5 Reasons Why you are not buying Cyber Insurance and Should Be

Cyber insurance is a hot topic in the insurance world but so what?

I think this is relevant to small businesses who need more information about the risks they could face and why it is not just a case of backing up your laptop and crossing your fingers.

In 2018 a person is more likely to be a victim of fraud or cybercrime than any other offence [1] with fraud and computer misuse accounting for half of all crimes recorded the scale of the threat cannot be underestimated and you need to know how you can protect your business from the risks it faces.

There is not only the cost to consider but also the time you need to set aside to understand what your potential exposure is but also how to make sure that the insurance you buy will do what you need it to do in the case of a breach in security either by a hacker or a genuine mistake by you or a member of staff who inadvertently e-mail data to the wrong person.

It is perfectly natural to worry about whether you are making the right decision about buying a product and with that in mind here are some of the most common questions I get asked.

If you are not familiar with cyber insurance then this is a specialist type of insurance you can buy that would usually provide cover for the following costs which you might incur because of a cyber incident; cyber extortion, ransomware, breach costs, cyber business interruption, hacker damage, crisis containment and more.

You may need cyber insurance if you hold sensitive customer data, such as names, addresses or banking information, or if you are reliant on computer systems to conduct your business, have a website, or are subject to a payment card industry (PCI) merchant services agreement. Damage or unauthorised access to any of these could lead to reputational damage, legal and/or regulatory costs.

Concern 1: “I don’t need cyber cover”

Cyber-attacks affect companies of all sizes so protecting against this is paramount, if you are using computers in your business then you need to consider the potential costs of a breach or theft of this data. Could you continue to run your business without it? What is the impact on your clients? How long would it take to get back up and running? Could you afford to hire an IT company at short notice to fix this for you? Do you have the skills to fix a cyber breach? What would the reputational damage be to your company?

Most people don’t know they need the cover until they have a breach or data is stolen from them, without wanting to frighten you this is often too late, and businesses could struggle to meet the costs fixing the damage. This is where the insurance cover can help cover these costs and help every step of the way.

Concern 2: “I can’t afford it”

If you are not making much money or are in the early stages of your business I can see why spending money on insurance might be off the agenda. If you don’t buy the cover then you are effectively saying you can cover the risk yourself and the costs, but can you? Could cover the cost of crisis response, restoring the security of your IT system, restoring the data, covering any regulatory fines or damages, legal advice, public relations advice?

Many businesses would not be able to withstand these types of exceptional costs to their business and could fail as a result. It is worth having a look online to get a quote so you know what the potential monthly or annual costs would be, mine is £120 a year so at £10 a month I think that is money well spent!

Concern 3: “I don’t know how much it costs, but I know it is expensive”

So how much does cyber insurance cost? Well it can cost as little as a few hundred pounds a year but if a policy was going to cost £500 a year then it is less than £1.50 per day and with an IT expert or legal advice probably coming in at about that per day, this feels like a much better way to protect your business. There are a lot more insurers who are now selling cyber insurance so the premiums are competitive and it is worth finding out what the cost might be either from an online insurer or from your insurance broker if you use one.

Concern 4: “I don’t have the time”

It is great to be busy, but I strongly believe that if you want to do something you can make the time to do it. Many insurers now provide online quotes for cyber which you can do when it is convenient for you making this as painless as possible. What it is worth doing in preparation for getting a quote is to think about the data you hold, how it is saved, the IT security you have in place and know your most recent turnover figure, with that information it should be relatively easy to get a quote.

Concern 5: “I don’t know what cover I need”

There are various types of cyber-attack which you may find you are a victim of including; rogue employee, negligence, outsider threat (phishing, hacking, malware etc.) or 3rd party and vendor threat. You should think about what you would do if you were a victim of a cyber-attack and put in place a process to respond.

Cyber insurance can offer protection for cyber extortion, ransomware, breach costs, cyber business interruption, hacker damage, crisis containment, emergency support, legal advice, public relations advice and restoration of services. The cover provided by insurers differ from product to product and the amount covered or limit of indemnity can also differ from policy to policy, so it is wise to talk to an insurer or insurance broker who can steer you through the process.

Source [1]: https://www.techuk.org/insights/news/item/13518-ons-crime-stats-fraud-cyber-crime-still-dominate

I hope you enjoyed this blog post. 

You can also find me on Twitter @CathFrance or on LinkedIn Catherine France