5 Things Every Business Needs to Know About Cyber Insurance

Do you use a computer to help run your business? What would happen if your system was hacked or even just your laptop was stolen? Could your cash flow cope? Could you afford an IT consultant to help fix things in a hurry?

In 2022 the proportion of UK businesses identifying a Cyber-Attack was 39%, with 83% reporting Phishing Scams and 21% reporting more sophisticated attacks including Malware and Denial of Service. [1]

Businesses need more information about the risks they could face and why it is not just a case of backing up your systems and crossing your fingers.

Around 236.1 million ransomware attacks were reported worldwide in the first half of 2022 with the UK having the highest number of cybercrime victims per million internet users at 4783 in 2022 – up 40% over 2020 figures [2]. The scale of the threat cannot be underestimated, and you need to know how you can protect your business from the risks it faces.

You should set aside time to understand what your potential exposure is and also how to make sure that the insurance you buy will do what you need it to do in the case of a breach in security either by a hacker or a genuine mistake by you or a member of staff who, for example, inadvertently e-mail data to the wrong person.

If you are not familiar with Cyber Insurance then this is a specialist type of insurance you can buy that would usually provide cover for the following costs which you might incur because of a cyber incident: –

  • cyber extortion
  • ransomware
  • breach costs
  • cyber business interruption
  • hacker damage
  • crisis containment and more

You may need Cyber Insurance if you hold sensitive customer data, such as names, addresses, or banking information, or if you are reliant on computer systems to conduct your business, have a website, or are subject to a payment card industry (PCI) merchant services agreement. Damage or unauthorised access to any of these could lead to reputational damage and legal and/or regulatory costs.

It is perfectly natural to worry about whether you are making the right decision about buying a product and, with that in mind, here are some of the most common statements we hear.

1: “I don’t need cyber cover” 

Cyber-attacks affect companies of all sizes, so protecting against this is paramount. If you are using computers in your business, then you need to consider the potential costs of a breach or theft of your data. Could you continue to run your business without it? What is the impact on your customers? How long would it take to get back up and running? Could you afford to hire an IT company at short notice to fix this for you? Do you have the skills to fix a cyber breach? What would the reputational damage be to your company?

Most people don’t know they need the cover until they have a breach or data is stolen from them, this is often too late. Many businesses could struggle to meet the costs of fixing the damage. This is where the insurance cover can help cover these costs and experienced insurer teams can help you react effectively to an attack.

2: “I can’t afford cyber insurance”

If you are not making much money or are in the early stages of your business, spending money on insurance might be off the agenda. If you don’t arrange the cover, then you are effectively saying you can cover the risk – and the costs – yourself, but can you? Could you cover the cost of crisis response, restoring the security of your IT system, restoring the data, covering any regulatory fines or damages, legal advice, or public relations advice?

“The Sophos State of Ransomware Report 2021 claims that the average cost to a business of a ransomware attack is £1.5m” (Global numbers)

Many businesses would not be able to withstand these types of exceptional costs to their business and could fail as a result.

By offsetting the risk with insurance, you are paying a fraction of the cost of a cyber loss which a recent UK government survey put at £4,200 for small businesses and £19,400 for medium to large companies. [1]

3: “I don’t know how much cyber insurance costs, but I know it is expensive”

So how much does Cyber Insurance cost? The price of the cover will depend on what you do, how much data you hold, and your processes for protecting the data. You can then choose a level of cover you want to buy. Unfortunately, there is no magic formula for how much cover you should buy but as a broker, we can help you consider what level of cover you need.

With the frequency and severity of cyber-attacks on the rise, and the rising costs of dealing with an attack, it is good housekeeping to get a quote for Cyber Insurance. While we have seen a hardening in the cyber market, where there is limited capacity and premiums are less likely to be negotiable, there is an appetite for non-complex risks, and we have strong relationships with a range of insurers who can offer this cover.

4: “I don’t have the time to arrange cyber insurance”

It is great to be busy, but we strongly believe that if you want to do something you can take the time to do it. Insurance should be part of the essential tools you use to run your business. By transferring the risk to insurers you can concentrate on running your business, and by using a broker you can leave your insurance in safe hands.

We will make sure that the time we need with you is well spent, getting the information about your business to make sure we can present your insurance proposal to insurers in the best possible light.

In preparation for getting a quote it’s worth taking time to think about the data you hold, how it is saved, the IT security you have in place, details of any previous claims, and have to hand your most recent turnover figure. With that information, we can readily get a quote for you.

5: “I don’t know what cyber insurance cover I need”

There are various types of cyber-attack that you can be a victim of including a rogue employee, negligence, outsider threat (phishing, hacking, malware, etc.), or third party and vendor threat. You should think about what you would do if you were a victim of a cyber-attack and put in place a process to respond.

If you suffer a cyber breach, having Cyber Insurance can make the recovery process as straightforward and rapid as possible. Many insurers include the provision of technical assistance with managing a breach part of the insurance policy – if so, get in touch with them as soon as possible after the breach is discovered.

Cyber Insurance can offer protection for cyber extortion, ransomware, breach costs, cyber business interruption, hacker damage, crisis containment, emergency support, legal advice, public relations advice, and restoration of services. The cover provided by insurers differs from product to product and the amount covered or limit of indemnity can also differ from policy to policy, so it is wise to talk to an insurer or insurance broker who can steer you through the process.

What Next

If you need help arranging business insurance, find your local Broker via: https://www.biba.org.uk/find-insurance


[1] https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022#chapter-6-dealing-with-breaches-or-attacks

[2] https://aag-it.com/the-latest-cyber-crime-statistics/#:~:text=Global%20cyber%20crime%20statistics%3A%20The%20UK%20had%20the,USA%2C%20with%201494%2C%20a%2013%25%20decrease%20over%202020.

Further Reading