With up to 88% of UK companies suffering security breaches in the last year, the requirement for businesses to cover themselves with separate cyber insurance has become more prevalent.
Cyber insurance, also referred to as cyber liability insurance or cybersecurity insurance, provides coverage that safeguards businesses against risks and expenses associated with cyber attacks and data breaches.
In our current digitally-driven world, where businesses heavily depend on technology for their operations, the concern of cyber attacks has escalated significantly. Rest assured, cyber insurance offers the expertise and assistance needed to protect your business from these threats and will cover the cost of cyber events should they impact your business.
Cyber attacks can occur in various forms, such as hacking, phishing scams, and malware. The consequences can range from data theft and financial loss, to reputational damage and legal repercussions. It's important to note that these attacks can target not only large corporations but also small businesses and startups. To protect against such threats from cyber criminals, it is crucial to enhance cybersecurity measures and stay vigilant.
Based on the 2019 Data Breach Investigations Report by Verizon, small businesses are targeted in 43% of all cyber attacks. Cyber insurance plays a critical role in safeguarding businesses. It provides financial protection and support, to those who are covered, if they fall victim of cyber attacks.
However, what distinguishes cyber insurance from other types of insurance is the additional benefit of risk management resources. Insurers often offer clients valuable tools and resources to proactively address and mitigate cyber attack risks.
These resources can encompass employee training programs to enhance threat identification and avoidance, periodic vulnerability assessments to identify security system weaknesses, and access to expert assistance for crisis management and recovery in the event of an attack.
Is cyber insurance a necessity?
In the digital era, businesses, regardless of size, face the risk of cyber attacks. A single breach can result in severe consequences such as financial losses, reputation damage, and potential legal actions.
Therefore, it is crucial for companies to consider cyber insurance as an integral part of their risk management strategy. This investment can provide clarity, expertise, and helpfulness in safeguarding against potential threats.
What exactly does cyber insurance cover?
In most cases, ordinary business insurance will not cover your organisation for a cyber security breach beyond some very basic cover, normally up to £25,000 for simple cases of data breach, emergency response, business interruption costs and GDPR support.
For larger organisations, a basic level of cover is just not adequate enough, as companies look to be covered for data and privacy liabilities, cyber crime losses, human error, and computer systems and phone systems hacking.
In addition to those examples listed, more comprehensive cyber insurance will provide coverage for first-party expenses such as forensic investigations to identify the cause and extent of a breach, legal fees for defending against lawsuits arising from data breaches or privacy violations, costs of notifying affected individuals about the compromise of their personal information, provision of credit monitoring services to impacted customers, and even efforts in public relations to manage situations effectively.
What does Cyber insurance cost?
The cost of cyber security insurance premiums varies significantly across businesses, depending on factors like company size, industry that the business operates, security measures, and historical claims.
It is of utmost importance for businesses to thoroughly evaluate their unique requirements and potential risks. This evaluation enables them to determine the appropriate level of coverage and associated costs for cyber insurance premiums.
Weighing the potential impact and expenses in the event of a cyber crime incident against the costs of cyber insurance coverage is a crucial consideration.
Who is liable in the case of a cyber security breach?
Under Article 5(1)(f) of the GDPR,
Personal data must be: “processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’)”
Claims for Compensation
“Any person who has suffered material or non-material damage as a result of an infringement of this Regulation shall have the right to receive compensation from the controller or processor for the damage suffered” (Art. 82, GDPR)
“In Article 82 of the GDPR (right to compensation for material or non-material damage), ‘non-material damage’ includes distress.” (s. 168(1) of the DPA 2018)
If you or your organisation processes personal data and unfortunately becomes a victim of a cyber security breach, you may potentially be held liable to pay compensation. This is especially true if the Information Commissioner's Office (ICO), the regulatory authority for data protection, determines that you have failed to take the necessary steps to protect the data in the long term.
It is crucial to prioritise data security measures to safeguard against such risks and ensure compliance with data protection regulations.
Minimum requirements for cover
For organisations to achieve cover for cyber insurance they will be expected to meet minimum security requirements that will need to be complied with in advance of cover being provided.
These will include;
- Regular back ups to ‘cold’ or ‘offline’ locations unaffected by an issue with your live environment
- Multi-Factor-Authentication for cloud-based services and remote access to your network
- Restrictions to your environment without a virtual private network (VPN)
- Regular (at least annually) cyber security and anti-phishing awareness training to all personnel with access to your network
In addition, retention of cover under policies may be revoked if these standards are not met during the term of the cover i.e;
- Regular critical patches and updates applied as soon as is reasonably possible
- Non-use of unsupported or end of life software
- Incoming emails are always scanned for malicious attachments and/or links
- Anti-virus, anti-malware and endpoint protection software is installed and applied to all devices
Failure to meet these requirements is likely to lead to a loss of cover.
Costs of a security breach
In the notable cases of British Airways in 2018, the renowned Marriott Hotel group in 2020, and the esteemed Royal Mail in 2023, cyber security breaches have far-reaching consequences beyond financial costs. These incidents led to substantial fines, significant investments in hardware and software replacements, and inflicted significant damage to their reputations.
The multifaceted impacts of these breaches serve as a clear reminder of the critical importance of implementing robust cyber security measures in today's digital landscape. It is imperative to prioritise the protection of sensitive information and safeguard against potential threats.
With a growing number of companies offering services to handle compensation claims for data breaches, individuals and organisations are finding it more convenient to make such claims.
This emerging trend has significant implications for the overall impact of data breaches and their associated facets. From financial losses to reputation damage and potential legal ramifications, the consequences of a data breach can be extensive and varied.
It is crucial for individuals and organisations to fully grasp the complexities involved and seek appropriate support to navigate this challenging landscape effectively.
In Summary
Cyber liability insurance is a rapidly expanding industry. As premiums are projected to increase, it becomes increasingly vital for businesses and organisations to adopt a strong cyber security strategy.
With the expertise of our cyber security professionals, we are here to help you define and implement a comprehensive cyber security strategy that effectively mitigates risks.
Furthermore, our committed team is ready to provide support in the unfortunate event of becoming a victim of cybercrime. Be assured, we possess the expertise and resources to guide you through the aftermath and facilitate recovery from any cyber incidents. Get in touch with our security experts today.