Insurance 16 March 2017

Insuring your small company against cyber attacks

cyber security
Cyber insurance helps companies recover from data loss owing to a security breach
In ten years time, cyber insurance will be as common to small business owners as any other insurance policy, writes founder and chairman at IT infrastructure consultancy BroadGroup, Philip Low.

A recent government survey estimated that the average cost of cyberattacks is between 65, 000 and 115, 000 for small businesses and between 600, 000 and 1.15m for larger organisations.

Cyber attacks against all business are increasing, and small companies are just as much a target as corporates, particularly in the areas of ransomware and email fraud.

With businesses increasingly dependent on IT and electronic data for their everyday activities, cyber attacks and failures can result in the complete failure of businesses or at the very least, force some to change their day-to-day activities.

According to government statistics, 10 per cent of organisations affected by cyber attackswere forced into changing how their businesses operated.

Data centres are integral parts of business operations and mitigating the risk of a data centre loss is critical.

While data centres offer stringent physical security measures industry watchers have previously aired concerns about whether cyber security is subject to the same level of due care and attention.

Cyber insurance is an option and an increasingly important way for businesses of all sizes to manage the threat of cyber crime however, less than 10 per cent of UK companies actually take out specific protection.

One might wonder why take up is so low. Incredibly, cyber insurance cover has been around for ten years but, it seems, many of us don’t have confidence in the types of products or services currently being offered.

In the US, mandatory notification laws for data breaches have encouraged businesses to take out insurance, and the UK is likely to follow when new EU data regulations come into force in 2018. These regulations outline how companies should react when they experience a data breach and threaten possible fines of up to 20m, or 4 per cent of the company’s annual worldwide turnover.

The basics

Cybersecurity insurance sometimes referred to as cyber liability or data-breach liability insurance is a type of standalone coverage. It helps companies recover from data loss owing to a security breach or other cyber event, such as a network outage or service interruption.

In general, cover against cyber theft or attack is roughly three times more expensive than general liability and six times more than property insurances. Insurers tend to offer a pricing structure that charges companies similar rates regardless of the underlying risk a factor that has discouraged take-up.

For many insurers and brokers, the technicalities of information security and the details of how to deal with a data breach remain a mystery. A good starting point is to determine the costs or expenses you think need covering and the types of incidents you want cover for.

Businesses should work with a cybersecurity-insurance broker who has proven experience and expertise in selecting a cyber policy. A specialist broker will save you time and help you find out what is right for your business.

This person may not necessarily be the same as one that provides your usual insurance. It is always advisable to provide a list of estimated expenses and costs that you might incur in the event of a data breach to them and discuss any exclusions that might be imposed that might prevent you from making a claim.

A policy for you


Business Law & Compliance