• Catherine France

Could Cyber Insurance Save Your Business?

Updated: Jul 13, 2020

You might think that your business would not be affected by a cyber attack but in reality, we are all reliant on technology and most businesses in the UK now use the internet, email or cloud technology to run your business.

The Association of British Insurers (ABI) revealed that just 11 percent of businesses have a specific cyber insurance policy in place. However, 99 percent of claims made on ABI-member cyber insurance policies in 2018 were paid out.

This increases the vulnerability of each business to electronic security threats. A UK government report found that 60% [1] of small businesses had suffered a data breach in the last year; a further 16% of small businesses experienced a 'denial of service' attack, effectively making their computer systems unusable.

Is there a risk to your business?

What would you do if someone hacked your business – to put out messages on social media for example – would you know how to stop them and repair the reputational damage?

Or you came in and switched on your computer and there was no response except for a ransom demand? Who would you call? Would you pay?

How quickly could you get your business up and running again after a cyber-attack?

In most small and businesses, the responsibility for data lies with the owner of the business. The loss of personal or customer datacan bring significant financial loss and/or prosecution.

Any attacks could also significantly impact your cash flow and impair your ability to run your business. If you

  • hold personal customer details such as names and addresses and banking details

  • are heavily reliant on computer systems to conduct its business

  • have a website

  • is subject to a payment card industry (PCI) merchant services agreement.

then you could be vulnerable to a data breach or loss of vital business services.

How do you protect your business?

Here are three simple steps for protecting you and your business;

1. Identify and understand the risks - understanding the exposure of the business enables a number of bespoke precautions to be put in place such as;

  • prepare a business security plan,

  • encrypt all sensitive data,

  • secure wireless networks,

  • install and maintain anti-virus software and firewalls,

  • restrict employee usage of non-business elated web sites and

  • carry out daily backups of data.

For more tips also read - What the Hell is Cyber Insurance?

2. Planning ahead – create and maintain a robust Business Continuity Plan (BCP) including identifying the potential threats to the business, evaluating the threats and determining the action required to minimise the effect that any resultant losses will have on the business.

A BCP will help to reassure staff, customers and suppliers that there are effective plans in place to manage if you are subject to a cyber-attack.

3. Cyber Insurance - A Cyber Liability policy will fill the gap in the protection of your business by including your own losses (first party) and third-party losses (claims against the business by others).

  • First party protection covers your businesses for costs of notifying customers and regulators and will also include network interruption to your computer systems which cause your business to be disrupted with the resultant loss of revenue.

  • Third party exposure involves the financial risks relating to loss or breach of personal or confidential information contained on your systems and protects you against claims for damages from data subjects resulting from the loss of their confidential information.

How much cyber insurance do I need?

Insurers and brokers will ask you a series of questions to help work out the level of cover you need, the sorts of things they will want to know are;

  • your business’ turnover

  • number of devices you use to run your business,

  • number of employees

  • the number of records you hold in the following categories; personal data, sensitive date and financial/payment data

According to global broker Aon the average cost of responding to a data breach is £110 per record.[3]

If you are the victim of a data breach and all of your 10,000 records are compromised. You will probably be required to write a letter to each of them to report this (a letter is needed because the worst thing a business can do after a data loss is to email their clients to report it). At 65p for a first-class stamp, that’s a £6.5k hit to your cash flow gone before the business even starts to look at the other legal costs.

How much would a cyber-attack cost the average small business?

Breaches of cyber security cost the average small business £25,700 in 2019, including costs such as ransom payments and hardware replacements. On top of this, there were indirect financial factors, such as managing damage to reputation and the cost of losing customers.

How much does cyber insurance cost?

Cyber liability insurance can cost vary, depending on what you do, the type of policy you choose and what level of cover you require and if you want additional cover for things like financial crime.

If you’re a sole trader with a basic turnover, cyber liability insurance can cost as little as around £8 a month. A lot less than the £25,700 Hiscox quote it costs the average small business to get back to normal after a cyber-attack.

Insurance Octopus quote a figure of £182 per year for their cyber insurance policy, as a rough guide. [4]

Cyber insurance represents excellent value for money. Cyber incidents and data breaches can cost your business a lot more than simply a hit to your finances. Huge penalties under data protection laws, regulatory fines, reputational damage, and loss of business are just a few of the potential consequences of a cyber-attack and are all things that cyber insurance can protect you against. [4]

Questions to ask when buying cyber insurance

When looking for cyber insurance, make sure you check the details, the following questions provide a quick guide to some of the main areas;

  • will your provider be able to offer immediate support in the event of a cyber-attack?

  • will you be covered for both targeted attacks on your business as well as wider attacks you’re caught in?

  • will your policy update automatically as new threats appear?

  • will you be covered for mistakes made by employees?

  • could you introduce more security to lower premiums?

  • will claims affect future premiums?

  • is the cover standalone or part of an overall policy (standalone cover can be more comprehensive)?


If you need more information about insurance for small businesses download my FREE guide 10 Types of Insurance Every Small Business Needs here - http://eepurl.com/gi4-hb

You can also find me on Twitter, Facebook and LinkedIn.


Sources: [1] Hiscox [2] Bytestart[3] Aon Cyber Calculator [4] Insurance Octopus

46 views0 comments