Cyber-crime is an ever increasing, and very real, threat to businesses in the 21st century. As we come to rely more and more on technology and the internet, it’s only natural that these systems are going to come under attack.
We’re going to take a quick look at the types of insurance available to you, what they cover and how you could be leaving yourself at risk if you aren’t covered.
Cyber insurance essentially covers any losses relating to the damage to or loss of information from your business’s IT systems and networks. So, if your business relies at all on any IT infrastructure (which it almost definitely will do), then you are going to be exposed to the potential risks of cyber-crime, which can result in loss of income, reputational damage and damage to your IT systems themselves. In 2016 it was estimated about half of UK businesses were hit by cyber-crime in some form, with these breaches costing £1,570 on average, rising to as much as £19,600 for larger companies.
Whilst it’s true that your existing policies such as commercial and professional indemnity insurance might cover some aspects of cyber-crime, a specialised cyber insurance policy is definitely worth considering, particularly if you hold any sensitive information about your customers such as credit/debit card details or if your business relies particularly heavily on IT.
Cyber insurance should cover you for any losses or damage caused by a cyber-attack, but perhaps just as importantly, will also provide assistance in dealing with and recovering from the incident itself. However, there is a distinction to be made between first and third party cover, which might be covered separately.
First party cover includes all of your business’s own assets, such as loss or damage to your digital assets, any interruption to your business while your servers are down or any reputational damage that has arisen as a result of the attack.
On the other hand, third party cover includes the assets of others, usually your customers. This will include things such as security breaches and loss of third-party data, as well as the payment of compensation to any customers who have been affected by a breach.
You can buy cyber insurance either directly from an insurer, or you can go through a broker or comparison site, such as constructaquote.com.
Policies for SMEs are generally available with cover limits of between £100k and £5 million, but significantly higher limits are available for larger firms who have got more complex security requirements.
What else can I do?
Getting the right insurance is the most important step, but there are other things that you can do to protect yourself from cyber-crime. For example, you should conduct thorough risk assessments of all of your systems and assess the potential harm that could come to your business, before thinking of how you could improve the measures that are already in place. This post from the World Economic Forum goes into more detail about the ways in which a business can be protected.