Cyber insurance covers the losses relating to damage to, or loss of information from, IT systems and networks.
As a business of any size, it is likely you will rely on information technology (IT) infrastructure to some degree. If so, you will be exposed to the risks of business interruption, income loss, damage management and repair, and possibly reputational damage if IT equipment or systems fail or are interrupted.
A UK Government survey estimated that in 2014 81% of large corporations and 60% of small businesses suffered a cyber breach. The average cost of a cyber-security breach is £600k-£1.15m for large businesses and £65k-115k for SMEs.
While existing insurance policies such as commercial property, business interruption or professional indemnity insurance, may provide some elements of cover against cyber risks, businesses are increasingly buying specialised cyber insurance policies to supplement their existing insurance arrangements, particularly if they:
Cyber insurance covers the losses relating to damage to, or loss of information from, IT systems and networks. Policies generally include significant assistance with and management of the incident itself, which can be essential when faced with reputational damage or regulatory enforcement.
Generally cyber risks fall into first party and third party risks. Insurance products exist to cover either or both of these types of risk.
First-party insurance covers your business’s own assets. This may include:
Third-party insurance covers the assets of others, typically your customers. This may include:
Policies are generally available for SMEs with cover limits between £100k and £5 million, although significantly higher amounts of cover are available for firms facing more complex cyber risks.
As well as putting adequate insurance in place, it is important for you to manage your own cyber risks as a business. This includes:
In 2014 the Government launched Cyber Essentials – a basic cyber security hygiene standard to help organisations protect themselves against common cyber attacks. Considering Cyber Essentials accreditation is a good first step in becoming cyber resilient.
If you suffer a cyber breach, having cyber insurance can make the recovery process as straightforward and rapid as possible (however it is still likely to take a number of days or weeks depending on the severity of the incident). Many insurers include technical assistance with managing a breach as part of the insurance policy – if so, get in touch with them as soon as possible after the breach is discovered.
The UK Government views cyber attacks as a highest level risk to national security, alongside terrorism threats. As such it has introduced a number of changes to help prevent cyber attacks, including:
In February 2013, the European Commission published a Cybersecurity strategy and a proposed Network and Information Security (NIS) Directive on cyber security. The Directive will require businesses to report cyber security breaches to a national authority.
For a Cyber Liability quotation call a member of our commercial insurance team on Tel: 01427 838000