The basicsCybersecurity insurance ? sometimes referred to as cyber liability or data-breach liability insurance ? is a type of standalone coverage. It helps companies recover from data loss owing to a security breach or other cyber event, such as a network outage or service interruption. In general, cover against cyber theft or attack is roughly three times more expensive than general liability and six times more than property insurances. ?Insurers tend to offer a pricing structure that charges companies similar rates regardless of the underlying risk ? a factor that has discouraged take-up. For many insurers and brokers, the technicalities of information security and the details of how to deal with a data breach remain a mystery. A good starting point is to determine the costs or expenses you think need covering and the types of incidents you want cover for. Businesses should work with a cybersecurity-insurance broker who has proven experience and expertise in selecting a cyber policy. ?A specialist broker will save you time and help you find out what is right for your business. This person may not necessarily be the same as one that provides your usual insurance.? It is always advisable to provide a list of estimated expenses and costs that you might incur in the event of a data breach to them and discuss any exclusions that might be imposed that might prevent you from making a claim.
A policy for youThe right policy for your business, business model, industry, size and exposure is a complex exercise.? It is important to understand the kind of support being provided as part of the cover. Some policies provide a point of contact who will handle everything from the moment the insurer has agreed the claim, whereas others will let you manage the incident and decide which services you want to use from a list of suppliers. First-party insurance covers your business?s own assets.? Third-party covers the assets of others, typically your customers.? In some organisations that don?t have the people or experience to manage a data breach incident, a third-party supplier is usually a better option.
Other issuesAll policies have a set of exclusions, terms and definitions, but there are many other issues you should consider when managing your own cyber risks as a business. ?These include evaluating first and third party risks associated with the IT systems and networks in your business, assessing the potential events that could cause first or third party risks to materialise, and analysing the controls that are currently in place and whether they need further improvement. For small enterprises there are some simple policies available, but sometimes these raise more questions than they answer, as they do not always provide a long list of exclusions or terms and definitions. With detailed polices you should know better where you stand. Unfortunately, no two businesses are the same when it comes to cyber risks, therefore it is key to understand the cyber risks your business faces and to ensure your cyber policy is tailored to mirror those risks. Cyber insurance alone does not replace the need for good security practice and businesses should aim to be smart with their approach and consider the people, process, technology elements and physical security when it comes to protecting against cyber threats. Read more about the government’s ?1.9bn cyber security defence plan for businesses
Sign up to our newsletter to get the latest from Business Advice.