• Catherine France

What the hell is Cyber Insurance?

Updated: Jul 13, 2020

Do you use a computer to run your business? What would happen if your laptop was hacked or stolen? Could your cash flow cope? Could you afford an IT consultant to help fix things in a hurry?

The number of threats to your business is on the rise, and with cyber-crime making up more than 50% of crime in the UK, you will likely become a victim. This could be as a result of a theft, for example, someone pinches your laptop but more likely it will be a phishing scam or hacker that gets hold of your data.

Government research has found that just 11% of businesses have taken out specific cyber security insurance policies.

As businesses become ever more reliant on technology, the risk of suffering a loss related to problems with computer systems or holding customer data continues to grow.

It could be that your business holds personal information on clients or customers, including names, addresses and banks details. Maybe your systems and data are held on physical servers or in the cloud. Or perhaps you are reliant on a website for the running of your business. Damage or unauthorised access to any of these could lead to reputational damage and legal or regulatory costs.

Cyber insurance can help protect you, by covering the cost of repairing your system and restoring your system, data and website as well as covering the legal costs if you are sued. Insurance can also cover the reputational damage and the cost of temporary equipment to cover lost revenue.

You may need cyber and data risks insurance if you:

  • hold sensitive customer data, such as names, addresses or banking information

  • are reliant on computer systems to conduct your business

  • have a website

  • are subject to a payment card industry (PCI) merchant services agreement.

Sadly, this is the biggest risk to your business, and the main cause is human error, you click on a link that lets them into your system and before you know it, they have your data.

A claim of this type has several elements, the privacy aspect, the security aspect and the incident response element.

If you suffer a cyber breach, having cyber insurance can make the recovery process as straightforward and rapid as possible (however it is still likely to take a number of days or weeks depending on the severity of the incident). Many insurers include technical assistance with managing a breach as part of the insurance policy – if so, get in touch with them as soon as possible after the breach is discovered.

Cyber insurance policies are split into two sections – first-party and third-party cover. First-party insurance covers your business’s own assets. This may include:

  • Loss or damage to digital assets such as data or software programmes

  • Business interruption from network downtime

  • Cyber exhortation where third parties threaten to damage or release data if money is not paid to them

  • Customer notification expenses when there is a legal or regulatory requirement to notify them of a security or privacy breach

  • Reputational damage arising from a breach of data that results in loss of intellectual property or customers

  • Theft of money or digital assets through theft of equipment or electronic theft

Third-party insurance covers the assets of others, typically your customers. This may include:

  • Security and privacy breaches, and the investigation, defence costs and civil damages associated with them

  • Multi-media liability, to cover investigation, defence costs and civil damages arising from defamation, breach of privacy or negligence in a publication in electronic or print media

  • Loss of third-party data, including payment of compensation to customers for denial of access, and failure of software or systems. [1]

How Can You Reduce the Risks of a Cyber Attack?

As well as putting adequate insurance in place, it is important for you to manage your own cyber risks as a business. This includes:

  • Keeping your apps and devices updated ensures they are protected against the latest malware which can infect your devices.

  • Be careful clicking links or downloading content from emails if they don’t seem to be from who they say they are or the tone is a little off then be cautious and don’t click on any of the contents.

  • Change your passwords and consider using a password keeper like Dashlane or Lastpass which will store and generate complex passwords for you across your devices. Tip: if you use McAfee they have a free version called TrueKey.

  • If transferring money make sure you check the details thoroughly and if you receive a phone call or an email asking for sensitive information such as your complete credit card details, it is likely to be fraudulent. When it comes to staying safe online, it’s better to be safe than sorry - instead of responding, call the company directly on their verified phone number to check the authenticity; they will be able to confirm if it is legitimate or not.

How much does Cyber Liability insurance cost?

The rather annoying answer is, Cyber liability insurance can cost as much or as little as you like, depending on what you do, the type of policy you choose and what level of cover you require – much like any other type of insurance.

But if you’re a sole trader with a basic turnover, cyber liability insurance can cost as little as £10 a month. That’s a whole lot less than the £25,700 Hiscox estimate it costs the average small business to get back to normal after a cyber-attack. [2]

Where do I buy Cyber Liability insurance?

By shopping around, as you would for anything else – using Google as your starting point. Have a look at what the various insurers have to offer – what their policies cover, how much they cost, any conditions and, of course, their user satisfaction stats.

“And always remember that the devil is in the detail.”

Better still, go to a broker who knows the ins and outs of cyber liability insurance. They’ll do all the legwork for you and find you a policy that’s exactly the right fit for your business. [2]

What should I ask insurers or a broker when I am buying Cyber Insurance?

When looking for cyber insurance, make sure you check all the same kind of details you’d usually think about when buying a policy. Here are some questions to help you get started:

  • Does the cover include immediate support in the event of a cyber-attack?

  • Will I be covered for both targeted attacks on your business as well as wider attacks you’re caught in?

  • Will my policy update automatically as new threats appear?

  • Will I be covered for mistakes made by employees?

  • Can I improve security to lower premiums?

  • How will my claims affect future premiums?

  • Is this a standalone policy or part of an overall policy (standalone cover can be more comprehensive)?

If you need more information about insurance for small businesses download my guide 10 Types of Insurance Every Small Business Needs here - http://eepurl.com/gi4-hb

You can also find me on Twitter, Facebook and LinkedIn.


Further Reading

1. The UK Government views cyber-attacks as a highest-level risk to national security, alongside terrorism threats. As such it has introduced a number of changes to help prevent cyber-attacks, including Cyber Essentials – a basic cybersecurity hygiene standard to help organisations protect themselves against common cyber-attacks.

2. Confused by the jargon – PolicyBee have put together a neat guide to the policy definitions - https://www.policybee.co.uk/blog/cyber-security-definitions-what-means-what


[1] https://www.abi.org.uk/products-and-issues/choosing-the-right-insurance/business-insurance/cyber-risk-insurance/

[2] Source: https://www.bytestart.co.uk/what-is-cyber-insurance.html

80 views0 comments