Cyber insurance – insurance against an IT failure or internet-based threat – may sound like a luxury for small businesses, but in 2017/2016 almost half of UK firms were hit by a cyber breach or attack with the average cost to the business being £20,000 and in some severe cases millions.
Since cyber insurance’s invention in the early 1990s, its adoption has grown rapidly as businesses large and small begin to appreciate the threat that IT and data issues pose. In the computerised world in which we operate, risks such as business interruption, lost income, data loss and IT service restoration costs need to be effectively managed, and the most cost-effective method of doing so is to have adequate cyber insurance in place.
Customer Data: An asset that needs protecting
While existing insurance policies – including commercial property, business interruption or professional indemnity insurance – may provide some elements of cover against cyber risks, many businesses are now taking out specialised cyber insurance policies to provide themselves with specific cover. This is particularly true of businesses that hold sensitive customer data – names and addresses, email addresses or banking information – or those using IT systems and websites to conduct their business.
The risks associated with data loss are increasing with cyber-attacks increasing in frequency; The seriousness with which these attacks are being treated is also on the rise, with fines of up to £500,000 now being levied for breaches of the Data Protection Act by the Information Commissioner’s Office.
Is your business covered for a ‘Cyber Event’?
As more and more businesses move their data storage from local servers onto ‘The Cloud’ and other off-site sources, the issue of data responsibility becomes ever more complicated. Many firms outsource some element of their data management process and in doing so they mistakenly believe that this absolves them of data protection responsibilities. The truth is, however, that many cloud providers are based outside the European Union and so aren’t subject to the obligations of the EU Data Protection Directive. This means the regulations of that directive will apply primarily to you as the ‘controller’ rather than to them as the ‘processors’ of data. In simple language this means if something goes wrong with your cloud supplier, you could be the one left facing the financial consequences, not them.
It’s a sad fact that far too few businesses have procedures and processes in place for a cyber event and many professional indemnity insurance policies do not offer adequate cover for them. This is why insurers have responded with specific cyber insurance policies. These give immediate access to expertise in the event of a cyber breach, a crisis management team that can limit financial and reputational damage to the business from the moment a breach is discovered, instead of finding out much later via a third party claim. Cyber breaches are new territory for most businesses and managing the risks by informing customers, tightening security and by other remedial measures can prove costly so it’s an insurance that you should not be without. In fact, 60% of small businesses go out of business within six months of a cyber attack.
Cyber Insurance: A logical business decision
Given the growing multitude of threats and the potentially significant cost of a cyber event, cyber insurance is the logical way to manage cyber risk and protect your business. As well as providing cyber insurance cover, an insurance broker such as Coversure can help you reduce your risk by providing insight from claims and cyber incidents from across the industry.
Cyber insurance is a new market, one that will reward early adopters that develop good histories as time goes by while industry claims data becomes more readily available. And so the question regarding cyber insurance remains: ‘Can your business afford to be without it?’
For more information get in touch with your local Coversure Insurance broker today or head to our cyber product page.