It is not a legal requirement to have cyber insurance, but most businesses have at least some exposure to the risk of cyberattack. For example, any business that deals with a lot of private data, especially payment details, should have cyber liability insurance UK. Businesses are also at risk if they have many computers linked to an internal private network or their business relies on computer systems.
Despite the average cybersecurity breach costing £22,700 for large businesses and £3,650 for small traders, most businesses are still are not insuring themselves against cyberattacks. In fact, according to the UK Government’s Cyber Security Breaches Survey 2020, less than a third of businesses (32%) are covered against cyber risk.
The benefits of cyber insurance reach beyond the financial. Many business owners with cyber insurance report benefiting from expert legal advice and access to IT specialists after an attack, as well as receiving general advice on their cybersecurity. And many large businesses use their cyber insurance as a sort of unofficial accreditation to show their reputation is one to be trusted.
What is Cyber Insurance and Why Do You Need it?
Cyber insurance is a special type of business insurance designed to protect against cybercrime and, potentially, IT system failures. It is highly recommended for businesses with large and complex computer networks, or businesses holding lots of sensitive data or dealing with customer payment details. However even smaller businesses can benefit.
The insurance covers a multitude of nightmare scenarios, and coverage can vary from one policy to another. But it’s common for a policy to include computer systems breaking down, a cyberattack, and theft of data. It provides businesses with expert help and advice, both on the legal side and the IT side, as well as covering what could be expensive payments to affected customers.
Cyber liability insurance can also provide practical solutions outside of the business such as a public relations campaign to manage reputation damage after an attack or even setting up a call centre to deal with customer complaints.
Security breaches cost small businesses £65,000 – £115,000 and large businesses £600,000 – £1.15million in worst cases, according to a report from PwC. And with businesses using computers and the internet more than ever, increasing numbers are looking at specific protection in the form of cyber insurance.
The UK Government estimates nearly half (46%) of all businesses have been victim of a cyberattack. And it is not just large corporations. 68% of medium-sized businesses said they had fallen victim to a cybersecurity threat.
Shockingly, nearly a third (32%) of those who said they had identified a security breach or attack, said they were dealing with attacks at least once a week. These chilling statistics are why this specialised insurance is giving organisations a much-needed safety net.
How much does cyber liability insurance cost?
Cyber insurance can cost under £150 a year for a small business needing a very basic policy. Larger businesses will pay more depending on their size, network and types of business activities.
As with every policy, the cost of cyber liability insurance depends on a range of factors including the size of the business and the risk factors involved in its line of work. And remember not all policies offer the same protection, so before buying make sure you are getting the cover you need, for instance, IT system failure, data loss, business interruption, hacks, theft, or ransomware.
What does cyber insurance not cover?
Cyber insurance does not cover incidents which result from poor management or systems upgrades. Although what’s covered varies from one policy to the next, cyber insurance generally does not cover:
- Hacks by directors or partners running the company.
- Failure by service providers (e.g., if an interruption was caused by failure of an internet service, cloud or telecommunications provider)
- Intellectual property losses
- Bodily injury
- Compliance reviews (e.g., upgrades to security systems, routine investigations and supervision)
- Defamatory statements that you know or should have known were defamatory at the time of publication.
Is cyber liability insurance worth it?
Cyber insurance is worth investing in if a business deals with a lot of payment information or private data or relies on computers and computer systems. The legal and expert support alone can make a policy worthwhile, even just for peace of mind.
However, some other types of insurance (e.g., professional indemnity, business interruption, contents insurance) might have an element of cyber protection built-in as well. It is worth checking the small print of other business insurance policies to check if they protect against cyber threats.
It is worth taking into consideration the size of the business and how much it relies on IT systems and storing data securely when deciding whether cyber insurance is worth it or not. But given the relatively cheap cost of cover, any business on the fence can opt for extra cover without breaking the bank.