Does my business need cyber insurance?

A business needs cyber insurance if it deals with a large amount of private or sensitive data, or if it uses payment card information. A business may also need cyber insurance if it has a large computer network which would cause significant interruption to trading if it was to malfunction. In fact, any business that uses computers or computer systems can benefit from cyber insurance, according to NimbleFins (source: https://www.nimblefins.co.uk/business-insurance/cyber-insurance).

Other types of business insurance policies may cover some aspects of cyber insurance, so in some cases, a separate policy might not be required. For example, business interruption is a core principle of cyber insurance, but a standalone business interruption policy may offer enough protection. Likewise, comprehensive commercial property insurance may provide enough cover for contents.

But businesses should check the extent of those policies before discounting a separate cyber insurance policy. Those that handle a lot of personal data, such as addresses, health and banking information, are particularly at risk to cyberattacks. Ransomware attacks – where a hacker will corrupt a system or steal information to try and extort money – are increasingly prevalent.

The average cost of putting right a ransomware attack was found to be $732,520. This rose to $1,448,458 for those who paid a ransom, according to the State of Ransomware 2020 report – a major survey questioning 5,000 IT managers across 26 countries.

Researchers, who asked 300 IT managers from the UK as part of the study for Sophos, found the most successful ransomware attacks included data in the public cloud. A total of 59% of incidents which involved encrypting data occurred on the public cloud (source: https://secure2.sophos.com/en-us/medialibrary/Gated-Assets/white-papers/sophos-the-state-of-ransomware-2020-wp.pdf). It is therefore worth considering cyber insurance if a business uses the cloud to store information.

Even if a business does not hold personal data it may still be worth investing in cyber insurance if a large number of computers or a complex internal network is used for day-to-day work. Cyber insurance often covers the cost of experts investigating and fixing broken networks or systems, which can be invaluable to resume trading.

Legal support following a cyber breach was the most common cyber insurance claim of 2020, according to a Government survey, and this could provide peace of mind for many businesses (source: https://www.gov.uk/government/publications/cyber-security-breaches-survey-2020/cyber-security-breaches-survey-2020).

What does cybersecurity insurance cover?

Cybersecurity insurance covers a range of situations that can occur as a result of cybercrime or an IT system malfunction. They include being the victim of a hack, data or security breach, virus, or IT network failure.

Each policy can vary in protection, but all should cover business interruption which provides payments to compensate for the loss of income due to the computer issue.

The most-used aspect of cybersecurity insurance is access to legal expertise with 73% of businesses with cyber cover using this part of their policy, according to the UK Government’s Cyber Security Breaches Survey 2020.

A list of first-party protections – i.e., those directly affecting a business – includes:

Cyber extortion: When systems are locked by hackers to demand a ransom, cybersecurity insurance can provide legal and practical advice and can sometimes even cover the cost of the ransom, although payment is not often advised.

Restoring computer systems: If an unexpected problem that wasn’t a business’ fault downs computer systems experts can be hired to get networks back up and running.

Recovering lost data or programmes: Experts can come to the rescue of a business to repair systems and restore lost documents.

Investigations: To find the source of a cybercrime incident.

Managing an attack: Legal and other expert advice and assistance to help navigate the law and get systems up and running. This could be whether a business is the victim of a hack, data or security breach, virus, or IT network failure.

Notification costs: Covering the expense of notifying customers or other third parties of a data breach.

Reputation management: For example funding a PR campaign or paying for free credit monitoring or credit protection services for affected customers.

Business interruption: This is the core policy in cyber insurance and covers loss of income or profits when a cyberattack or IT incident prevents trade from taking place.

Third-party protection covers costs relating to third parties such as customers. This can be invaluable in protecting a reputation and includes:

Media liability: Covering investigation, defence and damages if a third party has a claim of defamation as a result of private information published in the media.

Privacy protection: If a security breach means a third party’s right to privacy has been affected, insurance can cover legal defence costs and settlements.

How to tell if your business needs cyber insurance

Industries regularly targeted by cybercriminals are those which operate in healthcare, education, retail, education, transport, financial services, construction, and public services.

Businesses which rely on IT systems or websites to carry out their trade will want to look at cyber insurance.

If a business stores or uses a lot of personal and private data it is worth considering cyber insurance.

Cyber insurance is particularly important if a business deals with payment information as cybercriminals are particularly tempted to exploit this vulnerability. A business faces paying out potentially expensive damages to affected customers or demands for a ransom of thousands of pounds.

Organisations that feel they would benefit from access to legal advice and work, IT expertise, plus peace of mind that financial assistance will be provided if their trade was interrupted, will benefit from cyber insurance.

Which businesses don’t need cyber insurance?

Some businesses feel they don’t need cyber insurance if they have sufficient coverage with other policies such as contents insurance, business interruption insurance or professional indemnity insurance.

While business interruption is the key clause in cyber insurance, standalone business interruption insurance may provide enough protection from loss of income or increased costs due to a cybercrime or IT system failure.

Comprehensive contents insurance may cover digital asset replacement if a hack corrupts devices or makes them inoperable.

Professional indemnity insurance could cover compensation and legal fees related to losing data or negligence claims.

It is personal preference as to whether a business feels it is worth taking the risk of not having cyber insurance. Businesses should consider the risk of data being stolen or corrupted, and the extent of trade being interrupted if a computer system was to break.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Does my business need cyber insurance?

Image Partners

Need to contact our team?

Disclaimer

WP AutoTerms Legal Pages