Cyber insurance (or cyber liability insurance as it’s also known) helps protect organisations from the damaging repercussions and financial fallout of cyber-attacks, cybercrime, and data breaches.
It helps stop attacks, fixes systems, compensates for financial losses, and deals with legal and regulatory issues.
That’s the simple version at least. But to understand what cyber insurance is and does, you first have to understand the threat. And that’s not always easy in view of the complex and constantly shifting landscape that cybercrime occupies.
What it’s important to know, however, is that digital risks and cybercrime aren’t going away anytime soon. With our collective reliance on tech, they’re only increasing and there’s no magic ‘delete’ button we can press to make them disappear.
That makes it vital to understand what the cyber threat is and what it means for your business. Also, what you can do to prepare your business for a cyber incident and help it survive the aftermath. Because the fallout can be devastating.
What is the cyber risk and why do I need cyber insurance?
Any sort of digital crisis has the potential to unleash chaos, whether that be a hacker infiltrating your systems or a staff member falling for a fake email. Money or data can go AWOL, and your network can be crippled, bringing business to a halt.
Cybersecurity is a global problem. But closer to home, the government’s 2023 Cyber security breaches survey states a third of UK businesses (32%) and a quarter of charities (24%) reported breaches.
Furthermore, 11% of businesses and 8% of charities said they were victims of cybercrime (rising to 26% of medium businesses, 37% of large businesses and 25% of high-income charities). The average annual cost of cybercrime for businesses is estimated at about £15,300 per victim.
The point is, no matter what your type of business, we’re pretty much all dependent on tech these days - from email to websites to VPNs (virtual private networks). In fact, with hybrid working now the norm and so many people connecting to remote networks from elsewhere, we’re more reliant on it than ever.
And that makes us sitting ducks for cybercriminals. It also means any kind of digital outage presents a real problem. Because if the tech doesn’t work, nor do we.
What are the biggest cyber threats to my business?
Human error is at the root of most cyber scares. Analysis by cybersecurity awareness and data analysis firm Cybsafe found that mistakes by individuals were behind 80% of data breaches reported to the UK regulator in 2021.
At the top of the cybercrime league table comes social engineering. It translates as people being innocently manipulated into revealing valuable information or doing something they don’t realise will be harmful. The result is hackers get access to data, information, networks and even money.
Phishing is the most common type of social engineering. Phishing emails appear to be legit and to come from a trusted source. But they’re a guise for persuading individuals to reveal sensitive information cybercriminals can use for fraud. Or to trick them into clicking on malicious links.
A more sophisticated type of phishing, called spearphishing, targets individuals. This type of attack might take the form of a fake email apparently from a regular supplier, asking an employee to pay an invoice using new account details. Cue money going straight into the hands of cybercriminals.
What other kinds of cyber-attack do I need to know about?
Ransomware is one of the big boys of the cyber-attack world and packs a hefty punch. Cybercriminals exploit IT security weaknesses or use social engineering techniques to infect a company’s network with malicious software.
Once the ransomware is in the system, it works quickly to encrypt data and lock it down. A message usually appears, telling hapless users that if they ever want to see their data again, they’ll have to pay a ransom - often in cryptocurrency.
Some pay up, some don’t. Some see their data again, others don’t – even those who’ve paid the ransom. Cybercriminals aren’t really known for their honourable intentions. And such is the scale of the problem, in 2020 the US made paying cyber-attack ransoms illegal.
Cybercriminals employ other damaging types of malware too. Much of it ends up on computers after users unwittingly click on bad links. Although, frighteningly, what are known as ‘drive-by attacks’ can happen if you’re simply unlucky enough to visit an infected website. No clicking required.
Malware can also come in the shape of keyloggers or spyware, which allow cybercriminals to record the keystrokes users make - including password entries. Plus, there are worms and viruses, and a whole lot of other sneaky tricks cybercriminals use to exploit other peoples’ computers.
The end result of any kind of cyber-attack is broadly the same. A network is compromised (maybe for days), and your business loses money – either because there's a ransom to be paid, or systems and websites are down and trade grinds to a halt. Customers, meanwhile, go elsewhere.
A cyber-attack may also mean a data breach and the loss of sensitive data like customers’ personal or payment details. And that can put you in trouble not only with your customers, but with the regulator, which in the UK is the Information Commissioner’s Officer (ICO).
The ICO’s Data security incidents trends dashboard displays a running tally of UK data breaches and makes for some scary reading. It shows an average of 9,282 data breach incidents reported to it annually between 2019 and 2022 - with 7,106 of them resulting in an investigation or informal action being taken in 2022.
All of which can be very costly for businesses. Not only in terms of fines, which can be up to £17.5 million or 4% of turnover, whichever is greatest. But also, in terms of damage to your reputation.
What does cyber insurance cover and how can it help?
Given the clear and present danger cybercrime poses, it seems the best course of action is to do like the Boy Scouts do and be prepared. Because relying on the bloke down the road ‘who knows a bit about computers’ when your network’s crippled by malware won’t really cut it.
Where cyber insurance has the advantage is that it provides you with a whole team of experts. That means technical experts to stop an attack, mend systems and retrieve data. Legal experts to deal with the regulator and any claims against you for loss of personal data. And crisis PR experts to manage your reputation.
Plus, it does it all quickly. Most cyber insurance companies have a 24/7 response line you can ring for immediate help. That’s important, because the longer an incident goes on, the greater the damage – on several fronts. It makes getting back on your feet again as soon as possible vital.
Cyber insurance covers your financial losses. It takes care of any dip in revenue while your business can't trade as normal because of a cyber-attack. It also pays your legal costs and any compensation you owe if you're sued for losing people's personal data.
And even if a financial loss comes as the direct result of human error, like a member of staff falling for a phishing email, cyber insurance can cover that too.
Some cyber insurance even tries to head off those human errors before they happen. Your employees are potentially your biggest risk when it comes to cybercrime. So, training them in good cybersecurity habits can make a big difference. Some policies come with access to online training programmes that do just that.
Survival of the fittest
Cybercrime may sound like a futuristic concept, but it’s very much the here and now. And as the opportunities for it grow in line with our ever-heavier reliance on tech, the problems it causes are only going to multiply.
Let’s face it, when would-be hackers can go on the dark web and buy ready-made malware packages for just a few quid, it doesn’t bode well.
The fact is, cybercriminals are smart. They’ve got the know-how in their fingertips and they’re constantly probing for vulnerabilities in our security set-ups. Put that together with the fact your average tech-user isn’t quite so cyber-savvy, and you have a recipe for a pretty uneven fight.
Where cyber insurance can help is by putting the battle on a more even footing. It may not always be able to prevent a cyber-attack, but it can give your business the tools it needs to deal with one quickly and survive. And survival of the fittest, after all, is what being in business is all about.
Read more about cyber insurance or ring 0345 222 5391 to talk to an expert.
Image used under license from Shutterstock.cyber liability insurancemanaging risk