17th January 2019
Cyber insurance for business
What does Cyber insurance cover?
Cyber insurance covers the losses relating to damage to, or loss of information from, IT systems and networks.
Cyber insurance tends to fall into 2 sections of cover first party and third-party insurance
- First party insurance = covers your own business assets this may include:
- Loss or damage to digital assets (i.e. data & software programmes)
- Business interruption from network outage / downtime
- Cyber ransom – someone threatens to damage or release data if money is not paid to them
- Press notification – covers expenses for costs to notify customers of a security or privacy breach where there is a legal or regulatory requirement to do so.
- Reputation damage – arising from a breach of data that results in loss of intellectual property or customers
- Theft – Covers money or digital assets against theft of equipment or electronic theft.
- Loss of third party data - including payments of compensation to customers for the failure of software, systems or the denial of access.
- Security and privacy breaches – including investigation, defence costs and civil damages associated with the breach.
- Multi-media liability -
Why does my business need it?
No matter the size of your businesses you will likely rely on information technology (IT) and its infrastructure to run your business day to day.
Cyber insurance is there to protect you against the risk your business will be exposed to such as:
- Business interruption,
- Loss of Income,
- Damage management and repair
- Reputation damage to your business if your IT equipment or systems fail or are interrupted.
In 2018 new government figures show over 40% of businesses and 20% of charities suffered a cyber breach or attack in the past the 12 months. These figures rise to two thirds for large business.
The average cost of a cyber-attack / breach to a company during this period was £9,260 with some attacks costing significantly more.
The most common source of attack is fraudulent emails where cyber criminals:
- Attempting to coax staff into revealing password(s) or financial information.
- Open dangerous attachments.
- Impersonating an organisation online which leads you to provide information.
- Malware and viruses.
While you may have some protection against cyber crimes under one or more of your existing insurance policies such as commercial property, business interruption or professional indemnity insurance, businesses are increasingly looking to specialised cyber insurance policies to supplement their existing insurance arrangements.
This is particularly the case where businesses:
- hold sensitive customer details such as names and addresses or banking information
- rely heavily on IT systems and websites to conduct their business
- process payment card information as a matter of course
Managing cyber risks
As well as putting adequate insurance in place, it is important for you to manage your own cyber risks as a business. This includes:
- Evaluating first and third party risks associated with the IT systems and networks in your business.
- Risk assessment: Think of potential events that could cause any damage to your business or a third party business / your customer.
- Review your current controls and checking if they can be improved upon
- Assessing the potential events that could cause first or third party risks to materialise
- Analysing the controls that are currently in place and whether they need further improvement