Cyber Insurance Guide

Updated: 21/01/21

Cyber risks are a serious threat to any business of any size, and with the increased dependence businesses have on IT systems, and evolving risks relating to cybercrime, cyber insurance policies are growing in popularity.

In fact, in 2016 a UK Government study found that 60 percent of small businesses had suffered a cyber breach costing between £65-115k. Even if you are an SME and your business holds sensitive customer data, relies heavily of IT systems and websites to conduct business, or processes payment card information, then you should be looking into cyber insurance as a priority.

As many of you will be aware, the new General Data Protection Regulation (GDPR) comes into force in May 2018, raising the prospect of increased fines. This prospect places increased importance on having adequate insurance in place to cover possible data breaches, and data protection has become a hot topic particularly with Directors and Officers who will be keen to ensure robust practices are in place.

What will our Cyber Insurance cover?

Cyber insurance covers any first party losses and third-party claims relating to damage to, or loss of information from, IT systems and networks.

As a business, if IT equipment or systems fail you will be under risk of income loss and business interruption. Whilst some business insurance policies you have in place will cover elements relating to damage, loss or failure, a cyber insurance policy will work alongside these providing financial compensation as well as assistance with managing the incident and reputational damage.

Most importantly cyber insurance policies should include cover in the instance of a data breach, whereby customer’s personal data is stolen or exposed by gaining access to the electronic network. These expenses will include; notification of costs, credit monitoring, costs to defend claims by regulators, fines and penalties, and loss as a result of identity theft.
Bluedrop will work closely with your business to customise your policy to the individual needs of your organisation and specific vulnerabilities. How much cover you need will depend on the size of your business and the type and amount of data you manage. We can help to determine what elements will be important for your business.

Whilst there is no standard underwriting for a cyber insurance policy, our policies can cover the following:

• Forensic investigation – to determine what happened, how to repair damage and prevent a similar breach in the future.
• Business losses – financial redress for theft of money, data loss and recovery costs, damage to websites programs or electronic data, and business interruption.
• Privacy and notification – notifications to customers and other affected parties as required by GDPR.
• Litigation and extortion – legal expenses, settlements and fines from data protection regulators. Extortion covers ransoms to end extortion as well as fees incurred from recruiting specialist advisors.
• Reputation protection – PR Services to limit and repair any reputational damage.
• 24/7 incident response – in the event of an incident it is important to contact your insurer immediately to ensure damage limitation and to begin putting in place your business continuity plans. Our insurers will operate a 24/7 claims line.

Advice to reduce your risk of cyber crime

In addition to having concrete insurance in place, as a business you need to ensure you have steps in place to manage your cyber risks and limit the chances of an attack.

As part of your risk management plan employee education in the form of awareness on security issues is vital. It is important to evaluate your level of risk and assess the potential events that could cause a cyber incident.

You should invest in up-to-date cyber-protection software and set up boundary firewalls as well as continually scanning for viruses and malware. It is advised that you investigate producing an incident response plan and have procedures in place should an attack take place.

Consider these 6 steps to cyber security that we have identified for you.

Covid-19 risk update

Covid-19 poses a great cyber security risk for businesses. With many employees relying on home working to do their jobs the risk of cyber security threats from using home networks and personal equipment for work purposes is high. Unfortunately, most home networks and personal computers don’t have the same security measures as workplace networks which are purposefully set up in this way.

With such new vulnerabilities in mind, hackers are targeting home workers with phishing emails and exploiting remote network environments and as a result cybercrime is at an all-time high. As a result, many businesses are looking to either purchase or review their existing cyber insurance, as well as looking at ways to prevent malicious cyber-attacks from happening.

In the wake of Coronavirus, it is important that you review your cyber security insurance to ensure it covers your business for working from home purposes. You will also need to review what security systems you have in place to prevent cyber-attacks, such as phishing emails and weak networks. If you do not have a contingency plan in place or a clear outline of what to do if presented with a cyber-attack, you may find it harder to find suitable insurance for your business.

With many employers announcing a permanent shift to working from home, this problem won’t be going away. You can speak to one of our insurance brokers to discuss what your options are and advise on what level of cyber insurance you will need moving forward.

You may also wish to consider Cyber Essentials Accreditation, which is a standard brought in by the Government in 2014. This is considered a good first step towards becoming more resilient to attack.