What is cyber insurance and why is it important
With the growth in cyber attacks, businesses are increasingly turning to cyber insurance to provide an additional layer of security.Modern businesses are highly dependent on their technology. They have understandably come to expect accessible and reliable IT systems. This accessibility and reliability however can be severely compromised by a cyber attack. Businesses now operate in a landscape of growing cyber crime with hackers attempting to access business and personal data on a daily basis. In fact, since the start of the pandemic, cyber crime has increased by a staggering 600%.
The threat to businesses is very real. Unfortunately, many are ill-equipped to deal with the potential repercussions of downtime, data loss and even reputational damage. Cyber-crime is an area which affects all businesses, regardless of size. Whilst small businesses may feel they are less attractive to cyber criminals, the reverse is often true. Small businesses generally have smaller budgets and resources allocated to cyber security. This makes them an easier target to infiltrate. In fact, 66% of small businesses experienced a cyber attack in the last 12 months. Increasingly, businesses are turning to cyber insurance to provide additional protection. This type of insurance helps businesses recover in the event of a cyber attack. Standard insurance policies typically don’t cover the loss or damage of digital assets so cyber insurance can be highly advisable. We explore what cyber insurance is and how it can provide another layer of protection for your business.
What is cyber insurance?
Cyber insurance is a type of business insurance that protects from the financial losses associated with a cyber-attack. This includes damage or loss of information from your IT systems and networks. It helps to minimise the financial and business damage of a hacking attempt, covering costs related to data recovery, business disruption and system damage. As an aside, it is always worth checking whether your business already has some form of cyber insurance as part of an existing insurance policy.
What does cyber insurance cover?
There are two types of cyber insurance. Depending on the nature of your business, you can take out one or both:
- First-party insurance – this covers your business’s own assets. The policy pays out for direct and indirect costs if you lose money, data, software, intellectual property or customers to cybercrime.
- Third-party insurance – also known as cyber liability insurance, this covers the assets of others, e.g. your customers. For instance, hackers may steal your customer information and tamper with their systems. This third-party policy will cover any costs that you are liable to pay resulting from another firm’s cyber losses. This can include costs related to investigation, legal defence, damages and compensation.
As with all insurance policies, it is important to check exactly what is covered in the policy and the level of cover provided. Equally important is understanding what is not covered, typically potential future lost profits, long term loss of reputational damage or upgrades to your IT systems. Cyber attacks are evolving all the time and it may be that you fall victim to a new type of attack that did not exist when the policy was taken out. Check with an expert, such as a broker, as to whether you would be covered under such an event.
Complying with cyber insurance requirements
In order to purchase a cyber insurance policy, you may need to provide information regarding the security controls currently in place. This may include technical, procedural and human controls. We recommend working with your IT support company to ensure you have a full and accurate understanding of your security measures. It is paramount for insurers to have an accurate understanding of your cyber security measures, and indeed if anything changes. If you claim that security measures are in place when they are not, the insurer may not be obliged to pay any claims. In addition, some insurers offer discounts if your business has recognised cyber security defences in place. This includes the Cyber Essentials certification. Make sure your broker is aware of any such certifications. These certifications may not only lower your premiums, they also demonstrate your security commitment to customers, partners and suppliers.
Additional layers of cyber security
Cyber insurance offers a safety net, but prevention is always better than cure. It is impossible for a company to be completely secure from cybercrime. However, there are steps you can take to increase your protection. We recommend a multi-faceted approach to your IT security. This includes looking at your software and hardware, as well as IT policy and employee education. For more information, read our top tips on How to improve your IT security.
Final thoughts
There are lots of cyber insurance providers in the UK and this is indeed a growing industry. We strongly recommend working with your accountant, financial advisor and IT support company to determine the level of cover you need. Understanding how your organisation operates and the potential repercussions of a cyber attack is key. For more information on any of the above, please get in touch.