What is cyber insurance and do you really need it? 

cyber insurance

Posted on February 1, 2023 by Louise Howland

A cyberattack on a company’s computer network and system could cause widespread disruption, operational downtime, financial loss, legal action and reputational damage. Cyber insurance will offset costs and damages that can be incurred following a cyberattack and acts as a breach response service helping, you to get back on your feet.

There are a number of steps you can take to limit the risk of a cyberattack and safeguard your business from cybersecurity audits to cybersecurity monitoring. However, cyber insurance provides an extra layer of protection for your organisation in a worst-case scenario. 

Explore what cyber insurance is and what a policy would cover below. 

What is cyber insurance? 

Cyber insurance is a specialist insurance cover designed to protect a business in the event of a malicious cyberattack or serious data breach.

Cyber insurance is one of the fastest-growing areas of insurance cover due to both greater reliance on technology and increasing levels of cybercrime. With cybercriminals constantly devising new ways of breaching cyber defences, cybersecurity needs to continually develop in response to this.  

The latest UK government Cyber Security Breaches Survey shows that almost one-third of businesses (and 24% of charities) have suffered cyber breaches or attacks in the last 12 months.

Over the same period, the UK’s cyber watchdog, the National Cyber Security Centre (NCSC) also removed a staggering 2.1 million commodity attacks which are high-volume, low-sophistication attacks usually involving phishing and other scams targeting citizens and small businesses.

What exactly does a cyber insurance policy cover? 

The loss of data or funds through malicious or accidental means, along with the grim prospect of technology or system failure, can be catastrophic and hugely expensive for any organisation.

In the event of a cyberattack, cyber insurance provides a business with cover for the financial losses sustained by a cyber breach in addition to liability for any damages a third party may also attempt to claim. There is a diverse range of cyber insurance products and not all policies are the same. However, the majority of policies generally cover: 

  • Business disruption: Lost profits and increased costs due to systems or networks being down or encrypted following a cyberattack.
  • Dependent business interruption: Lost profits and increased costs due to systems or networks being down because of third-party failure from a cloud provider or other key service the company is dependent upon.
  • Data retrieval costs: The cost of retrieving and restoring data and information following a cyberattack.
  • Digital and data asset destruction: The loss of data stored on tapes, hard disks, and other electronic media.
  • Social engineering: Costs incurred when employees are deceived into divulging information leading to criminal activity.
  • Response and remediation: The cost of resolving and remedying a cyberattack including credit monitoring and public relations support to limit damage to the brand or reputation of the company.
  • Notification costs: The cost of identifying and notifying data subjects about a data breach – often a demand of the Information Commissioner, the UK’s data regulator.
  • Forensics: The cost of hiring forensic cyber experts to analyse the cause of a breach and the damage caused.
  • Legal costs: incurred in dealing with the regulator, litigious data subjects and other third parties.
  • Extortion: Though rare, insurers will pay extortion costs in the event of a ransomware attack where all parties believe payment of the ransom is the most efficient way to end the cyberattack.
  • Fines & Penalties: Insurance also meets the cost of civil fines and penalties arising from a cyber event.

What does cyber insurance not cover? 

There are certain situations where cyber insurance does not provide cover. These include loss, loss caused by cyber warfare, any event where an insurance payout would breach international sanctions or attacks on core elements of the internet that result in a national or global outage of the internet.

Who needs cyber insurance?

Cyber insurance is valuable for a wide range of businesses and charities, regardless of their size or industry. Any organisation that uses technology, stores sensitive information, and relies on digital operations can benefit from cyber insurance. Cyber insurance cover should be taken out by any organisation that:

  • Stores, uses or sends business-critical information and personal data such as names, addresses, banking details and passport numbers
  • Uses eBanking facilities to move money
  • Has its own website
  • Is reliant on digital technology to conduct everyday business activities
  • Adheres to Payment Card Industry (PCI) standards

The importance of cyber insurance for businesses was highlighted in an IBM report which revealed the average cost of a data breach is now USD 4.45 million in 2023, a 15% increase over 3 years. As a result, effective risk management is a growing priority and cyber insurance remains one of the most effective ways to mitigate losses.

Despite the clear benefits of cyber insurance, only 43% of UK businesses were protected by a cyber insurance policy according to the government’s Cyber Security Breaches Survey 2022, leaving themselves exposed to costly cyberattacks and data breaches.

In addition to cyber insurance, UK businesses also have a legal responsibility to protect data and sensitive information belonging to customers and individuals under the Data Protection Act. Businesses found in breach of this duty are subject to a variety of sanctions, including being fined up to 4% of their turnover.

Find the right cyber insurance for your business 

There is a wide range of cyber insurance policies available depending on the level of protection a business requires. Businesses should weigh up a number of factors before deciding which policy is right for them, including their risk profile and the damage a data breach would cause them and their stakeholders.

The sensitivity of data held by a business should also be taken into account. For example, damage caused by a data breach is likely to be worse if it involves the theft of sensitive personal information such as healthcare data, and financial details such as bank account or payment card information.

Many cyber insurance companies will require that businesses and organisations take vital steps to mitigate the risk of a cyberattack or data breach by enhancing their human firewall or investing in cyber awareness training for their employees.

ramsac and Partners&

We are very proud to be partnering with Partners&, to bring specialist insurance advice to our clients. Partners& is a next-generation insurance advisory business. With access to specialist advisers, Partners& help organisations map the risks facing their business and implement practices that protect the organisation. Providing a seamless approach to risk management, insurance and claims ensures organisations receive the most efficient protection.

Strengthen your cybersecurity defences with ramsac 

Cybersecurity breaches are one of the main threats in today’s business landscape. Protect your organisation from cyber threats by contacting us today.  

Related Posts

  • Everything you need to know about the transition to ISO 27001:2022 
    October 14th, 2024

    Everything you need to know about the transition to ISO 27001:2022 

    Cybersecurity

    This blog explains the essential steps and timeline for transitioning from ISO 27001:2013 to ISO 27001:2022, ensuring your organisation maintains its certification before the October 2025 deadline. [...]

    Read article

  • Why your organisation needs VMaaS: Turning vulnerabilities into strengths
    October 1st, 2024

    Why your organisation needs VMaaS: Turning vulnerabilities into strengths

    Cybersecurity

    Discover how ramsac’s VMaaS can transform vulnerability management from a reactive headache into a proactive strategy that strengthens your organisation’s cybersecurity. [...]

    Read article

  • Machine Learning Algorithms in Cybersecurity
    September 30th, 2024

    Machine Learning Algorithms in Cybersecurity

    AICybersecurityTechnical Blog

    Learn how machine learning algorithms are transforming cybersecurity, improving threat detection and predicting future attacks to help secure your digital environment. [...]

    Read article

  • Why should companies invest in cybersecurity?
    September 16th, 2024

    Why should companies invest in cybersecurity?

    Cybersecurity

    Investing in cybersecurity improves customer trust and helps you to prevent breaches across your organisation. Learn more today. [...]

    Read article

  • Maintaining system resilience in a technological world: What the CrowdStrike outage can teach us
    September 4th, 2024

    Maintaining system resilience in a technological world: What the CrowdStrike outage can teach us

    Cybersecurity

    The CrowdStrike outage on the 19th July caused worldwide chaos from airlines to hospitals and everything in between. What can we learn from this? We discuss. [...]

    Read article

  • What is data theft and how do you prevent it?
    July 15th, 2024

    What is data theft and how do you prevent it?

    Cybersecurity

    In any size organisation, data theft can be a huge issue. From disgruntled employees to large scale cyberattacks, data theft can severely impact your business. According to a report [...]

    Read article

Quiz yourself

Are you more cyber savvy than an 11 year old?

11-14 year olds get asked these questions in school. Could you get these right?

X