9 Cyber Risks and Why a Cyber Insurance Policy Can Protect Your Business Against Cyber Threats
The digital age has seen entirely range of risks emerge that puts business and business owners at risk from cyber criminals.
In this article, we will be sharing key facts about why all businesses – large or small – are vulnerable to cyber risks, and how Cyber Insurance can help your Small-to-Medium Enterprise (SME) mitigate them.
SMEs are more at risk of cyber breaches than ever before, and these attacks can have long lasting effects on the income of a business’s owners and employees by causing disruption to business operations, loss of revenue and leaving the business open to 3rd party claims.
If you think cybercrime is not something you need to worry about, you may be surprised by some of the facts presented here. This article is an unbiased, factually based summary of what cyber risks are and why a Cyber Insurance policy can protect your business.
The question is, with cybercrime more common, and more insidious, than ever, can you really afford to keep going without the right kind of cover? The facts that follow may help you find the answers you need.
9 Types of cyber risks for UK SMEs
So, what does Cyber Insurance cover? And what are your specific cyber risks?
One of the most famous data breaches of all time was the Equifax incident. Equifax is one of the largest consumer credit reporting agencies in the US. When hackers gained access to company data, it was reported that 143 million Americans had important information like Social Security numbers and driver’s license numbers stolen. These breaches, among other things, lead to large-scale identity theft. Equifax had their hands full mitigating a public relations disaster, as well as millions of dollars’ worth of lawsuits.
This attack was one of the biggest in history. But even if you are not a billion-dollar company, your information could easily become compromised. Here are nine of the most common risks.
- One of the most common types of criminal cyber-attack that users all over the UK experience is the use of ransomware. Ransomware is generally spread across your network via infected attachments on email, online messenger systems or malicious websites.Ransomware can deny you or your employees’ access to your network or information until you pay a ransom. Alternatively, ransomware hackers may threaten to publish your information unless they are paid off. For example, an attack against the Presbyterian Medical Centre in the US left the institution with no access to their network or their information for 10 days. The criminals demanded $3.4 million before they would restore access.
- General Data Protection Regulation (GDPR) claims can be made against your company if a customer/client feels that you have failed to keep their personal information secure, or if you have been accused by a regulatory body of non-compliance with GDPR regulations. A GDPR violation could even spin off from another risk – like ransomware – if hackers have released or stolen customer information. According to itgovernance.co.uk, “Infringement of the EU GDPR can result in administrative fines of up to 4% of annual global turnover or €20 million – whichever is greater”. Read more here.
- Loss of income is the most destructive thing that can happen to any business. As a business owner, you know that. And a cyber-attack, virus or unexpected system crash can result in days, even weeks of downtime that cost the company money. Many small and medium businesses are unable to bounce back in these instances. Cyber Insurance covers the cost of getting the business up-and-running again and covers loss of income during the downtime.
- Public relations disasters can occur because of cyber-attack or data breaches. For example, if customer information is leaked or lost, you will need to do urgent reputation management with your customer base. PR crisis management is also covered by certain Cyber Insurance policies.
- Mistakes happen. If a staff member is inadvertently responsible for a data breach, there can be wide-reaching consequences. For example, if an employee downloads malicious software and data is breached, your company is liable for any costs incurred, unless you are insured.
- System damage to your network can be the ultimate result of cyber-attack. And this takes time and money to repair; money that may not be in your budget. Some cyber-attacks can completely wipe your system of all information, including customer details, payment information and even your website. If the data cannot be retrieved, you will need to reload it all. This can be an exorbitant expense, and very time-consuming.
- Social Engineering and Phishing is an extremely common form of internet fraud, where you will receive communication from a seemingly a reputable source (normally via email). For example, you may get an email from what appears to be your bank. Typically, the email will prompt you to click on a link to log onto your account. Victims of phishing who click on these links are taken to fake websites made to look like legitimate banking site. This can go as far as a very similar URL. But when customers enter their login details, criminals gain access to their accounts. In 2009, in a large-scale attack nicknamed ‘operation phish fry’, around 1.5 million dollars were stolen in this manner!
- Keylogging makes use of clandestinely installed programmes to record every keystroke you make on your computer. When keystrokes are aggregated, criminals are able to steal passwords and other sensitive information.
- System overload or “DoS attack” is a deliberate overload of your system designed by attackers to shut it down. Motives for these kinds of attacks can vary, from disgruntled employees to competitors using unethical tactics to get your traffic to them, or simply hackers with their own variable agenda.
What is Cyber Insurance?
In a nutshell, Cyber Insurance exists so that companies can avoid incurring large financial losses through digitally related contingencies. For example, when new GDPR regulations came into effect, many SMEs were not equipped to deal with the penalties they were expected to pay for non-compliance.
The vast majority of companies store all their precious data online. Gone are the days of sifting through filing cabinets. Now, all that much-needed information is available at the touch of a button. But for all the convenience digital tools offer an organisation, your company’s most sensitive information may be vulnerable.
Cyber-crime is a reality. And criminal groups find new ways of stealing valuable documents and data every day. SMEs are particularly vulnerable, because they cannot generally afford the security measures that large corporations have in place. And loss of information, litigation costs and loss of income are all factors that can end up destroying these companies. When confidential client/customer information is leaked because of a data breach, the client stands to lose essential proprietary information – like bank account details, credit card information or even embarrassing personal data. These losses could lead to your company being sued by the client for damages.
Selected Cyber Security Insurance policies cover the expenses you incur in the event of digital breaches or attacks. Some of these are costs that we do not even think about most of the time. They include legal fees, loss of income, public relations, and repairs. In case you were wondering what, the legal fees aspect is about, such fees may be run into when you need to cover your company for third-party claims against you. And this can happen after a security breach has occurred. Keep this in mind, and always think about what policy will work for you and your business.
When do you need Cyber Insurance?
Cyber Liability Insurance for UK SMEs is becoming as important as all the other policies you have in place to protect your company. A dedicated Cyber Security Policy for you SME is necessary if:
- You have an online presence – website or social media.
- You store your employee, customer, and supplier information online (names, addresses, banking information and contact details).
- You download anything via email.
- You accept electronic payments.
Most commonly, online sellers, solicitors, accountants, doctors and anyone else who deals with sensitive information, are at very high risk if a data breach occurs.
How does Cyber Insurance Work?
Cyber Insurance is largely divided into two areas: first-party coverage and third-party coverage.
First-party coverage is insurance that pays out against the immediate damage done to your business. This includes loss of data, software or system damage, loss of income and interruptions to business operations.
Third-party coverage is for the aftermath or effects of first-party damage. If a customer takes legal action because their information was compromised, for example, third-party insurance will cover your business’s legal costs. Third-party cover also covers against costs incurred during reputation management and regulatory violations (within certain parameters).
If you find that you have been a victim of cybercrime, even before you lodge your claim, security is paramount. Take as many practical measures as you can to secure your data, such as cancelling credit cards and reporting the incident to your financial institution (in the case of online credit card fraud), changing your passwords for the compromised accounts and backing up your information to an external source.
When lodging your claim, you would generally call your insurance provider and speak directly to a claims consultant or log your claim online if your provider offers this service.
What does Cyber Insurance cost?
The question that is almost certainly on your lips by now…
As with any insurance policy, costs vary depending on your chosen cover. The size of your business, your turnover and your cash flow are also obvious considerations. Nonetheless, Cyber Insurance need not break the bank.
Cyber insurance policies for business start from as little as £9/month but there are likely to be notable exclusions in what it offered within such a lowly priced policy. It is important to investigate exactly what type of coverage your business required and ensure exclusions are discussed in advance of signing up to a policy provider.
According to the Ninth Annual Cost of Cybercrime Study conducted by Accenture and Ponemon Institute in 2019, the average cost of cybercrime boomed to an astonishing $13 million (roughly £9.9 million) per organisation in 2018.
When you look deeper into this statistic, it is important to note the kind of cyber-crime and data breaches that are most prevalent, and make sure your Cyber Insurance is equipped to handle them.
According to Norton.com, the most common cyber-crimes are malware, debit or credit card fraud, data breaches, compromised passwords and unauthorised email and social media access.
With each of those examples, the best question to ask is, “Could this happen to my company?” the next is, “if it did, what would the cost be?”
Make sure you have answered these questions before you choose a Cyber Insurance policy, because the cover you need may cost slightly more in the short-term but could potentially save you a fortune in the long-term.
The numbers don’t lie
According to smallbiztrends.com, a whopping 43-percent of cyber-attacks are on small businesses. And of these businesses, 60-percent close their doors within six-months of the attack.
The same article states that 55-percent of small businesses surveyed said that their companies had already experienced cyber-attacks. But even so, only 14-percent of companies are confident in their ability to mitigate attacks.
2017’s Cyber Security Breaches Survey was conducted among 1500 companies – most of which were SMEs. The study found that these companies are steadily becoming more vulnerable to cyber attacks because of the risks associated with cloud storage platforms and electronic data storage.
The survey states:
“Just under half (46%) of all businesses identified at least one breach or attack in the last year. The most common types of breaches related to staff receiving fraudulent emails (72% of those who identified a breach or attack), followed by viruses and malware (33%), people impersonating the organisation online (27%) and ransomware (17%).”
Despite this, the survey also states that only 33% of UK companies have formal policies that cover cyber security risks.
Cyber insecurity may happen in the cloud, but it has tangible consequences in the real world. When there is a cyber-attack in your neighbourhood, it can be just as bad as – if not worse than – a physical break-in.
As a business owner, the onus is on you to protect yourself and your employees – firstly, with the best possible data protection measures you are able to afford, and secondly, with cover that will help if those measures fail.
Change begins from within. Start by ensuring that your IT support staff – even if the IT support team consists of you alone – are regularly educated on new threats and emerging IT technology. This will equip them (or you) with the ability to nip most threats in the bud, stopping them before they become a serious problem.
There are other basic habits that can help protect you against cyber-attacks, too. For example, as convenient as it is to use just one password for every account you have, it’s advisable to vary your passwords from platform to platform. That way, if one of your accounts is compromised, it’s unlikely to happen to the rest of them. It’s also a good idea not to use your work email when you don’t have to (to sign up to websites, etc). Rather use a personal address so that proprietary information can’t be stolen via your work email server.
Email encryption also saves many businesses from cyber-crime. Encrypting your emails means that the mail your company sends can only be read by their intended recipients. This practice will often require authentication from mail recipients.
There are many online IT courses available – both free and paid – from sites like coursera.com, cybrary.it and mimecast.com. Up-to-date IT practices mean better firewalls and internet security. While it’s important to have Cyber Insurance in place, it’s equally as important to try and stop attacks from happening.
Your antivirus software is a key component in protecting your company against attack. The right antivirus programme will pick up a cyber threat before it even gets to you. Make sure you do some research online before signing up for an antivirus programme. Here’s some recommended reading:
Who provides Cyber Insurance? Where can I find out more?
Cyber Insurance is still relatively new to the market. And surprisingly few SMEs have signed up for it. There is no doubt that this is changing rapidly, however, as SMEs begin to realise that Cyber Insurance saves businesses from closing their doors. The fact that the Cyber Insurance economy is still emerging, however, can make it hard to find a company that offers the services you need at competitive rates.
That is where Cyberinsurance.co.uk comes in. We provide an unbiased centre of knowledge for SME owners in the UK, so that they can make informed decisions on which financial product provider to choose.
The first things most business owners ask when they are trying to find the right insurer are, “Which provider best suits my business?” and, “Which package would work for my company?”. Cyberinsurance.co.uk can answer those questions for you by showing you all the best insurance providers available and allowing you to compare their benefits, side-by-side. You can then decide for yourself. Here are just a few of the Cyber Insurance providers in the UK. For a comprehensive list and comparison, visit Cyberinsurance.co.uk:
Hiscox offers comprehensive cyber insurance packages of varying sizes (depending on the scope and scale of the business). They cover business interruption, ransomware and a variety of other cyber risks.
AIG offers “modular” cover that allows clients to choose the risks they would like to insure against. They cover a comprehensive list of cyber risks such as ransomware, business interruption, system damage and more.
Aviva offers comprehensive packaged cover and policyholder support in partnership with American-based consultants CYENCE. They cover a full cross-section of cyber risks.
CFC provides comprehensive cyber risk cover for both SMEs and large corporations. Packages are generally developed with the company’s specific needs in mind.
NIG covers a range of cyber risks for businesses of varying sizes. Cover includes protection against most common cyber risks.
Ascent provides cyber contingency and risk cover for businesses of all sizes. Cover is determined based on an assessment of the client’s individual needs.
Cyberinsurance.co.uk is the first UK SME-dedicated comparison site with up-to-date data on a variety of dedicated financial products, including Cyber Insurance, Bridging Loans, Household Cover and more. And the information we provide is completely impartial. So you have absolutely nothing to lose, and all your business’s data to save!
Feel like you’re ready to start looking?
We hope this article has made it a bit clearer for you what Cyber Insurance is all about. Now that you have a clear idea what the risks are, you can make sure you are making the most informed decision possible when you choose your Cyber Insurance package and service provider.