tens of thousands of customers around the world. The attack gave criminals access to customers’ date of birth, driver's licence, and credit card details; some passport numbers were also accessed. An attack on Europcar in March 2025 also left up to 200,000 customers vulnerable, as sensitive and personal data was stolen.

How much could cyber crime cost your business?

The average cost of a disruption is estimated to be £1,600, but that increases to £8,260 when there is a clear outcome to the attack.

Costs can also come down to the nature of the cyber attack. For example, if your business is affected by ransomware (where criminals block access to your systems and demand a ransom), the demands can be staggering. A survey carried out by a cyber security consultant found the median ransom demand in the UK in the last year was £3.9 million.

What are the main types of cyber attacks?

Cyber attacks can take many forms, some more sophisticated and harder to prevent than others. Common techniques you’re most likely to see include:

Phishing

Phishing attacks happen when criminals try to trick you into giving them sensitive information, including usernames, passwords, and credit card details. Typically, they’ll do this by posing as a legitimate or trustworthy person or organisation, like a bank or government department. They will then use this information to pose as you or an employee and access your systems, where they can steal customer data or disrupt business activities.

Ransomware

Ransomware is a type of malicious software (malware) that encrypts data or locks your computer system, making it inaccessible. Attackers then demand a ransom (often in cryptocurrency) in exchange for the decryption key.

Ransomware typically spreads through infected email attachments and malicious links or by exploiting software vulnerabilities.

Malware

Malware (short for malicious software) is a broad term that describes various harmful programs designed to disrupt or damage computer systems (such as ransomware). Malware can be delivered through infected downloads, email attachments, or compromised websites. Once installed, it can carry out malicious actions without your knowledge.

Password attacks

Password cracking is often used to gain unauthorised access to information systems. It can include various techniques, such as phishing or simply guessing, using computer programs. This technique relies on weak passwords, so it’s important to remind staff to use unique passwords and multi-factor authentication.

SQL injection and zero-day exploits

Both of these are more technical in nature, so they may be harder to pinpoint by colleagues without any specific IT or cyber security knowledge.

SQL stands for ‘structured query language’ and it’s how developers communicate with databases. An SQL injection attack occurs when criminals embed a query into your database, allowing them to steal, manipulate, or delete data. If your firm relies on databases to store customer information, an SQL injection could cause chaos.

A zero-day attack uses an existing weakness within your device, network, or software. Criminals simply find the weakness and use it to gain access to your system.

Man-in-the-Middle (MitM) attacks

In MitM attacks, an attacker intercepts and often alters communication between two parties without their knowledge. This can lead to unauthorised access, theft, or manipulation of sensitive information.

In some sophisticated attacks, a criminal might redirect customer traffic to a fake website that enables them to steal sensitive data entered by customers. MitM attacks can be difficult to identify, but if you use online portals for car collection and pick-up, this could be a route attackers choose.

Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) attacks

DoS attacks overwhelm a system, network, or website with excessive traffic, making it impossible to access. DDoS attacks go a step further and involve multiple compromised devices working together to intensify the impact. These attacks aren’t necessarily designed to gain access to sensitive information, but to disrupt business activities instead.

Aggregators

Cyber criminals are increasingly targeting the suppliers and services used by multiple businesses, rather than directly attacking an individual business. Using many of the methods listed above, they will attack outsourced services such as payroll, HR, and IT, providing multiple opportunities for a successful breach.

How to prevent cyber-attacks

Cyber security can feel overwhelming, but there are plenty of practical steps you can take to help minimise risk and reduce the impact of an attack; for example:

  • Staff training – keep staff updated on the latest techniques and scams being used so they can avoid being duped. It’s also a wise precaution to train staff on what to do if an attack takes place.

  • Use strong passwords and multi-factor authentication – passwords should be unique, and where possible, multi-factor authentication should be in place for added security (this is normally a requirement of a cyber insurance policy).

  • Update systems and software – ensure all software and systems are regularly updated with the latest security patches. Also, be sure to update your anti-virus software and firewall.

  • Encrypt data – you can encrypt sensitive customer data you store so that it’s inaccessible to anyone unless they have the correct decryption key.

  • Implement network segmentation – this is when you limit who has access to specific areas of your network. This won’t necessarily stop an attack, but it can help minimise the impact by limiting damage.

  • Backup data – backing up data also won’t prevent an incident, but it can reduce the effect by ensuring you’ve got access to uncorrupted data.

  • Review suppliers – review the cyber security credentials and cyber insurance of contractors and suppliers you use.

  • Create a cyber security incident plan – this outlines the steps your business needs to take after a cyber attack. It should include details of key contacts and any regulatory bodies that you need to contact if GDPR rules have been breached. You can find out more about how to put a plan in place in our guide to cyber security incident response planning.

The importance of cyber insurance

Your business likely relies on far more systems than you realise. From customer databases to online booking systems and even third-party systems that connect to your network, all are potentially vulnerable to attack. But while precautions go a long way to help prevent a cyber breach, a cyber insurance policy can help you pick up the pieces if your business does experience an attack.

Policies vary across insurers, but can provide:

  • Proactive protection – many insurers will proactively scan your systems (and those of suppliers you use) for vulnerabilities, provide training, and security protection.

  • Business interruption – compensates you for lost income and any cost increases your business faces if it experiences downtime.

  • Data restoration – covers fees to professionally recover any lost or deleted data.

  • Breach investigation – pays costs related to finding the source of the breach or attack.

  • Damages for the loss of third-party data – covers any claim costs where your business is liable.

  • Crisis and PR management – covers expenses to manage your business reputation and the cost of notifying affected customers.

  • Regulatory costs – covers fines for an issue that is deemed legally insurable.

  • Theft of own funds – covers monies and other financial assets (including identity theft).

For SMEs, a cyber insurance policy can prove invaluable; one of the main benefits of a policy is the response services it includes, giving you access to specialists to help manage a cyber event – without a policy, you’d be left managing it yourself or looking for an IT specialist.

To find out more about how cyber insurance can help your business and to explore your options, speak to one of our experts on 01603 218000.

Find out more

The threat of cyber-attacks is growing, making cyber insurance a valuable investment for businesses alongside their self-drive hire insurance. By understanding the risks, implementing preventive measures, and securing the right cyber insurance cover, your business can help to safeguard its operations, finances, and reputation.

Don't wait until it's too late – take steps to protect your business from cyber threats today.

Speak to us:  01603 649744

Related guides and insights

8 mins
Cyber insurance

What is cyber insurance?

In todays connected world digital security should be high on the priority list. Here’s how cyber insurance can help keep you and your customers safe.

16 mins
What is self-drive hire insurance?

What is self-drive hire insurance?

If you hire out vehicles for members of the public to drive, then you must have self-drive hire insurance by law. These specialist policies cover vehicles while they are out on hire, as well as when they aren’t being used.

9 mins
Cyber security risks

Identifying and mitigating cyber security risks in your business

Human error accounts for 95% of all cyber breaches, while more than one in four businesses experienced a cyber security breach in the last 12 months. Here’s how to identify and mitigate cyber security risks for your business.

4 mins
Self-drive hire claims

Your guide to Self-Drive Hire claims

Read our guide to the claims process for our Self-Drive Hire policyholders.