If you’re reading this, there’s a good chance cyber security is already on your radar. That’s a good place to have it, because cybercrime is relentlessly on the up.
Data breaches, phishing scams and ransomware attacks fill the digital headlines. All of which begs the question: How do you protect your business from hackers and their devious, money-grabbing, data-stealing ways?
And now for the bad news…
The harsh reality is that you can only do so much. Because hackers are usually one step ahead of the game, meaning all the tech and security protocols in the world won’t keep you safe. Plus, human error has a horrible habit of letting the hackers in.
What you can do, however, is to be ready for when cybercriminals strike. And that means having a plan. A clear idea of how to react means you minimise the damage a cyber-attack can wreak and give yourself the best chance of recovering quickly.
If you’re an IT expert who can stop an attack, get your systems back up and running, maybe negotiate a ransom and conjure money out of thin air to cover your losses while you can’t do business, then all well and good.
If not, that’s where cyber insurance comes in. It helps you through a cyber crisis in practical terms, as well as picking up costs and offering solid back up. It’s your very own magical IT expert with added benefits.
But where to start in picking a policy? And what does cyber insurance actually do? We’ll look at the answer to these and other questions next.
Who needs cyber liability insurance?
Pretty much everyone, these days, but even more so if:
- You have a website
- Your business relies on being online
- You hold personal info on your customers or clients in digital form, like their names and addresses
- You digitally store your customers’ or clients’ payment details.
The reality is that a cyber-attack can shut down your systems and website in an instant. It’ll mean you can’t do business, which in turn means you won’t be generating any revenue. Plus, you risk shedding customers and clients by failing to provide the service you promised.
Those people’s noses are going to be put even more out of joint if there’s a data breach involved. That’s because sensitive info can be sold on the dark web and used for identity theft. Worse still, there’s a chance of financial fraud if payment details are exposed.
Pretty serious consequences, then.
So, ask yourself: how well and for how long could your business function without access to servers, email, your website and other online processes. How long before you start losing customers? Not very long at all, probably. So maybe a good reason to think about that back-up plan.
Why do I need cyber liability insurance?
Well, the stats speak for themselves. An October 2018 survey by insurer Hiscox found that nearly a third of small businesses (over 30%) had suffered a cyber breach in the previous year.
That’s a clue that hackers don’t care too much about size. Sure, if they get the chance to bag a load of data from a big operator, then bingo. But they’re also happy to pick up smaller data caches and encryption ransoms on a daily basis from the littler guys.
Guys like you, perhaps, with more easily breached systems. Because hacks = hard cash for cybercriminals. And pretty soon, all those smaller hacks add up to a much bigger pot very much worth their while going after.
Meantime, it’s businesses that end up on the losing side. Another of Hiscox’ findings is that cyber security incidents cost the average small business £25,700 last year in basic clear up costs alone (e.g. ransoms paid and hardware replaced).
And that’s without even taking into account indirect costs, like the damage done to reputations, and the potential loss of both existing and future customers.
So, an expensive affair all round then. And, considering how frequently cyber-attacks are hitting their mark, a real cause for concern.
What is cyber liability insurance?
In a nutshell, it’s insurance that cushions your business from the costly consequences of a cyber-attack. It can’t prevent your business from being hit in the first place, but it can help clear up the mess, and get your business back up and running again quickly.
Large corporations with massive budgets and particular needs will usually have bespoke cover, to cater for every eventuality. But small and medium-sized businesses can easily find the cover they need in an off-the-shelf policy – the advantage being that they’re quick and easy to buy.
Be aware though that not all policies are born equal, so always check that cyber insurance covers these basics:
Forensic help with identifying a breach, plugging the security gap, and repairing any damage to both software and hardware. This includes restoring data, networks and websites, and replacing or mending equipment.
If your files have been encrypted and a hacker is demanding a pile of bitcoins to unlock them, an expert negotiator to handle the situation. The ransom should also be covered.
If you’ve had personal data stolen, help in letting everyone affected know, and support with informing the regulator and managing any resulting investigation. You should also be covered for credit card monitoring plus legal costs and compensation if you’re sued by third parties.
If a cyber-attack stops you trading as normal, compensation for any drop in revenue you suffer as a result.
Other things to look out for
Choosing cyber liability insurance isn’t as straightforward as buying something that comes in standard format, like a 13-amp fuse. That’s because there are key differences between the various policies. And that means it’s important to look out for exactly what is and isn’t covered.
Here’s some things that might or might not be included:
Say a fraudster targets an employee with a bogus invoice. It looks just like one you pay regularly, but the employee doesn’t notice a few crucial bank details are different and makes the transfer anyway. The money disappears. Some insurers require what’s known as an ‘extension’ to the core policy to cover ‘social engineering’ cybercrimes like these.
Good policies will offer PR support and advice to help you through the crisis period and help preserve your good name.
Cover can include protection for if you accidentally infringe someone else’s copyright, say by digitally publishing a picture without getting the proper permission from the licence holder.
If, say, you store customers’ personal data in the cloud, and that data’s stolen because of a failure on the part of the service provider, you’re not usually covered. That’s because the loss is someone else’s fault.
And here are a couple of other things to check:
Some insurers require you to meet certain criteria in terms of tech security, data encryption and staff cyber awareness for a policy to be valid. Otherwise, a claim may not be paid. Equally, some will offer reduced premiums if certain standards are met.
Most cyber liability policies cover the UK and EU. If you work outside those limits, you’ll need to enquire about extending your cover.
How much does cyber liability insurance cost?
That’s the $64 thousand question. Although, thankfully, not the answer.
Cyber liability insurance can cost as much or as little as you like, depending on what you do, the type of policy you choose and what level of cover you require – much like any other type of insurance. Also, whether you want your cover to include things like financial crime.
But if you’re a sole trader with a basic turnover, cyber liability insurance can cost as little as around £8 a month. That’s a whole lot less than the £25,700 Hiscox reckons it costs the average small business to get back to normal after a cyber-attack.
How do I buy cyber liability insurance?
By shopping around, as you would for anything else – using Google as your starting point. Have a look at what the various insurers have to offer – what their policies cover, how much they cost, any conditions and, of course, their user satisfaction stats. And always remember that the devil is in the detail.
Better still, go to a broker who knows the ins and outs of cyber liability insurance. They’ll do all the legwork for you and find you a policy that’s exactly the right fit for your business.
This guide has been exclusively written for ByteStart by Sarah Adams, cyber liability insurance expert at policybee.co.uk, independent online insurance brokers. PolicyBee specialises in helping small businesses get the professional insurance they need quickly and easily, without the jargon and without the fuss.