Cyber Liability Insurance

Cyber insurance covers the losses relating to damage to, or loss of information from, IT systems and networks.

Do I need it?

As a business of any size, it is likely you will rely on information technology (IT) infrastructure to some degree. If so, you will be exposed to the risks of business interruption, income loss, damage management and repair, and possibly reputational damage if IT equipment or systems fail or are interrupted.

A UK Government survey estimated that in 2014 81% of large corporations and 60% of small businesses suffered a cyber breach. The average cost of a cyber-security breach is £600k-£1.15m for large businesses and £65k-115k for SMEs.

While existing insurance policies such as commercial property, business interruption or professional indemnity insurance, may provide some elements of cover against cyber risks, businesses are increasingly buying specialised cyber insurance policies to supplement their existing insurance arrangements, particularly if they:

  • Hold sensitive customer details such as names and addresses or banking information
  • Rely heavily on IT systems and websites to conduct their business
  • Process payment card information as a matter of course

What does it cover?

Cyber insurance covers the losses relating to damage to, or loss of information from, IT systems and networks. Policies generally include significant assistance with and management of the incident itself, which can be essential when faced with reputational damage or regulatory enforcement.

Generally cyber risks fall into first party and third party risks. Insurance products exist to cover either or both of these types of risk.

First-party insurance covers your business’s own assets. This may include:

  • Loss or damage to digital assets such as data or software programmes
  • Business interruption from network downtime
  • Cyber exhortation where third parties threaten to damage or release data if money is not paid to them
  • Customer notification expenses when there is a legal or regulatory requirement to notify them of a security or privacy breach
  • Reputational damage arising from a breach of data that results in loss of intellectual property or customers
  • Theft of money or digital assets through theft of equipment or electronic theft

Third-party insurance covers the assets of others, typically your customers. This may include:

  • Security and privacy breaches, and the investigation, defence costs and civil damages associated with them
  • Multi-media liability, to cover investigation, defence costs and civil damages arising from defamation, breach of privacy or negligence in publication in electronic or print media
  • Loss of third party data, including payment of compensation to customers for denial of access, and failure of software or systems

Buying cyber insurance

Policies are generally available for SMEs with cover limits between £100k and £5 million, although significantly higher amounts of cover are available for firms facing more complex cyber risks.

Managing Cyber risks

As well as putting adequate insurance in place, it is important for you to manage your own cyber risks as a business. This includes:

  • Evaluating first and third party risks associated with the IT systems and networks in your business
  • Assessing the potential events that could cause first or third party risks to materialise
  • Analysing the controls that are currently in place and whether they need further improvement

In 2014 the Government launched Cyber Essentials – a basic cyber security hygiene standard to help organisations protect themselves against common cyber attacks. Considering Cyber Essentials accreditation is a good first step in becoming cyber resilient.

If you suffer a cyber breach, having cyber insurance can make the recovery process as straightforward and rapid as possible (however it is still likely to take a number of days or weeks depending on the severity of the incident). Many insurers include technical assistance with managing a breach as part of the insurance policy – if so, get in touch with them as soon as possible after the breach is discovered.

UK and European action to tackle cyber risks

The UK Government views cyber attacks as a highest level risk to national security, alongside terrorism threats. As such it has introduced a number of changes to help prevent cyber attacks, including:

  • Cyber Essentials – a basic cyber security hygiene standard to help organisations protect themselves against common cyber attacks
  • A National Cyber Crime Unit within the National Crime Agency
  • A ‘Cyber Information Sharing Partnership’ to allow Government and industry to exchange information on cyber threats
  • A single reporting system for people to report financially motivated cyber crime through Action Fraud, a UK National Computer Emergency Response Team (CERT) to improve national co-ordination of cyber incidents
  • A new Cyber Incident Response scheme in GCHQ to help organisations recover from a cyber security attack
  • A network of Centres of Excellence for Cyber Security Research within UK universities in 2013, to help provide reliable and up to date research and academic prowess

In February 2013, the European Commission published a Cybersecurity strategy and a proposed Network and Information Security (NIS) Directive on cyber security. The Directive will require businesses to report cyber security breaches to a national authority.

Cyber Risk & Liability Insurance

The ability to communicate and make transactions online has revolutionised the way that we do business, but with new opportunities come new risks. Today digital technology is built into every aspect of commercial life from keeping in-touch with customers to storing information electronically and generating new business. As a result Cyber Risk Insurance has fast becoming a business essential.

Recent government figures put the county's annual online turnover at £82 billion and British businesses now earn one in every five pounds online. As society reaps the benefits of becoming increasingly connected we also become increasingly exposed to the risks of cyber crime.

Last year over 80% of large corporations and 60% of small businesses reported breaches in their cyber security. The financial fallout was considerable with the worst breaches costing small businesses an average of £65,000 - £115,000. For larger corporations the damage ran into the millions and unfortunately the costs are rising year-on-year.

Cyber security is a growing concern for businesses, and while there are plenty of steps you can take to improve your online security, determined criminals will always be able to find a way in. Cyber Risk Insurance may not stop the worst from happening, but it will provide you with a financial safety net.

Cyber Risk Insurance is designed to cover losses made by you, or the cost of claims made against you, as a consequence of using email or the internet. Because each policy is made to measure it means that benefits vary, but typically cover:

  • Financial compensation in cases of fraud and identity theft
  • Hardware problems and loss of digital assets
  • Third party liability concerns including data protection
  • Intellectual property and copyright issues
  • Compensation for damage to your business' reputation
  • Lost income if your computer systems are compromised

We have access to a panel of specialist insurers and with more than 45 years' experience you know that you're dealing with a broker you can really trust. To find out more call a member of our commercial insurance team on Tel: 01427 838000

Let's arrange your cover today, call us on:
01427 838000 or book a call back

Twitter   Facebook   LinkedIn