What’s Cyber Insurance & How Can It Protect My Business?
If you’re reading this, there’s a good chance cyber security is already on your radar. That’s a good place to have it, because cybercrime is relentlessly on the up.
Data breaches, phishing scams and ransomware attacks fill the digital headlines. All of which begs the question: How do you protect your business from hackers and their devious, money-grabbing, data-stealing ways?
The harsh reality is that you can only do so much. Because hackers are usually one step ahead of the game, meaning all the tech and security protocols in the world won’t keep you safe. Plus, human error has a horrible habit of letting the hackers in.
What you can do, however, is to be ready for when cybercriminals strike. And that means having a plan. A clear idea of how to react means you minimise the damage a cyber-attack can wreak and give yourself the best chance of recovering quickly.
If you’re an IT expert who can stop an attack, get your systems back up and running, maybe negotiate a ransom and conjure money out of thin air to cover your losses while you can’t do business, then all well and good.
If not, that’s where cyber insurance comes in. It helps you through a cyber crisis in practical terms, as well as picking up costs and offering solid back up. It’s your very own magical IT expert with added benefits.
But where to start in picking a policy? And what does cyber insurance actually do? We’ll look at the answer to these and other questions next.
Pretty much everyone, these days, but even more so if:
The reality is that a cyber-attack can shut down your systems and website in an instant. It’ll mean you can’t do business, which in turn means you won’t be generating any revenue. Plus, you risk shedding customers and clients by failing to provide the service you promised.
Those people’s noses are going to be put even more out of joint if there’s a data breach involved. That’s because sensitive info can be sold on the dark web and used for identity theft. Worse still, there’s a chance of financial fraud if payment details are exposed.
Pretty serious consequences, then.
So, ask yourself: how well and for how long could your business function without access to servers, email, your website and other online processes. How long before you start losing customers? Not very long at all, probably. So maybe a good reason to think about that back-up plan.
Well, the stats speak for themselves. An October 2018 survey by insurer Hiscox found that nearly a third of small businesses (over 30%) had suffered a cyber breach in the previous year.
That’s a clue that hackers don’t care too much about size. Sure, if they get the chance to bag a load of data from a big operator, then bingo. But they’re also happy to pick up smaller data caches and encryption ransoms on a daily basis from the littler guys.
Guys like you, perhaps, with more easily breached systems. Because hacks = hard cash for cybercriminals. And pretty soon, all those smaller hacks add up to a much bigger pot very much worth their while going after.
Meantime, it’s businesses that end up on the losing side. Another of Hiscox’ findings is that cyber security incidents cost the average small business £25,700 last year in basic clear up costs alone (e.g. ransoms paid and hardware replaced).
And that’s without even taking into account indirect costs, like the damage done to reputations, and the potential loss of both existing and future customers.
So, an expensive affair all round then. And, considering how frequently cyber-attacks are hitting their mark, a real cause for concern.
In a nutshell, it’s insurance that cushions your business from the costly consequences of a cyber-attack. It can’t prevent your business from being hit in the first place, but it can help clear up the mess, and get your business back up and running again quickly.
Large corporations with massive budgets and particular needs will usually have bespoke cover, to cater for every eventuality. But small and medium-sized businesses can easily find the cover they need in an off-the-shelf policy – the advantage being that they’re quick and easy to buy.
Be aware though that not all policies are born equal, so always check that cyber insurance covers these basics:
Forensic help with identifying a breach, plugging the security gap, and repairing any damage to both software and hardware. This includes restoring data, networks and websites, and replacing or mending equipment.
If your files have been encrypted and a hacker is demanding a pile of bitcoins to unlock them, an expert negotiator to handle the situation. The ransom should also be covered.
If you’ve had personal data stolen, help in letting everyone affected know, and support with informing the regulator and managing any resulting investigation. You should also be covered for credit card monitoring plus legal costs and compensation if you’re sued by third parties.
If a cyber-attack stops you trading as normal, compensation for any drop in revenue you suffer as a result.
Choosing cyber liability insurance isn’t as straightforward as buying something that comes in standard format, like a 13-amp fuse. That’s because there are key differences between the various policies. And that means it’s important to look out for exactly what is and isn’t covered.
Here’s some things that might or might not be included:
Say a fraudster targets an employee with a bogus invoice. It looks just like one you pay regularly, but the employee doesn’t notice a few crucial bank details are different and makes the transfer anyway. The money disappears. Some insurers require what’s known as an ‘extension’ to the core policy to cover ‘social engineering’ cybercrimes like these.
Good policies will offer PR support and advice to help you through the crisis period and help preserve your good name.
Cover can include protection for if you accidentally infringe someone else’s copyright, say by digitally publishing a picture without getting the proper permission from the licence holder.
If, say, you store customers’ personal data in the cloud, and that data’s stolen because of a failure on the part of the service provider, you’re not usually covered. That’s because the loss is someone else’s fault.
And here are a couple of other things to check:
Some insurers require you to meet certain criteria in terms of tech security, data encryption and staff cyber awareness for a policy to be valid. Otherwise, a claim may not be paid. Equally, some will offer reduced premiums if certain standards are met.
Most cyber liability policies cover the UK and EU. If you work outside those limits, you’ll need to enquire about extending your cover.