Let’s talk about cyber insurance. For lack of understanding – perhaps it’s the futuristic association of the word ‘cyber’ – it’s often disregarded by both business insurance providers and businesses. The latter, at great peril. In reality, any business holding data should be considering it.
While insurers pay out £22 million in claims each day on behalf of businesses, most only have basic business insurance, likely to include covers like public liability, professional indemnity and contents and equipment cover, but not cyber insurance. In fact, over 80% of businesses don’t have specialist cyber insurance.
This is in spite of the fact that 1 in 3 UK businesses identified a cyber-attack in 2019 and that the majority of businesses have said that they plan to increase their spending on cyber security.
Why cyber insurance is an integral part of your cyber security plan
Although there’s plenty that most businesses could and should do to improve their overall cyber security and protect their data, it’s impossible to eradicate the risk of a cyber-attack or data breach.
What’s more, however robust your security measures, if something does slip through, does your comms team have the expertise and resource to deal with the PR storm?
How does cyber insurance work?
Once you’ve experienced an attack and/or a data breach, cyber insurance kicks in to provide a number of important expert services to help your business recover as quickly as possible. The exact details of your cover will vary from policy to policy. Digital Risks’ cover includes:
- Resolving the immediate issue. You’ll have access to a 24-hour breach response helpline and expert legal, IT security and PR crisis control assistance, whether this involves negotiating and paying a ransom in Bitcoin; fixing your security flaws; defending, negotiating and settling the claim; and reporting the breach as per regulatory guidelines.
- Damage control. We’ll help to communicate the breach to affected customers and set up a call centre to assist them (as per regulatory requirements). As you have probably seen from the media, data breaches can be disastrous for businesses, not just in terms of immediate financial loss, but with regard to long term reputational damage.
Research by IDC found that 80% of consumers would defect from a company following a breach of their personally identifiable information, which goes to show just how important it is to manage communications around a breach carefully.
- Business interruption. We’ll reimburse income lost due to a security breach impacting your computer systems (or those of an integral supplier).
Large businesses, which are more likely to have the resource to solve tech issues report spending an average of 3.4 days managing the impact of a cyber-attack.
- Paying regulatory penalties (that are insurable by law). The GDPR has tightened regulations around data collection, storage and processing. At worst, a breach could end up costing your company up to €20 million, or up to 4% of your annual worldwide turnover for the preceding financial year, whichever is greater.
So the question is, can you really afford to pass on cyber insurance? Even, if like most companies, you plan to spend more on improving your cyber security, it’s impossible to completely eliminate the risk of a cyber-attack or data breach, or plan for its consequences. Cyber insurance is a good safety net to have and it doesn’t necessarily cost more than other business insurance covers.