You need cyber insurance if your business deals with a credit card and bank details and takes payments online. Or if it stores sensitive customer information such as names, addresses, banking information or other personal data. A security lapse on this private information could see you in breach of GDPR laws and facing legal costs and damages.
You also need to consider cyber insurance if you run a business that relies on computers and computer systems in any way. You may use a computer for as little as sending and receiving emails, but there is still a threat of hackers infiltrating your system and messaging all your contacts.
Have you ever received a scam email that looked like it had come from a friend? That could very easily have been sent from your work account to your contacts – i.e., your customers. And if they were to succumb to fraudsters, you could be held liable.
Cyber insurance can offer invaluable support both legally and financially if you did suffer a security breach and were chased for damages, just one of several protections provided in these policies.
Some business owners prefer to take the risk and depend on their other insurance coverages. While business interruption is one of the primary protections in cyber insurance, there are also standalone business interruption insurance policies that could give reasonable cover if a computer glitch or cyberattack disrupted trade. It depends on what’s covered according to the policy wording.
You may find commercial property insurance also provides enough peace of mind for you, if it is comprehensive enough to cover contents damaged by a cyberattack or network collapse, and you feel that is sufficient for you. If not, you need cyber insurance.
What is cyber insurance coverage?
Cyber insurance is a special package to protect against financial loss or unexpected costs due to malfunctioning IT systems or a cybercrime.
A range of problems can be covered by cyber insurance, such as theft, cyberattack, data breach, reputation management and business disruption. Some plans will also cover financial loss due to IT system failure – more and more companies are seeking out this coverage as well.
Cyber insurance can provide practical solutions to help a business get through a crisis, such as hiring a customer service team to answer phone calls from customers, as well as legal advice, IT assistance and public relations consultants. It offers expert help from legal and IT experts, as well as financial support if needed.
One example is if a hacker infiltrated an organisation and brought down its IT systems to demand a ransom. Legal experts would help the business negotiations with the criminals, while IT specialists would help recover documents and try to restore operations. Meanwhile, money could be paid out to the business to cover lost trade, and financial assistance could also be given to pay damages to any affected customers.
Why do I need cyber insurance?
If you use computers in your business, then you are at risk of cyberattacks of any kind. You are also exposed to the threat of business interruption, income loss, crashing IT systems and even reputational damage if computers fail.
It is wise to have cyber insurance if you have a large and complex computer system or if you deal with sensitive data, mainly payment information. Suppose you have a vast networked environment (i.e., many computers linked on an internal, private network). In that case, it is good practice to have cyber insurance to cover yourself if it suddenly breaks, and employees cannot do their jobs.
Although most policies will differ, be on the lookout for coverage that includes business interruption to compensate for the loss of trade due to a failed system or another issue that stops money from being made.
Suppose your company deals with payment information or lots of private information such as addresses. In that case, you could be liable for massive damages if details were leaked from your systems in a security breach or hack.
It is worth noting almost half (46%) of UK businesses reported suffering a cybersecurity breach over a 12 month period, according to a 2020 survey carried out on behalf of the UK Government.
How much cyber insurance do I need?
The amount of cyber insurance you need depends on your organisation’s size and the nature of your business. Factors such as your annual turnover and risks such as the type of data you hold and whether you have a private networked IT system, and how big that network is all play a part in a policy’s rigour.
As a general rule, you should always make sure business interruption cover is included in your policy.
Secondly, it is worth looking at the protection provided for privacy breach costs. Some policies protect against so-called ‘breach costs’ that cover the costs of dealing with a security breach, such as IT investigations, contacting customers, and legal fees.
Some cover the ‘privacy liability’, which is particularly appropriate for businesses handling personal information. It covers against infringement of privacy and provides legal costs and payments to claimants after a privacy breach.
Policies can also cover cyber extortion, the cost of restoring IT systems, and reputation management.