The world is under a constant bombardment of cyber-attacks from cyber criminals. From hacks and distributed denial of service (DDOS) attacks to phishing emails and those pretending to be others within your organisation. We all have elements of cyber risks, however the potential benefits of having cyber insurance may not be realised by many.
We have looked at some of the common misconceptions a business may have for cyber insurance.
You have invested heavily in IT security– this is excellent and certainly helps, however would you be able to afford to pay out should something slip through the net?
Your IT company/department will sort all that – having a specialist team on hand means they should be able to assist in some areas with your systems, software recovery and may be able to analyse what has happened however much of this is after the cyber event has taken place. However, the IT company will not have been able to place a cyber insurance policy on your behalf to cover your other exposures, some of which are mentioned below.
It is a cost you feel you cannot justify at the moment – costs for everything appear to be on the rise and profits/balancing the books are very important. In most instances for small to medium sized businesses, the cost of a cyber incident will outweigh the costs involved to obtain a cyber insurance policy. However with an estimated 22% of businesses and 14% of charities have experienced cyber crime in the last 12 months1, could you afford the cost of a breach or attack?
There is the invaluable reassurance of having a team of experts at hand to work with and guide you through the event, ensuring you are up and running as soon as possible and with as minimal possible disruption. Without them you are effectively on your own and will need to source the services and support that a cyber insurance can provide. This will be at your own expense with some investigatory/data mining costs alone potentially running into a very high bill.
Dependent on your requirements a cyber insurance policy can cover the following examples. Please note these are a few of the more common examples however a stand-alone cyber policy will cover much more.
Data Breaches – data breaches can be anything from a stolen/misplaced laptop or paper files to a cyber criminal/hacker gaining access to your systems. It can be a misplaced email containing personal/financial information or of course a deliberate act by cyber criminals who have gained access to your mailboxes. Even if an email is not sent by the cyber criminals the data within the mailboxes has still been breached and has probably been copied.
A cyber policy will provide you with an incident response team to guide you through your obligations under current data protection legislation. This can involve the internal assessment of the severity of the breach, notifying each and every affected party and also the submission to the ICO (Information Commissioners Office) of the event within the required tight deadline of 72 hours to avoid a potential fine and further ICO action/investigation. There may also be the need to manage PR (Public Relations) communications to help minimise the reputational impact a cyber incident like this can have on your organisation.
Ransom Demands – all computers on your network are suddenly locked with a message demanding a payment for the return of the systems/data and the additional threat of damaging/destroying your systems/data and publishing your customer/client information online.
A cyber policy will provide experts to rectify this situation, retrieve your access and to potentially negotiate with those holding you to ransom with the intention of restoring your operations as unaffected and as soon as possible.
There is also the threat of ever-increasing ‘social engineering fraud’; where fraudsters use manipulation and psychology to gain access to your systems or information. For example, fraudsters posing as a member of your organisation and succeeding in requesting funds, only for the money to never be seen again.
A cyber policy can cover these events to investigate how the incident occurred and to compensate you.
Not every cyber insurance policy will cover all of the above examples. You should discuss your requirements and policy cover with our team to ensure you are appropriately covered for your needs.
1 Source: The Department for Science, Innovation and Technology: Cyber security breaches survey 2024