What is cyber insurance, and why is it a good idea?
Take a step back for a moment and imagine you accidentally sent someone’s personal details to another client or left documents on a train, causing a data breach. Or someone has hacked into your computer system. What do you do?
After you’ve finished panicking, you have two options.
- Scour the internet to work out a plan of action. Who do you need to contact? How do you manage while your system is down?
- Phone your insurance company, who will answer those questions, help you resolve the issues, and get you up and running again. Quickly.
A cyber insurance policy will give you the technical help you need to stop the attack. Experts will step in to help retrieve lost data and get your systems and website back to normal.
If you’ve had a data breach, you’ll get help investigating what went wrong and ensuring everyone who needs to know about the incident gets the correct information.
Cyber insurance is the calm in your virtual storm, providing help and support and taking away the stress.
To help understand how it can help your business, we’ve looked at some key questions about cyber insurance. These include why cybercrime is on the rise, what cyber insurance covers, and who should have it.
Why is cybercrime on the rise?
Cybersecurity has been around since the 1970s. And as computers have become more affordable and businesses more reliant on technology, criminals have been able to take advantage of the online world.
In 2017, “phishing” took on a new meaning when criminals hacked into a high-tech fishtank to steal data from a casino. Compare this heist to the Hatton Garden jewellery robbery in 2015. Breaking into a casino via an online connection (in a fish tank) has significantly less risk than physically breaking into a jeweller. There’s no CCTV to get caught on, no get-away vehicle needed, and no hold-alls required for the diamonds (or cash). Just access to the dark web and some illegal know-how.
Phishing (email and text scams) is the most common type of cyber-attack. The criminals rely on someone accidentally downloading software designed to damage your computer or network. Or they might trick an employee into giving away confidential information or transferring money into accounts belonging to the bad guys. And human error, along with lack of awareness, are the main culprits for a successful attack.
The pandemic aside, working from home has become more commonplace in recent years. But working away from the office can lead to issues for security. IT Governance lists several problems that our IT departments face with staff working out and about. These include an increase in working online and using personal devices – both without the protection of corporate firewalls. And longer hours, more distractions, and lack of motivation mean it’s easier for staff to make mistakes.
What does cyber insurance cover?
Cyber policies differ between insurance companies. But a cyber policy can:
- Give your company tech expertise to get any systems and your website back and up and running if your business is attacked.
- Help with data retrieval if there’s a data attack.
- Cover the financial effect of criminals tricking your staff into transferring money, goods or data. And any ransom demands if your systems are crippled by ransomware.
- Cover loss of income when a cyber-event means you can’t trade as normal.
- Deal with data breaches by informing and dealing with the regulator, if necessary, and setting up a call centre to notify those affected.
- Pay costs and compensation for any lawsuits resulting from losing people’s sensitive info.
- Organise and pay for public relations or crisis management experts to support your business if you need them.
- Cover the cost of repairing or replacing any damaged equipment as a result of a cyber-event. Your insurance may also (depending on your cover) pay to upgrade your system to prevent a future attack.
Cyber insurance is not all about digital cover either. Data breaches include a staff member leaving a classified file with a customer’s details on a train. Cyber insurance protects your business from these mistakes too.
Some insurance companies offer free cyber-security training for businesses that take out cyber insurance with them. Training can significantly reduce the risk of an attack by making staff more aware of the risks. So it’s a win-win for you and a lose-lose for the criminals.
What do you need to do to be cyber secure?
Cybercriminals are cunning tricksters, and it’s important to know your enemy and be one step ahead. You can do several things to make a criminal’s life challenging. These include:
- running a firewall and antivirus software
- keeping your staff on their toes with regular training
- making sure your operating system and software is up to date
- setting security patches to download automatically
- using two-step verification and complex passwords.
And have a plan just in case of attack. That plan should include:
- cyber insurance
- risk assessments
- vulnerability audits
- reviewing supplier cyber security risks
- a continuity plan (how you plan to keep running if disaster strikes).
Who needs cyber insurance?
43% of businesses in the UK and 29% of charities have some form of cyber insurance. This could be part of another policy or could be a cyber-specific cover.
Any company, no matter how big or small, is at risk from a cyber-attack that:
- uses computers or email
- has a website
- stores personal information digitally (both customer and employee data)
- takes payments electronically and is subject to a payment card industry (PCI) merchant services agreement
- stores data in the cloud or uses cloud-based services.
You never know when a cyber-incident may happen, so it’s always worth being prepared.
For more info on cyber insurance, a quote in under two minutes, visit PolicyBee or call us for a chat on 0345 222 5370. Sparqa customers also get up to 10% off professional indemnity insurance.