What is cyber insurance and do you really need it? 

cyber insurance

Posted on February 1, 2023 by Louise Howland

A cyberattack on a company’s computer network and system could cause widespread disruption, operational downtime, financial loss, legal action and reputational damage. Cyber insurance will offset costs and damages that can be incurred following a cyberattack and acts as a breach response service helping, you to get back on your feet.

There are a number of steps you can take to limit the risk of a cyberattack and safeguard your business. However, cyber insurance provides an extra layer of protection for your organisation in a worst-case scenario. 

Explore what cyber insurance is and what a policy would cover below. 

What is cyber insurance? 

Cyber insurance is a specialist insurance cover designed to protect a business in the event of a malicious cyberattack or serious data breach.

Cyber insurance is one of the fastest-growing areas of insurance cover due to both greater reliance on technology and increasing levels of cybercrime. With cybercriminals constantly devising new ways of breaching cyber defences, cybersecurity needs to continually develop in response to this.  

The latest UK government Cyber Security Breaches Survey shows that almost one-third of businesses (and 24% of charities) have suffered cyber breaches or attacks in the last 12 months.

Over the same period, the UK’s cyber watchdog, the National Cyber Security Centre (NCSC) also removed a staggering 2.1 million commodity attacks which are high-volume, low-sophistication attacks usually involving phishing and other scams targeting citizens and small businesses.

What exactly does a cyber insurance policy cover? 

The loss of data or funds through malicious or accidental means, along with the grim prospect of technology or system failure, can be catastrophic and hugely expensive for any organisation.

In the event of a cyberattack, cyber insurance provides a business with cover for the financial losses sustained by a cyber breach in addition to liability for any damages a third party may also attempt to claim. There is a diverse range of cyber insurance products and not all policies are the same. However, the majority of policies generally cover: 

  • Business disruption: Lost profits and increased costs due to systems or networks being down or encrypted following a cyberattack.
  • Dependent business interruption: Lost profits and increased costs due to systems or networks being down because of third-party failure from a cloud provider or other key service the company is dependent upon.
  • Data retrieval costs: The cost of retrieving and restoring data and information following a cyberattack.
  • Digital and data asset destruction: The loss of data stored on tapes, hard disks, and other electronic media.
  • Social engineering: Costs incurred when employees are deceived into divulging information leading to criminal activity.
  • Response and remediation: The cost of resolving and remedying a cyberattack including credit monitoring and public relations support to limit damage to the brand or reputation of the company.
  • Notification costs: The cost of identifying and notifying data subjects about a data breach – often a demand of the Information Commissioner, the UK’s data regulator.
  • Forensics: The cost of hiring forensic cyber experts to analyse the cause of a breach and the damage caused.
  • Legal costs: incurred in dealing with the regulator, litigious data subjects and other third parties.
  • Extortion: Though rare, insurers will pay extortion costs in the event of a ransomware attack where all parties believe payment of the ransom is the most efficient way to end the cyberattack.
  • Fines & Penalties: Insurance also meets the cost of civil fines and penalties arising from a cyber event.

What does cyber insurance not cover? 

There are certain situations where cyber insurance does not provide cover. These include loss, loss caused by cyber warfare, any event where an insurance payout would breach international sanctions or attacks on core elements of the internet that result in a national or global outage of the internet.

Who needs cyber insurance?

Cyber insurance is valuable for a wide range of businesses and charities, regardless of their size or industry. Any organisation that uses technology, stores sensitive information, and relies on digital operations can benefit from cyber insurance. Cyber insurance cover should be taken out by any organisation that:

  • Stores, uses or sends business-critical information and personal data such as names, addresses, banking details and passport numbers
  • Uses eBanking facilities to move money
  • Has its own website
  • Is reliant on digital technology to conduct everyday business activities
  • Adheres to Payment Card Industry (PCI) standards

The importance of cyber insurance for businesses was highlighted in an IBM report which revealed the average cost of a data breach is now USD 4.45 million in 2023, a 15% increase over 3 years. As a result, effective risk management is a growing priority and cyber insurance remains one of the most effective ways to mitigate losses.

Despite the clear benefits of cyber insurance, only 43% of UK businesses were protected by a cyber insurance policy according to the government’s Cyber Security Breaches Survey 2022, leaving themselves exposed to costly cyberattacks and data breaches.

In addition to cyber insurance, UK businesses also have a legal responsibility to protect data and sensitive information belonging to customers and individuals under the Data Protection Act. Businesses found in breach of this duty are subject to a variety of sanctions, including being fined up to 4% of their turnover.

Find the right cyber insurance for your business 

There is a wide range of cyber insurance policies available depending on the level of protection a business requires. Businesses should weigh up a number of factors before deciding which policy is right for them, including their risk profile and the damage a data breach would cause them and their stakeholders.

The sensitivity of data held by a business should also be taken into account. For example, damage caused by a data breach is likely to be worse if it involves the theft of sensitive personal information such as healthcare data, and financial details such as bank account or payment card information.

Many cyber insurance companies will require that businesses and organisations take vital steps to mitigate the risk of a cyberattack or data breach by enhancing their human firewall or investing in cyber awareness training for their employees.

ramsac and Partners&

We are very proud to be partnering with Partners&, to bring specialist insurance advice to our clients. Partners& is a next-generation insurance advisory business. With access to specialist advisers, Partners& help organisations map the risks facing their business and implement practices that protect the organisation. Providing a seamless approach to risk management, insurance and claims ensures organisations receive the most efficient protection.

Strengthen your cybersecurity defences with ramsac 

Cybersecurity breaches are one of the main threats in today’s business landscape. Protect your organisation from cyber threats by contacting us today.  

Related Posts

  • Celebrating 20 Years of Cybersecurity Awareness Month
    September 19th, 2023

    Celebrating 20 Years of Cybersecurity Awareness Month

    Cybersecurity

    October is Cybersecurity awareness month, follow us on LinkedIn or Twitter for daily tips on how you can protect your organisation against Cybercrime. [...]

    Read article

  • How much should businesses invest in cyber resilience? 
    September 11th, 2023

    How much should businesses invest in cyber resilience? 

    Cybersecurity

    In this blog we explore how much organisations should invest in cyber resilience to protect against cybercrime [...]

    Read article

  • What is cyber resilience? A complete guide
    August 18th, 2023

    What is cyber resilience? A complete guide

    Cybersecurity

    Firewalls and anti-virus software are just the first steps in protecting your organisation from cyber threats (this is cybersecurity). However, you need more than that and this is where [...]

    Read article

  • The cybersecurity risks of remote working
    July 31st, 2023

    The cybersecurity risks of remote working

    CybersecurityRemote working

    Remote workers are under increasing levels of threat from advanced cyber criminals. It is vital to protect your workforce from cyberattacks. Discover more here. [...]

    Read article

  • What is Mobile Application Management: streamlining app deployment and security
    July 20th, 2023

    What is Mobile Application Management: streamlining app deployment and security

    Cybersecurity

    Mobile Application Management helps organisations to manage, secure, and distribute mobile applications within their environment. In this blog we explain what MAM is and the benefits of implementing it. [...]

    Read article

  • The importance of effective Supplier Data Security
    July 11th, 2023

    The importance of effective Supplier Data Security

    Cybersecurity

    In this blog post, we will explore essential considerations and questions to ask your suppliers about the protocols they have in place that keep you, and any shared data, [...]

    Read article