Does your company need cyber insurance? While high-profile cyber attacks on firms such as Marks & Spencer generate most of the headlines, there is a much broader cyber crime epidemic going on. Around 42% of small and medium-sized enterprises (SMEs) in the UK have experienced a cyber attack or breach over the past 12 months. The impact can be devastating. Transport company KNP last month announced it was closing down after almost 160 years in business following a cyber attack that left it locked out of its own IT systems. The damage caused proved too much for the firm to recover from. Data from BT suggests the average cost of a serious breach to a small business is just short of £8,000, but in many cases, the bill will be substantially higher.
Moreover, while costs such as restoring systems and the interruption to business may be easy to quantify, additional expenses such as reputational damage can be large and unknowable. A data breach could also leave your firm vulnerable to sanctions from the Information Commissioner’s Office: it can fine businesses up to 4% of their global turnover for transgressions.
Consult a broker for cyber insurance
Cyber insurance offers valuable risk mitigation benefits.
Subscribe to MoneyWeek
Subscribe to MoneyWeek today and get your first six magazine issues absolutely FREE
Get 6 issues free
Sign up to Money Morning
Don’t miss the latest investment and personal finances news, market analysis, plus money-saving tips with our free twice-daily newsletter
Don’t miss the latest investment and personal finances news, market analysis, plus money-saving tips with our free twice-daily newsletter
Firstly, your insurer can offer practical advice and support that will enable your business to better protect itself from an attack through technology improvements and stronger security. If an attack does get through, your insurer will be able to help you manage the breach and get your SME back up and running more quickly. And it will also refund many of the costs you incur.
Still, cyber insurance is a fast-evolving market, and it’s important that SMEs understand what policies do and don’t cover before signing up. This is one area of the insurance industry where getting independent advice from a broker can be especially valuable. Most insurers will want to develop a detailed understanding of your SME before offering cover. They’ll work with you to conduct a risk assessment, aimed at identifying the type and potential cost of attacks you might face, as well as the quality of your existing defences. They will also want to know how well you’ve trained employees on cyber security.
This process can take some time, and the results of the assessment will have a direct impact on the cost of cover. But it can be a worthwhile exercise. Insurers will be able to suggest improvements you can make to your risk management processes; this will help you secure affordable cover but also enhance your firm’s cyber security. Make sure you understand exactly what insurance offers. For example, what support will your insurer provide immediately in the event of a cyber attack? What limits are there on payouts, both for the cost of the attack itself and associated losses such as business interruption? What threats are you covered for, and will this cover evolve as new threats emerge? Will you be covered for attacks that result from a mistake made by one of your employees?
Clearly, the price of insurance will be key too. It will depend on the nature of your business. Certain firms and industries handle more sensitive data and rely more heavily on technology systems, for example. However, one recent survey put the average cost of cyber insurance at between £500 and £3,500 a year for a small business with an annual turnover of less than £1 million. For businesses with revenues between £1 million and £10 million , that rose to £3,500 to £10,000 annually.
This article was first published in MoneyWeek’s magazine. Enjoy exclusive early access to news, opinion and analysis from our team of financial experts with a MoneyWeek subscription.
