Should you buy cyber insurance?
Companies can now take out insurance to protect their business against damage from a cyber-attack.
While more businesses are taking out cyber insurance, many appear sceptical about whether it would cover all the risks from what’s a constantly-changing threat.
A 2018 report by Ovum for FICO revealed a rise in the number of organisations taking out cyber insurance over the previous 12 months. Encouragingly, the number without it dropped from 31 per cent to 10 per cent yet only 38 per cent of those surveyed said their cyber insurance covered all the risks.
So how does a company choose the best policy? Is there insurance cover for all types and sizes of company?
The simple answer is to ask an experienced insurance broker. A broker should have a good overview of the market and all the policies available.
As with all insurance, there will be some cheaper but with larger excesses to pay and the small print needs to be carefully scrutinised to make sure it really covers all the risks.
A good first step is to take a look at the Association of British Insurers’ website .
Hiscox is just one provider that’s offering cyber insurance to smaller enterprises as an extension to traditional policies.
Its head of cyber, James Brady, points out that such cover should be a standard component of any business insurance policy because the statistical probability of having to make a cyber claim is greater than for fire or theft.
When a company applies for such insurance it can be tailored to their specific business activities but the insurers’ assessment will probably also be linked to the turnover of the business as a measure of how much a business stands to lose in the event of an attack.
You could pay lower premiums by demonstrating cyber security is the cornerstone of your business.
An effective way to do this is by gaining Cyber Essentials Accreditation and also ISO 27001 certification in information security management.
Cyber Essentials demonstrates you know how to use a firewall to secure your internet connections and you choose the most secure settings for your devices. You also control who has access to your data and services and you protect your network from malware and viruses. You also keep all your software and devices up to date.
And ISO 27001 certification shows your company has identified the cyber risks, assessed the implications and put in place controls that limit any damage to your business.
Gary Jowett, from Computer & Network Consultants in Brighton, said: “While you may have all the proper cyber security measures in place, the threat from cyber space is constantly changing and a cyber-attack could still get through your defences.
“Having insurance will at least reduce any financial losses and having to pay the premiums is a big incentive to maintain the best security practices to ensure the cover isn’t deemed null-and-void. Insurance could also help you to settle any claims made against you by your customers and business partners as a result of any data breach.”