Your business may need many insurance policies; some are non-negotiable such as employers’ liability insurance which is a legal requirement or public liability and professional indemnity which may be required by your customers ad enforced upon you by contract. Other, more discretionary insurance policies may seem like a stretch, and depending upon your business, may seem unnecessary.
Cyber insurance is, in general, a non-mandated policy. Whilst it is being heavily promoted by the insurance industry, many companies question how a cyber insurance policy would be of relevance to them, particularly if they are not an “online” organisation.
Whilst most business owners are aware of cyber threats, especially when handling sensitive data, they don’t always understand how significant these risks can be and how the coverage under a cyber insurance policy works so as to protect them.
This article will discuss the importance of cyber insurance for small businesses and what you need to know about cyber insurance.
What is Cyber Insurance?
Cyber insurance policies are designed to protect your small business from financial loss in the event of a cyber breach or attack.
In a world that is growing ever reliant on technology for its central business operations, it is no surprise that risks posed by cyber threats and online data leaks are becoming increasingly more troublesome. Following the COVID-19 pandemic, more and more businesses have moved to remote or hybrid working conditions, moving their operational infrastructure online through various cloud storage platforms. Businesses owe have a duty of care to their customers and they must ensure procedures and policies are in place to properly protect their customer data.
Unfortunately, no matter how tight your policies and procedures may be, cyber-attacks are hugely prevalent. Even the most secure businesses have been subject to the devastating repercussions of cyber breaches and attacks. Consequently, companies have found themselves with substantial financial losses. In fact, according to Cyber Security Breaches Survey 2022, 39% of UK businesses have identified a cyber breach within their operations in the last 12 months, and for small businesses, this results in a loss of around £4,200 for each attack.
Is Cyber Insurance Important for MY Business?
Due to the sheer number of cyber criminals in operation, almost every business is at risk of a cyber-attack at some point in the life cycle. Clearly the likelihood of being targeted, the propensity for the attacks to be defended and the severity of the ultimate loss will vary from business to business based on size, sophistication and nature of trade but the risk is very real. Proper consideration should be given to the impact on your business if you were the subject of an attack. Would it mean immediate loss of revenue, significant reputational damage or simply some general inconvenience.
Once you have determined where you principal exposure lies you can start to review how a cyber policy can protect you. There are two types of cyber policies that can protect you: First-party cyber insurance and third-party cyber insurance.
First-party insurance covers your business and any losses you may suffer as a result of a cyber-attack. This includes such things as your operating, money, data, customers and intellectual property.
Third-party insurance covers the people and businesses outside your company who may have been impacted by these cyber incidents. These are usually your customers but could also be your suppliers, partners, or more widely anyone you have interacted with and about whom you hold information. This section will protect you against costs of defending a negligence claim as well as any ultimate award made against you by a court.
While smaller businesses may not think they are top of the list for cyber criminals compared to large corporate companies, small organisation are often the easiest to attack, which does in fact make them high-risk. These attacks can come in varying forms from phishing, malware, ransomware, and direct hacking.
What isn’t covered by cyber insurance?
As with all insurance policies, it is essential to note what isn’t covered under your cyber insurance policy. While each specific policy will have differences, generally, the following will not be included:
- Technology Upgrades – following a cyber security breach, it may become apparent that the software or technology used is no longer adequate to support the systems and security required to continue operations; therefore, business owners may look to upgrade these areas. These costs will not be covered under your cyber insurance policy.
- Potential Future Losses – your cyber insurance policy will pay out on attacks and breaches in the here and now; they are not concerned with future threats or losses due to the attack that has already happened. Your payout will be determined by the losses incurred during your downtime.
- Loss of Value – Intellectual Property – intellectual property being breached and ultimately lost is hard to quantify in terms of overall financial loss to your business which may come from lost contracts, opportunities and the devaluation of your trading name or brand. Due to this, cyber insurance will not provide cover for this area of the potential loss.
The Outlook
When operating a business, you face risks every day. If you can protect yourself and others from those risks, it is best to do so.
Cyber insurance is another way of adding an extra shield of protection around your business; even the most cyber-savvy companies are not immune to cybercrime threats.
By speaking with an Insurance Broker, you’ll be able to determine exactly what that risk looks like to your business and how much a cyber insurance premium will be to ensure you are covered just in case those risks manifest into a loss.
Speak with one of the Sustain Insurance experts today to understand your business’s needs regarding cyber insurance.