What is Cyber Insurance and does my business need it?
In the new digital age, one of the biggest threats to your business is a cyberattack. Most businesses these days are reliant on the digital world in one way or another, and even more so now that hybrid-working and working from home are commonplace in the UK. This means that we’re all more at risk than ever of becoming vulnerable to cybercrime.
Cybercriminals don’t discriminate, and they can impact all types of business. Whether you’re a small start-up, or a multinational corporation; there’s no hiding from this lurking, online threat. With the National Cyber Security Centre (NCSC) reporting that they assisted with a record number of incidents last year, the potential for cyber-attacks is higher than ever.
One of the biggest problems with cyber threats is that they are so varied, often sophisticated, and constantly adapting; so it’s challenging to stay up to date with potential risks. If your business is hit with an online security breach, then it also requires a certain level of expertise and technical know-how to successfully deal with it. Which is something that many business owners, or employees may not have. This can mean that your business can take a while to get back on its feet. Or, worse yet, your reputation has been severely impacted and your business struggles to recover.
With cyber-attacks affecting many small businesses, self-employed people, and large corporations every day, it makes sense to keep on top of the threat and get your business protected with Cyber Insurance.
If you’re worried about a GDPR breach causing a data disaster, financial fraud, or just simple human error; for example, accidentally opening a dodgy email attachment. Taking out cyber insurance is a smart precaution. There are some situations in which turning it off, and turning it back on again just won’t work.
What is Cyber Insurance?
Cyber Insurance is sometimes referred to as cyber risk insurance or cyber liability insurance. It’s a type of Commercial Insurance that is designed to protect your business from various cybercrimes.
Cyber Insurance can help to minimise disruption to your business by covering costs if your systems go down, or you have to stop trading for a while. It can help to get ahead of and manage the situation with experienced incident responders, in order to repair your reputation and reduce damage to your brand name. And it can also serve to identify areas of weakness within your current security system, and provide guidance on how to defend against potential future threats.
What does a Cyber Insurance Policy cover?
There are two main types of Cyber Insurance that you could get; First-party insurance, and Third-party insurance.
First-party insurance can cover the businesses own assets; such as costs relating to interruption to business, loss or damage to digital assets, cyber exhortation, and reputational damage. This policy can also cover the cost of emergency response efforts, such as notifying your customers of the breach as quickly as possible.
Third-party insurance can cover the assets of others, usually your customers. This type of policy can offer cover for investigations into breaches as well as legal costs associated with the security breach. This policy can also cover compensation payments to customers, and any legal costs incurred by defamation suits and related defence costs. So in the event that your systems are hacked, and your customers data is stolen, Third-party insurance can offer protection for costs that you would be legally liable to pay.
Why does my business need cyber insurance?
A 2020 Government report stated that almost half of UK businesses reported having a cyber-attack or data breach in the previous 12 months. This ranged from small businesses, self-employed people, medium size enterprises, large corporations and large charity organisations. Whilst small businesses are less likely to be targeted, they are much more vulnerable. This is because it will be difficult to recover from the financial losses and reputational damage.
Let’s say that you took up woodworking in the lockdown, and your house became covered in miniature wooden figures. You’re running out of room to store them, your kids are tripping over them, and your dog keeps eating them. So you decide to open an online store to make some extra money for rainy days. Your customers order and pay for the mini figures through your online store, so you collect and store their credit card information, their names and their addresses.
An opportunist cybercriminal can hack into your store, and steal all of your customers' confidential information. In addition, they can take your website down and then demand a ransom in exchange for the stolen customer information. As a small business, this can be a nightmare scenario.
Unfortunately, this scenario is far more common than you might expect. If you’re not insured, this can cause a lot of emotional distress and a big financial hit. What’s more, the General Data Protection Regulation (GDPR) states that a company can be fined up to 20 million Euros, or 4% of its annual turnover, if their customers’ ‘personal identifiable information is lost, stolen, or leaked’.
Taking out Cyber Insurance means that you’ve got someone in your corner. It can really provide peace of mind that if an attack or breach were to happen, then help, advice and crisis management can be a phone-call away. So, your business can start to recoup its costs, get customers back onside quickly, and continue trading and making money.
What else can I do to protect against cyber threats?
Even the most tech-savvy amongst us can have our heads in the clouds and fall victim to a cyberattack. Getting insurance is a step towards protecting your business from online threats. However, there are ways that you can manage cyber risks from within your business that are equally as effective. After all, you wouldn’t just insure your car, and then leave it parked on the street with the doors open.
In 2014, the Government launched Cyber Essentials; an industry supported scheme aiming to help organisations protect themselves from various online threats. This is a helpful place to start when looking at online resilience to threats.
There are various different threats that are becoming increasingly difficult to spot, so to help stop an attack, you need to know what to look out for. Some of the most common threats are; Malware, Phishing, Hacking and Ransomware. This guide is highly informative, and highlights the top 10 common types of cybersecurity attacks. This can be a really helpful guide for business owners and employees alike. It can be useful in spotting email scams, or even helping you to think twice before clicking on a link or opening an attachment from a suspicious account.
Another wise practice is to keep your antivirus software up to date and to make sure you’re operating with the latest version. The antivirus software changes and evolves almost as quickly as the hackers do, so it’s really critical to keep on top of it. Depending on the size and budget of your company, and what sort of data you might be responsible for, it’s possible to use ethical hackers to test your defences. These ‘white-hat’ hackers will hack into your systems with the aim of exposing your weak spots. This means that you know where you’re vulnerable, and can work towards building a better defence system.
Something that all companies can do is to control who has access to sensitive data. By limiting the amount of people that can handle private data, there will be less opportunity for human error. It’s also smart practice to use safe and secure passwords, and to update them frequently. Did you know that the average 8 letter password can be cracked in less than six hours? And yes, even the ones with uppercase letters, special characters, and numbers! Researching hard to crack passwords, and having different passwords for each account can be really useful in keeping secure.
Make sure that your business is protected against online, digital risks from the inside and beyond. Check that you’re doing all that you can to make your business safe in the big, bad digital world by assessing your existing security. And for extra peace of mind, get in touch with us to get a cyber insurance quote. Talk to one of our helpful advisors to find out which policy would be a suitable fit for you. Unfortunately, cybercrime isn’t something we can simply delete and empty from our recycle bin.