What is Cyber Insurance?
Cyber Insurance is insurance cover that provides individuals or businesses a range of remedies and assistance against the risks associated with cyber-attacks. This type of cover isn’t trade specific, and the business taking out cyber insurance will most likely require the cover to safeguard the storing, transaction or accessing of data, through examples such as offices, stores with EPOS or wholesalers to name a few.
Many companies identify as “offline” and assume they don’t need cyber protection. However, virtually all UK businesses (98%) and charities (93%) represented in a government survey rely on some form of digital communication or services, such as staff email addresses, websites, online banking and the ability for customers to shop online. 52% of businesses assume their business insurance covers cybercrime, but most policies don’t. In most cases cyber cover often needs to be taken out as an additional policy.
“Cyber insurance products for small businesses generally tend to reimburse the policyholder for the costs of retrieving or repairing data, software and hardware following a cyber-attack, compensation in the event that customers’ data privacy is breached and support in areas such as forensic investigation, as well as legal and compliance-related advice such as fulfilling regulatory responsibilities and repairing reputational damage”.
MoneySuperMarket’s business insurance partner
It’s almost impossible these days to find a business that doesn’t use email or some form of digitized communication. In fact according to government data, 92% of businesses surveyed currently use an email system, parallel to this, 75% of businesses who identified a cyber-attack did so via fraudulent email.
The Threats of Cybercrime
Cybercriminals can range from experienced hackers to malicious employees, and have a range of motives. It could be to obtain confidential information or even be out of spite.
Over four in ten businesses surveyed (43%) experienced a cyber-security breach or attack in the last 12 months and this rises to seven in ten (72%) among large businesses. Medium and large businesses are most likely to have experienced breaches, as are businesses in the information or communications and finance or insurance sectors.
“Businesses should ensure that the costs of the interruption of their business activities caused by cybercrime are covered, and that their policy includes practical support in the aftermath of this event. At a minimum, a business should ensure they have strong anti-virus protection that’s regularly updated, and that they are regularly updating their data to help prevent and protect against cybercrime”.
MoneySuperMarket’s business insurance partner
Businesses that hold customers’ personal data are more likely to have experienced being breached (47%) and of those who identified a breach or an attack, the most common form of cyber-attack, is staff receiving fraudulent emails (72%) Followed by viruses and malware (33%), people impersonating the organisation online (27%) and ransomware (17%). This being said, under three in ten businesses have a formal cyber-security policy.
It’s shocking to think 72% of large firms experienced a cyber-attack or data breach in the last 12 months, according to a government survey.
Breaches were often linked to human factors, highlighting the importance of staff awareness and vigilance. However, few businesses currently provide staff with cyber-security training (20%) or have formal policies in this area (33%).
One in ten businesses (10%) and two in ten charities (22%) report cyber skills gaps.
The Cyber Security Breaches Survey
Technical controls also play an important part, with nine in ten businesses regularly updating their software and malware protections, configuring firewalls or securely backing up their data, but only 69% require password guidelines to access work accounts. Breaches are often identified in organisations that hold personal data, where staff bring their own devices and use them for work purposes or companies that use cloud computing.
Just under half of businesses say someone in their organisation regularly uses a personal device for business regardless of business size. This makes cyber-security more difficult to manage, due to less technical control when imposing security systems on personal devices.
Cloud computing highlights another risk for businesses. According to government data, six in ten currently use cloud computing, and medium businesses are most likely to use a cloud system. Business sectors most likely to use these externally-hosted web services, include:
The Threats of Cybercrime
Just like the different threats, the impact of cybercrime can vary dramatically depending on the type of business. For example, a small to medium sized company may not experience a detrimental impact on their brand or PR if a cyber-breach was made public, whereas the same type of attack could cause a more well-known brand a lot of damage and as a result, a loss of revenue.
IT system failures could cause some companies to shut down temporarily, again impacting their business financially.
Instances like this highlight why it’s important to ensure your business is covered, as cyber-attacks can compromise a variety of businesses in various ways. The image below highlights some of the damaging results that could occur following a cyber-attack.
These impacts most commonly included:
As mentioned previously, the aftermath of a cyber-attack can be damaging to a business, and 36% of businesses surveyed required new measures to prevent future attacks.
It’s not just business resource or time that can be impacted by a cyber-attack, but most likely a financial impact, too. Typically the cost of a cyber-breach for medium businesses is around £16,100. When a large business is impacted this cost jumps to an average of £22,300.
Aside of the notable aftermath of a cyber-attack, the attack itself can generate a number of problems for a business. Below we’ve highlighted how attack can cause live, detrimental damage, with 22% resulting in a temporary loss of files or networks.
The Risk of Cybercrime
Despite many organisations stating that cyber-security is a high priority, just three in ten businesses (30%) surveyed by the government have board members or trustees with responsibility for cyber-security, and 20% of businesses never update their senior management on cyber-security issues.
60% of companies who have been victims of a cyber-attack are out of business within six months, according to Make It Cheaper, again showing the importance of ensuring your business is covered as the impact can cause your business to close down.
On average, small to medium enterprises will fall victim to four cybercrimes every two year cycle.
The True Cost of Cybercrime
Traditional business insurance is an obvious essential to protect businesses against occurrences such as a water leak or accidental damage.
The below shows the average volume of traditional claims made through our business insurance provider, with accidental damage and theft being the most common claims within the traditional insurance sector.
Businesses often see insurance as a necessity and often set out to cover themselves for instances such as fire, however when looking at our business insurance provider data we only see an average of 3 claims per quarter over a three year period.
When we compare this to an average of 57,526 cyber-attacks identified on businesses per quarter, the risk of cyber-attack is seemingly much higher than those of traditional claims, yet many businesses still don’t view this product as a necessity that they need alongside their general business insurance policy.
With this in mind, cyber-attacks are more common than alternative risks (such as accidental damage, water leaks, etc.), yet some businesses aren’t covered should a cyber-attack happen. Equally, business owners aren’t always aware that their insurance policy doesn’t cover cyber-attacks.
The below shows how 68,212 attacks were carried out via attacking business VPNs and other applications, in just one quarter.
With cybercrime threats appearing to be on the rise, companies are gradually investing more into cyber-security to protect their business. Leading the way, it appears the finance and insurance industry are spending the most to try and prevent cyber-attacks, with £17,900 spent in the last financial year, closely followed by the information and communications industry. The entertainment, services and food industries seem to be investing the least. This is followed by construction and hospitality.
Some organisations continue to see themselves as offline, or too small to be at risk (although this line of thought has declined since the 2017 government survey). This is despite having potential risk factors, such as their use of personal devices for work purposes or the usage of Cloud systems. Parallel to this, it’s concerning that small businesses could be easier to target due to the lack of safety precautions in place.
Whether you’re a smart start-up or a thriving global business, being vigilant to a cyber-attack is essential in this growing digital age. Be sure to compare products to ensure you get the right business insurance policy as well as the right cyber cover to suit your company’s needs.
Looking for Business Insurance?
We've teamed up with Simply Business to help you compare cover
- Government Cyber Security breaches survey 2018.
- MoneySuperMarket’s business Insurance provider data 2016 - 2018.
- Make it Cheaper – Cyber Insurance provider – 2018 study.
- Beaming – cyber-attack study - July 2018.
Find this helpful? You can share this article