A Guide to Cyber Insurance
Everything you need to know about buying cyber insurance
Cyber Insurance Brokers, John Morgan Partnership, provide a comprehensive guide to buying cyber insurance.
FLY:D on Unsplash
What is Cyber Insurance? And what does it cover?
Cyber insurance covers your costs following a cyber incident. This typically includes investigation and remediation costs, legal costs, data breach costs, your loss of revenue and any liability you have to third parties.
Are there any additional benefits?
Your cyber insurer will be your complete incident response and management solutions. This can include:
1. Forensic experts to diagnose and fix the problem.
2. Legal experts to ensure your legal interests are represented.
3. Data breach teams to assist with your regulatory duties, investigations and the costly notification process.
4. Public Relations experts to help you manage your message.
Your cyber insurer will act as a hub to coordinate your team of experts to get you back up and running as efficiently as possible.
Why should I buy it?
60% of small businesses fold within 6 months of a cyber incident. A reputation can take a lifetime to build and seconds to destroy. A cyber insurance policy can not only cover your loss of revenue and pay the costs to keep you trading but it can also help to shield you from the reputational harm a cyber incident can do.
Buying cyber insurance also demonstrates your commitment to protecting your supply chain and helping you to build a reputation as a trusted partner.
Top 5 frequently asked questions - with answers:
What are the different threats?
The list of attack types is extensive and varied but here are some of the most common:
- Malware - software such as viruses, Trojans and spyware.
- Social Engineering - an attempt to fraudulently acquire personal information, such as passwords and credit card details frequently using a phishing email.
- Ransomware - a type of malware that prevents users from accessing their system or personal files by encrypting them and demands payment of a ransom to regain access.
- Denial of Service - prevents the use of system services or resources usually by overloading the service with requests.
How could I be vulnerable?
You can be vulnerable in a number of ways through your website (domain registrations/certificates), your technical infrastructure (out of date services/known vulnerabilities/endpoint security) and policies and procedures (back up processes/incident response planning). But your biggest vulnerability is also your biggest cyber security asset – your staff. Up to 95% of incidents have a human cause and so building your cyber strategy around the human factor is vital.
I am an SME. Are businesses like mine a target?
The latest statistics show that one small business in the UK is successfully hacked every 19 seconds. Small businesses are a target because they have historically not placed the same priority on their cyber security as larger organisations. This means that often unsophisticated attacks can be successful.
This represents an opportunity for cyber criminals to obtain the reward for very little effort and so is an attractive proposition. In order to avoid becoming a target you must work smarter than your peers and invest wisely in your cyber risk management strategy.
Does cyber insurance only matter if I handle personal data?
Insurers have noted that cyber criminals are moving away from data theft and businesses which need operational data to function tend to start losing revenue quickly in the case of attack and often have limited security or back ups. This makes these sorts of businesses a popular target for cyber attacks such as ransomware.
Can I afford cyber insurance?
Cyber insurance premiums are decided using a number of factors about the organisation’s profile including industry, turnover and claims history. Some policies can cost as little as £122.00 for sole traders and small limited companies.
But cyber insurance should not be your only line of defence against cyber crime. You should also look at various risk management options to reduce your overall risk of attack which can have an impact on your premium. At the most basic level this can cost a matter of pounds per month and doing the fundamentals can keep you from becoming the low hanging fruit which is the cyber criminals’ target.
It could even be much more affordable than you think to take your cyber security to the next level with proactive threat hunting, penetration testing and consultancy. There are options to suit every budget and reduce your risk.
Some insurers are beginning to include various risk management tools free of charge to their customers to promote a healthy relationship between business and cyber insurers.
To survive a cyber incident you need to be able to adapt and this requires an ongoing assessment of the risks you face. You cannot afford NOT to have a cyber risk management strategy including robust cyber insurance in place.
A tip for buying cyber insurance
Make sure you understand the covers and the obligations of any policy. Be especially careful as cover for social engineering cover can often be excluded.
If you are unsure ask your broker. Buying cyber insurance should always be a conversation and you should feel totally confident in your cover.
Find out more about John Morgan Partnership here.