Insurance is not what it used to be. In fact, the digital age has seen entirely new kinds of cover emerging to protect companies and individuals against incidents that don't necessarily occur in the physical realm. If you think that has spiritual or religious connotations, think again. We're talking about cybercrime.
In this article, we'll be sharing key facts about why all businesses – large or small – are vulnerable to cyber risks, and how Cyber Insurance can help your Small-to-Medium Enterprise (SME) mitigate them.
SMEs are more at risk of cyber breaches than ever before, and these attacks can have devastating effects on the income of a business’s owners and employees. Ultimately, choosing the right Cyber Insurance package for your SME could save your business.
If you think cyber crime is not something you need to worry about, you may be surprised by some of the facts presented here. This article is an unbiased, factually based summary of what cyber risks are and why a Cyber Insurance policy can protect your business.
The question is, with cybercrime more common, and more insidious than ever, can you really afford to keep going without the right kind of cover? The facts that follow may help you find the answers you need.
Table of contents
- 9 Types of Cyber Risks for UK SME's
- What is Cyber Insurance?
- When do you need Cyber Insurance?
- How does Cyber Insurance Work?
- What does Cyber Insurance cost?
- The numbers don't lie
- Educate yourself
- Who provides Cyber Insurance? Where can I find out more?
- Feel like you're ready to start looking?
9 Types of cyber risks for UK SMEs
So, what does Cyber Insurance cover? And what are your specific cyber risks?
One of the most famous data breaches of all time was the Equifax incident. Equifax is one of the largest consumer credit reporting agencies in the US. When hackers gained access to company data, it was reported that 143 million Americans had important information like Social Security numbers and driver’s license numbers stolen. These breaches, among other things, lead to large-scale identity theft. Equifax had their hands full mitigating a public relations disaster, as well as millions of dollars worth of lawsuits.
This attack was one of the biggest in history. But even if you aren’t a billion-dollar company, your information could easily become compromised. Here are nine of the most common risks.
What is Cyber Insurance?
In a nutshell, Cyber Insurance exists so that companies can avoid incurring large financial losses through digitally-related contingencies. For example, when new GDPR regulations came into effect, many SMEs weren’t equipped to deal with the penalties they were expected to pay for non-compliance. This article on smallbusiness.co.uk cites that in 2016, an unnamed UK SME paid an £84,300 fine for unlicensed design software. If you have a few employees working online, mistakes can happen.
The vast majority of companies store all their precious data online. Gone are the days of sifting through filing cabinets. Now, all that much-needed information is available at the touch of a button. But for all the convenience digital tools offer an organisation, your company's most sensitive information may be vulnerable.
Cyber-crime is a reality. And criminal groups find new ways of stealing valuable documents and data every day. SMEs are particularly vulnerable, because they can't generally afford the security measures that large corporations have in place. And loss of information, litigation costs and loss of income are all factors that can end up destroying these companies. When confidential client/customer information is leaked as a result of a data breach, the client stands to lose essential proprietary information – like bank account details, credit card information or even embarrassing personal data. These losses could lead to your company being sued by the client for damages.
Selected Cyber Security Insurance policies cover the expenses you incur in the event of digital breaches or attacks. Some of these are costs that we don't even think about most of the time. They include legal fees, loss of income, public relations and repairs. In case you were wondering what the legal fees aspect is about, such fees may be run into when you need to cover your company for third-party claims against you. And this can happen after a security breach has occurred. Keep this in mind, and always think about what policy will work for you and your business.
When do you need Cyber Insurance?
Cyber Liability Insurance for UK SMEs is becoming as important as all the other policies you have in place to protect your company. A dedicated Cyber Security Policy for you SME is necessary if:
- You have an online presence – website or social media.
- You store your employee, customer and supplier information online (names, addresses, banking information and contact details).
- You download anything via email.
- You accept electronic payments.
Most commonly, online sellers, solicitors, accountants, doctors and anyone else who deals with sensitive information, are at very high risk if a data breach occurs.
How does Cyber Insurance Work?
Cyber Insurance is largely divided into two areas: first-party coverage and third-party coverage.
First-party coverage is insurance that pays out against the immediate damage done to your business. This includes loss of data, software or system damage, loss of income and interruptions to business operations.
Third-party coverage is for the aftermath or effects of first-party damage. If a customer takes legal action because their information was compromised, for example, third-party insurance will cover your business’s legal costs. Third-party cover also covers against costs incurred during reputation management and regulatory violations (within certain parameters).
If you find that you have been a victim of cyber crime, even before you lodge your claim, security is paramount. Take as many practical measures as you can to secure your data, such as cancelling credit cards and reporting the incident to your financial institution (in the case of online credit card fraud), changing your passwords for the compromised accounts and backing up your information to an external source.
When lodging your claim, you would generally call your insurance provider and speak directly to a claims consultant or log your claim online if your provider offers this service.
What does Cyber Insurance cost?
The question that's almost certainly on your lips by now…
As with any insurance policy, costs vary depending on your chosen cover. The size of your business, your turnover and your cash flow are also obvious considerations. Nonetheless, Cyber Insurance needn't break the bank.
A company that turns over less than less than £500 000 can get basic cover from under £200 a month – but there are likely to be notable exclusions in what it offered. There are even more basic plans you'll often find advertised that cost £10 or even less per month. But it's important to investigate exactly what these policies cover and what is lacking.
According to the Ninth Annual Cost of Cybercrime Study conducted by Accenture and Ponemon Institute in 2019, the average cost of cyber crime boomed to an astonishing $13 million (roughly £9.9 million) per organisation in 2018.
When you look deeper into this statistic, it's important to note the kind of cyber-crime and data breaches that are most prevalent, and make sure your Cyber Insurance is equipped to handle them.
According to Norton.com, the most common cyber-crimes are malware, debit or credit card fraud, data breaches, compromised passwords and unauthorised email and social media access.
With each of those examples, the best question to ask is, "Could this happen to my company?” the next is, “if it did, what would the cost be?"
Make sure you have answered these questions before you choose a Cyber Insurance policy, because the cover you need may cost slightly more in the short-term but could potentially save you a fortune in the long-term.
The numbers don't lie
According to smallbiztrends.com, a whopping 43-percent of cyber-attacks are on small businesses. And of these businesses, 60-percent close their doors within six-months of the attack.
The same article states that 55-percent of small businesses surveyed said that their companies had already experienced cyber-attacks. But even so, only 14-percent of companies are confident in their ability to mitigate attacks.
2017's Cyber Security Breaches Survey was conducted among 1500 companies – most of which were SMEs. The study found that these companies are steadily becoming more vulnerable to cyber attacks because of the risks associated with cloud storage platforms and electronic data storage.
The survey states:
"Just under half (46%) of all businesses identified at least one breach or attack in the last year. The most common types of breaches related to staff receiving fraudulent emails (72% of those who identified a breach or attack), followed by viruses and malware (33%), people impersonating the organisation online (27%) and ransomware (17%)."
Despite this, the survey also states that only 33% of UK companies have formal policies that cover cyber security risks.
Cyber insecurity may happen in the cloud, but it has tangible consequences in the real world. When there's a cyber-attack in your neighbourhood, it can be just as bad as – if not worse than – a physical break-in.
As a business owner, the onus is on you to protect yourself and your employees – firstly, with the best possible data protection measures you are able to afford, and secondly, with cover that will help if those measures fail.
Change begins from within. Start by ensuring that your IT support staff – even if the IT support team consists of you alone – are regularly educated on new threats and emerging IT technology. This will equip them (or you) with the ability to nip most threats in the bud, stopping them before they become a serious problem.
There are other basic habits that can help protect you against cyber-attacks, too. For example, as convenient as it is to use just one password for every account you have, it’s advisable to vary your passwords from platform to platform. That way, if one of your accounts is compromised, it’s unlikely to happen to the rest of them. It’s also a good idea not to use your work email when you don’t have to (to sign up to websites, etc). Rather use a personal address so that proprietary information can’t be stolen via your work email server.
Email encryption also saves many businesses from cyber-crime. Encrypting your emails means that the mail your company sends can only be read by their intended recipients. This practice will often require authentication from mail recipients.
There are many online IT courses available – both free and paid – from sites like coursera.com, cybrary.it and mimecast.com. Up-to-date IT practices mean better firewalls and internet security. While it's important to have Cyber Insurance in place, it's equally as important to try and stop attacks from happening.
Your antivirus software is a key component in protecting your company against attack. The right antivirus programme will pick up a cyber threat before it even gets to you. Make sure you do some research online before signing up for an antivirus programme. Here's some recommended reading:
Who provides Cyber Insurance? Where can I find out more?
Cyber Insurance is still relatively new to the market. And surprisingly few SMEs have signed up for it. There is no doubt that this is changing rapidly, however, as SMEs begin to realise that Cyber Insurance saves businesses from closing their doors. The fact that the Cyber Insurance economy is still emerging, however, can make it hard to find a company that offers the services you need at competitive rates.
That's where Cyberinsurance.co.uk comes in. We provide an unbiased centre of knowledge for SME owners in the UK, so that they are able to make informed decisions on which financial product provider to choose.
The first things most business owners ask when they're trying to find the right insurer are, "Which provider best suits my business?" and, "Which package would work for my company?". Cyberinsurance.co.uk can answer those questions for you by showing you all the best insurance providers available and allowing you to compare their benefits, side-by-side. You can then decide for yourself. Here are just a few of the Cyber Insurance providers in the UK. For a comprehensive list and cyber insurance comparison, visit Cyberinsurance.co.uk:
Hiscox offers comprehensive cyber insurance packages of varying sizes (depending on the scope and scale of the business). They cover business interruption, ransomware and a variety of other cyber risks.
AIG offers “modular” cover that allows clients to choose the risks they would like to insure against. They cover a comprehensive list of cyber risks such as ransomware, business interruption, system damage and more.
Aviva offers comprehensive packaged cover and policyholder support in partnership with American-based consultants CYENCE. They cover a full cross-section of cyber risks.
- CFC Underwriting
CFC provides comprehensive cyber risk cover for both SMEs and large corporations. Packages are generally developed with the company’s specific needs in mind.
NIG covers a range of cyber risks for businesses of varying sizes. Cover includes protection against most common cyber risks.
Ascent provides cyber contingency and risk cover for businesses of all sizes. Cover is determined based on an assessment of the client’s individual needs.
Cyberinsurance.co.uk is the first UK SME-dedicated comparison site with up-to-date data on a variety of dedicated financial products, including Cyber Insurance, Bridging Loans, Household Cover and more. And the information we provide is completely impartial. So you have absolutely nothing to lose, and all your business’s data to save!
Feel like you're ready to start looking?
We hope this article has made it a bit clearer for you what Cyber Insurance is all about. Now that you have a clear idea what the risks are, you can make sure you're making the most informed decision possible when you choose your Cyber Insurance package and service provider.
Browse our website for more informative articles that demystify financial products, and could help you make decisions that will be right for you and your business in the long-term.