The better your security rating, the less your insurance premiums will cost and the better protected your business will become.
Cyber insurance – also known as cyber liability or cyber risk insurance – covers the losses related to damage or loss of information from IT systems and networks within your business. There are many different types of policies, but the main ones cover loss and damage caused by data breaches or malicious cyberattacks.
In the event of an attack, cyber insurance provides key support to help businesses stay afloat. With millions being lost each year to the hands of hackers, cyber insurance has become a saviour to businesses all around the world. With that in mind, let’s take a closer look at why you should consider cyber insurance, what a policy covers and how to purchase it to protect your business.
Does my business need cyber insurance?
In today’s digital age, businesses of all sizes, large and small rely on IT systems and networks to function. Therefore, businesses are regularly exposed to risks – income loss, business interruption, damage management and repair, reputational damage and more.
The UK government estimated that in 2018, 61% of large corporations and 31% of small businesses suffered a cyber breach. The average cost of a data breach for small and medium-sized enterprises ranges from $120,000 to $1.24 million. This cost has increased year-on-year and will do so well into 2023 and beyond. Global cyberattacks already rose by 28% in Q3 2022 - compared to the same period in 2021.
Businesses are increasingly buying specialised cyber insurance policies to support their existing insurance needs. The key factors for purchasing cyber insurance include:
- The business holds sensitive customer data such as names, addresses and/or banking information
- The business relies on IT systems and websites to operate
What does cyber insurance cover?
Cyber insurance covers damage or loss of information from IT systems and networks. Policies can include assistance with and help to manage the incident itself, which can be costly and essential when it comes to regulatory enforcement or reputational damage. Cyber risks tend to fall into first party and third party risks. Insurance products cover either or both of these types of risks.
According to the Association of British Insurers, cyber insurance can be broken down into the following two categories.
First-party insurance covers your business assets. This can include:
- Loss or damage to digital assets such as data or software programmes
- Business interruption from network downtime
- Cyber exhortation where third parties threaten to damage or release data if money is not paid to them
- Customer notification expenses when there is a legal or regulatory requirement to notify them of a security or privacy breach
- Reputational damage arising from a breach of data that results in loss of intellectual property or customers
- Theft of money or digital assets through theft of equipment or electronic theft
Third-party insurance covers the assets of others, typically customers. This may include:
- Security and privacy breaches, and the investigation, defence costs and civil damages associated with them
- Multimedia liability, to cover investigation, defence costs and civil damages arising from defamation, breach of privacy or negligence in publication in electronic or print media
- Loss of third-party data, including payment of compensation to customers for denial of access, and failure of software or systems
Purchasing cyber insurance
Businesses can buy cyber insurance directly from an insurer or via a broker. Approved brokers specialising in cyber insurance can be found through the British Insurance Brokers’ Association (BIBA). There are different types of policies available, those for large organisations to SMEs with cover limits between £100k and £5 million. Firms facing more complex cyber risks are eligible for bespoke policies which provide cover of £5 million plus.
Managing cyber risks
As well as securing cyber insurance, it is important for all businesses to manage their own cyber risks. This includes:
- Evaluating first and third party risks associated with the IT systems and networks in your business as a part of the vendor risk management practices
- Assessing the potential events that could cause first or third party risks to materialise
- Analysing the controls that are currently in place and whether they need further improvement
In 2014, the British government launched Cyber Essentials – which provides basic cyber security hygiene standards to help organisations protect themselves against cyberattacks. Cyber Essentials accreditation is a good first step in becoming cyber resilient. Following that, retaining the services of IT security managers and/or cybersecurity firms is the next and most important part of protecting your business from attack.
RiskXchange and cyber insurance
RiskXchange is one of the top IT firms globally delivering solutions to cybercrime and data breaches. In order for insurance companies to accurately underwrite their cyber risk policies, security ratings are essential for helping them come up with their pricing strategies and to reduce risk in their portfolios.
RiskXchange’s security ratings are a valuable and objective indicator of an organisation’s cybersecurity performance. The better your security rating, the less your insurance premiums will cost and the better protected your business will become.
Get in touch with RiskXchange to find out more about cyber insurance.