Should Cyber Insurance be a business priority?

3 min read
Sep 12, 2023 1:47:12 PM

Over the past 12 months, 32% of all businesses in the UK and nearly a quarter of charities reported a cyber-attack. In May 2023, the CEO of the National Cyber Security Centre stressed the growing threat to organisations and urged them to consider purchasing cyber insurance.

So, what do we mean by a cyber-attack? It could be anything from a virus affecting individual computers, to holding your business data hostage in a ransom attack. The worst case for a business would be an attack where you lose access to your systems and data is shared publicly, which could lead to litigation, regulatory investigation, reputational damage and ultimately inability to continue trading.

What is Cyber Insurance?

Cyber insurance, sometimes referred to as cyber liability insurance or cyber risk insurance, is a type of insurance that transfers a policyholder’s financial liability to cybersecurity and privacy events such as cyberattacks, data breaches, and acts of cyberterrorism, or regulatory violations. It is there to restore a businesses systems and data, handle technical, legal and reputational issues and cover the costs and losses from cyber-attacks.

Why your normal business insurance won’t cover data breaches

The majority of insurance policies exclude claims associated with cyber attacks or data incidents. More and more organisations are purchasing specific cyber insurance policies to keep them protected.

If you have professional indemnity insurance, it might cover some aspects of a cyber incident, such as litigation resulting from the loss of customer data, but that is only a fraction of what a specific cyber insurance policy covers. Likewise, a Crime policy might cover money stolen via cyber means but will not give the wide range of covers and services provided by a cyber policy. A Management Liability policy might give some cover for regulatory investigations but not much else.

So… What does Cyber Insurance cover?

Cyber insurance covers the losses relating to damage to, or loss of information from, IT systems and networks.

It covers a direct (or first party) financial loss to you or your business arising from a cyber event. A cyber event is simply any actual or suspected unauthorised IT system access, electronic attack, or privacy breach.

Cyber insurance covers the liability actions that might be brought against you, arising out of a cyber event (third party loss), such as investigation and defence costs, civil damages, and compensation payments to affected parties. It also generally includes significant assistance with and management of cyber incidents both before and after an incident has occurred.

Why Cyber Essentials the the answer to keeping your business protected

Insurance companies are asking organisations for evidence of cyber security certifications such as Cyber Essentials, this is because it has been proven that certified organisations are significantly less likely to suffer a serious cyber or data incident.

Put it this way, home insurance policies usually require you to have a minimum standard of locks on your doors and windows; in the same way, cyber insurers expect certain minimum standards that reflect the risk.

Now you know why Cyber Essentials is needed, what is it?

Cyber Essentials is a Government-backed certification that helps businesses take control of their cybersecurity and protect themselves from the vast majority of common online threats. It is supported by the National Cyber Security Centre (NCSC) and administered through IASME. 

Here are some of the business benefits from gaining Cyber Essentials: 

  • Cyber Essentials insurance cover following certification 
  • Dedicated expert cyber security advice from your Cyber Essentials IT Services partner  
  • Improved cyber protection from common cyber attacks 
  • Increased understanding of the threats to your business and how to manage them 
  • Improved data protection. Your processes and systems will ensure more effective data management and security 
  • Increase your client pool to include public sector clients 
  • Bolster your reputation with your clients, prospects suppliers and investors by gaining a government approved cyber security certification 
  • Improve your competitive advantage with certified cyber security measures in place 

How much can a cyber-attack cost?

For a small organisation, that’s any organisation with less than 50 employees, a small breach tends to come in at between £10,000- £30,000. A large breach for a small organisation tends to come in at between £60,000 and £80,000, but there have been some huge cases recently.

Cyber claims come in all shapes and sizes ranging from the inconvenient to the catastrophic and are just as likely to impact sole traders as global firms. No one is safe.

How Method IT can keep your business protected

Firstly, we take cyber security seriously. It’s why we’re ISO27001 certified and have Cyber Essentials Plus certification. Now, we’re able to help other businesses achieve a key cyber essentials accreditation as a Cyber Essentials Certification Body.

With the ever evolving threat of cyber-attacks, having a Cyber Essentials certification will demonstrate your company’s dedication to cyber security and protecting the information of your clients and employees. Whilst your business may have an internal IT Support team, this unfortunately doesn’t guarantee any level of safeguarding – which is why Method IT works with you to reduce the cost of a Cyber Essentials certification, offer ongoing support and a level of experience that is tailored to your company’s needs.

Download your FREE Cyber Essentials eBook and take the first step to complete business protection and lower insurance costs:

Cyber Essentials eBook

No Comments Yet

Let us know what you think