Cyber liability insurance is worth it not for just peace of mind, but also essential legal and IT help and advice if a business is struck by an online attack or incident. A small business, in particular, is less likely to have these specialists working inside its company already, and this assistance can be a lifeline in a time of crisis. For a small business, cyber insurance can be a critical lifeline in case of a cyber attack.
Cyber liability insurance is a specialist package of coverage that helps to get a business back up and running should it become a victim of a cybercrime or system outage. It also assists with fixing the after-effects of an attack or incident, with legal assistance, reputation management, and paying damages that are covered.
Research shows large businesses are more likely to identify as being the victim of cyber-attacks compared with small businesses. So small businesses could be particularly at risk as they may not realize they have been the victim of a cybercrime.
Which businesses need cyber insurance?
More and more businesses are feeling they need cyber insurance, with policies for small businesses rocketing between 2020 and 2021. The risk of cybercrime is not abating and this, coupled with the introduction of General Data Protection Regulation (GDPR), means many organizations are increasing their cybersecurity.
This is only a good thing – research shows that 39% of businesses were victims of a cyber attack in the last year. Shockingly 27% of victims say there is an attempt on their systems at least once a week. Thankfully those negatively impacted by data breaches have declined significantly since 2019 despite unrelenting attacks. This shows cybersecurity and insurance play an important role in protecting a business.
As a rule of thumb, cyber insurance is essential for businesses that take credit and bank card payments, plus hold sensitive and private data such as names, addresses, bank details, or health information. Those businesses that use a computer network, perhaps to assist with home working, or simply just to operate from one office, are also wise to consider cyber insurance. And if a business relies on computers to be able to trade then they too must look at cyber insurance.
Research has found an increase in smaller businesses taking out cyber insurance since 2020. While 43% of businesses asked had cyber insurance in 2021, this is an increase of 11% in a year, mainly down to smaller organizations. Many small businesses hold cyber insurance as part of a wider business policy.
Which businesses don’t need cyber insurance
Businesses that don’t need cyber insurance are becoming fewer and fewer as more move online. A small business may not think it has much a hacker would want, but even tradesmen who don’t work online send their invoices by email, with their bank account and sort code details available to be snatched by hackers.
The key question when deciding to rule out cyber insurance is this: Could a hacker gain access to your money or data, or your customer or other third party’s money or data with the information you hold on file? You may think you have sophisticated cybersecurity, but if it’s stored anywhere, even if it’s been mentioned in an email, you are vulnerable.
Incidents that could be covered by cyber insurance include:
- Phishing
- Ransomware attack/cyber extortion
- Virus
- Losing documents
- Network failure
- Theft of money
- Defamation from leaked information published in media
Cyber insurance provides either first party, third party, or both first and third party cover and includes:
- Business interruption cover to fund the loss of income and increased costs that arise from an incident. One of the world’s biggest cyber insurance providers, CNA Financial, had to shut down operations for three days while it investigated and made sure systems were safe again after it fell victim to a hack, insurance experts NimbleFins reported.
- Investigations to find the source of the incident.
- Managing an attack with expert legal and IT advise.
- Cyber extortion cover with practical advice if a ransom is ordered from hackers. Usually, the ransom is not covered by insurers and they will help to find a way around the ransom without the policyholder having to pay.
- Recovering lost data or programs.
- Restoring computer systems.
- Notification costs of telling customers or other third parties their data has been breached.
- Reputation management.
- Media liability if a third party has a claim of defamation as a result of private information published in the media. This is part of third-party cover rather than first party.
- Privacy protection if a third party’s data has been accessed, this third party cover funds damages, and legal expenses.