Liability & Indemnity

Insuring your small company against cyber attacks

Business Advice | 16 March 2017 | 7 years ago

cyber security
Cyber insurance helps companies recover from data loss owing to a security breach
In ten years time, cyber insurance will be as common to small business owners as any other insurance policy, writes founder and chairman at IT infrastructure consultancy BroadGroup, Philip Low.

A recent government survey estimated that the average cost of cyberattacks is between 65, 000 and 115, 000 for small businesses and between 600, 000 and 1.15m for larger organisations.

Cyber attacks against all business are increasing, and small companies are just as much a target as corporates, particularly in the areas of ransomware and email fraud.

With businesses increasingly dependent on IT and electronic data for their everyday activities, cyber attacks and failures can result in the complete failure of businesses or at the very least, force some to change their day-to-day activities.

According to government statistics, 10 per cent of organisations affected by cyber attackswere forced into changing how their businesses operated.

Data centres are integral parts of business operations and mitigating the risk of a data centre loss is critical.

While data centres offer stringent physical security measures industry watchers have previously aired concerns about whether cyber security is subject to the same level of due care and attention.

Cyber insurance is an option and an increasingly important way for businesses of all sizes to manage the threat of cyber crime however, less than 10 per cent of UK companies actually take out specific protection.

One might wonder why take up is so low. Incredibly, cyber insurance cover has been around for ten years but, it seems, many of us don’t have confidence in the types of products or services currently being offered.

In the US, mandatory notification laws for data breaches have encouraged businesses to take out insurance, and the UK is likely to follow when new EU data regulations come into force in 2018. These regulations outline how companies should react when they experience a data breach and threaten possible fines of up to 20m, or 4 per cent of the company’s annual worldwide turnover.

The basics

Cybersecurity insurance sometimes referred to as cyber liability or data-breach liability insurance is a type of standalone coverage. It helps companies recover from data loss owing to a security breach or other cyber event, such as a network outage or service interruption.

In general, cover against cyber theft or attack is roughly three times more expensive than general liability and six times more than property insurances. Insurers tend to offer a pricing structure that charges companies similar rates regardless of the underlying risk a factor that has discouraged take-up.

For many insurers and brokers, the technicalities of information security and the details of how to deal with a data breach remain a mystery. A good starting point is to determine the costs or expenses you think need covering and the types of incidents you want cover for.

Businesses should work with a cybersecurity-insurance broker who has proven experience and expertise in selecting a cyber policy. A specialist broker will save you time and help you find out what is right for your business.

This person may not necessarily be the same as one that provides your usual insurance. It is always advisable to provide a list of estimated expenses and costs that you might incur in the event of a data breach to them and discuss any exclusions that might be imposed that might prevent you from making a claim.

A policy for you

The right policy for your business, business model, industry, size and exposure is a complex exercise. It is important to understand the kind of support being provided as part of the cover.

Some policies provide a point of contact who will handle everything from the moment the insurer has agreed the claim, whereas others will let you manage the incident and decide which services you want to use from a list of suppliers.

First-party insurance covers your business’s own assets. Third-party covers the assets of others, typically your customers. In some organisations that don’t have the people or experience to manage a data breach incident, a third-party supplier is usually a better option.

Other issues

All policies have a set of exclusions, terms and definitions, but there are many other issues you should consider when managing your own cyber risks as a business. These include evaluating first and third party risks associated with the IT systems and networks in your business, assessing the potential events that could cause first or third party risks to materialise, and analysing the controls that are currently in place and whether they need further improvement.

For small enterprises there are some simple policies available, but sometimes these raise more questions than they answer, as they do not always provide a long list of exclusions or terms and definitions.

With detailed polices you should know better where you stand. Unfortunately, no two businesses are the same when it comes to cyber risks, therefore it is key to understand the cyber risks your business faces and to ensure your cyber policy is tailored to mirror those risks.

Cyber insurance alone does not replace the need for good security practice and businesses should aim to be smart with their approach and consider the people, process, technology elements and physical security when it comes to protecting against cyber threats.

Read more about the government’s £1.9bn cyber security defence plan for businesses

Related Topics

Public Liability and Professional Indemnity Insurance: What’s The Difference?
6 April 2023

Public Liability and Professional Indemnity Insurance: What’s The Difference?

Read More →
What Insurance Do I Need For My UK Business?
3 March 2023

What Insurance Do I Need For My UK Business?

Read More →
What is Product Liability Insurance and Do You Need It?
1 February 2023

What is Product Liability Insurance and Do You Need It?

Read More →
What is Employers Liability Insurance?
20 December 2022

What is Employers Liability Insurance?

Read More →
What is Public Liability Insurance and Why Do I Need It?
5 December 2022

What is Public Liability Insurance and Why Do I Need It?

Read More →
Product liability insurance claims: Here are the facts
18 September 2021

Product liability insurance claims: Here are the facts

Read More →

If you enjoy reading our articles,
why not sign up for our newsletter?

We commit to just delivering high-quality material that is specially crafted for our audience.

Join Our Newsletter