Cyber insurance: Do you really need it?

March 23, 2020by Rob McBride

Dedicated cyber security insurance won’t stop cybercriminals, but it can keep you on a stable financial footing if a major breach does occur.

The internet is now a utility – as fundamental to business as power and water.

Almost all organisations now transact with customers online, storing a range of personal and commercial data. Furthermore, most organisations are now implementing many of the necessary controls to protect this data.  But as the Equifax breach continues to teach us, there’s no 100 per cent guarantee.

Cybercriminals are getting smarter and the threat landscape seems to throw up new exploits and forms of attack every week. We’re already seeing cases where artificial intelligence has been used to target businesses and individuals more effectively.

Digital transformation means we’re going to be ever more dependent on the internet, not less. So how can you make data safe – and keep your business up-and-running when an attack does occur?

The rise of Cyber Insurance

Cyber risk insurance provides cover to businesses against internet-borne risks and liabilities. It’s been around for more than a decade and growing in popularity. PwC estimates global spending on cyber insurance will reach $7.5 billion this year.

The idea is to support business resilience and help you recover from a data breach or attack by:

  • Mitigating the costs of clean up and remediation.
  • Protecting you from liability for loss and damage.

UK businesses can also benefit from cover against any claims related to non-compliance with the General Data Protection Regulation (GDPR).

How does it work?

Cyber insurance coverage is generally available in two levels: first-party and third-party liability.

  • First-party liability insurance covers direct losses to the business.
  • Third-party coverage extends to any claims or legal action taken by customers, partners, or regulators.

Each provider offers its own specific policies, but the risk areas commonly covered include data breaches and damage to systems.

The fines, legal fees, and other costs associated with remediation after an attack will all be covered. These include cleaning compromised data, repairing systems, restoring profiles of affected customers, and notifying everyone affected by the breach.

Cyber insurance policies can also be extended to cover the cost of business interruption, extortion via ransomware, or engaging outside forensic investigators to determine the exact cause and full impact of an attack.

Who needs Cyber Insurance?

Banks and financial services organisations are prime targets for cybercriminals, so any business operating in finance needs to investigate cyber insurance as a matter of urgency.

But any business that collects, sends, uses, or stores electronic data should consider taking out cyber insurance. Every business, regardless of size or geography depends upon the internet to conduct transactions and provide customer service.

If your organisation is part of the digital economy, it is vulnerable to cyber-attack in some way. Cyber insurance can help minimise the cost of clean-up and getting back on track.

How much does Cyber Insurance cost?

The premiums for cyber insurance are calculated based on factors like annual revenue, industry sector, the types of data stored, and the level of investment in cyber security protection.

Cybercriminals tend to focus on sectors like finance and healthcare, so organisations in these and other highly-targeted industries may require a higher level of coverage.

In practice this means that an organisation holding a large number of customer records with detailed personal and financial information will be at greater risk than, for example, a restaurant or catering business.

Many providers offer an online cyber and data insurance calculator to help you understand what the premium could be and generate a quote specific to your business.

Where can I get Cyber Insurance?

As cybercrime affects more and more organisations, the demand for cyber liability insurance is growing fast. From traditional general insurers to security- and sector-specific specialists, the options for cyber insurance are growing.

To help kick start your research, here is a shortlist of some of the most popular providers and plans.

AIG AIG takes a modular approach to cyber-cover, meaning businesses can prioritise the specific risks they face more frequently for coverage.
Aviva Aviva claim to offer the most comprehensive single cover package available, developed in partnership with CYENCE, a specialist cybercrime consultancy.
Bluefin Professions Bluefin cyber insurance policies are designed specifically for firms in professional services. They also aim to design policies that help minimise repetitional damage resulting from a breach.
CFC Underwriting CFC offers cyber insurance policies geared to both large enterprises and SMEs, and the risks more likely to be faced by each.
Hiscox Hiscox offers a comprehensive package at a range of coverage levels, and policies tailored to individual risk requirements – from ransomware to business interruption.

Still have questions?

Why not drop us a line.

CyPro’s expert consultants have helped organisations of all sizes fine-tune their cyber insurance requirements by clarifying the areas where they’re most at risk.

Rob McBride