Cyber Security Insurance - What You Need To Know

Uploaded on 2023-06-07 in Directors Reports, BUSINESS-Services-Financial

Cyber Security Insurance - What You Need To Know

Directors Report: This article is exclusive to premium subscribers. For unrestricted website access please Subscribe: £5 monthly / £50 annual.

During the height of the Covid-19 pandemic the number of cyber attacks increased by about 400%, according to the US Federal Bureau of Investigation (FBI). Prior to the pandemic, the FBI received approximately 1,000 daily complaints to its Internet Crime Complaint Center, but with the Covid-19 transition to a remote work environment, the FBI complaints have increased to 3,000 to 4,000 per day. The UK government says nearly half (46%) of UK businesses experienced a cyber attack or hacking security breach last year. 

Whatever type of business you have and no matter how big or small doesn’t matter either. Cyber criminals look at all types of business that they can exploit. Today, cyber criminals can cause major damage to a business in different ways. 

Standard general business insurance plans cannot cover all of these events and business owner are well advised to investigate taking out a cyber liability insurance policy and checking its cover carefully. The right policy will protect your business from cyber financial losses not covered by commercial liability plans or other insurance products.

Furthermore, it is not just about business losses. We are now seeing the victims of data breaches and other cyber crimes suffering regulatory penalties and third-party claims for damages, with consequent major fines and legal costs.

At an individual level, records indicate that as many as one in three Americans have their data breached every year, totally roughly 111.7 million individuals. Most personal data breaches on US citizens can be linked to insecure usernames and passwords and a lack of digital literacy.

The Majority Of US Firms Have Been Hacked

It's not just large organisations that are susceptible to being hacked or getting a virus, however, around 62% of organisations in the United States have experienced social engineering and phishing attacks, and at least 55% of US small businesses have experienced a data breach and that 53% have had multiple breaches. A data breach can damage more than just your small-business computer system, it also can damage your reputation and put your customers and/or employees at risk. That's why cyber insurance can be a smart precaution for any size business.

In the current digital world, many businesses store a lot of their data online. While this is an effective way to keep this information, it can make organisations more vulnerable to cyber crime. As a result, it’s more important than ever for businesses to have cyber insurance in place.

Cyber insurance, also known as cyber liability insurance or cyber security insurance, is a form of insurance that protects businesses in the event of cyber-attacks and data breaches.

Cyber insurance is a form of cover designed to protect your business from threats in the digital age, such as data breaches or malicious cyber hacks on work computer systems. If you’re hit, some cyber insurance responds by sending in the big guns and with some insurers you get access to:  

  •  IT experts to stop the attack and fix your systems.
  • Plus, in some cases, compensation for lost income too, but do check with your insurer.

A business is responsible for its own cyber security, but in the event of a cyber attack, having the right insurance will mean you aren’t alone. Cyber cover can provide crucial support to help your business stay afloat. It is important for you to identify what within your organisation needs protecting the most important items and aspects of your business, and to also identify any scenarios that must not happen. 

Do not limit yourself to meeting the minimum cyber security requirements specified by an insurer; these might not adequately protect the things your organisation cares about.

What Does Cyber Insurance Cover?

In the event of a breach, security failure, illegal threat or cyber attack, most cyber insurance policies will cover the first-party and third-party financial and reputational costs if data or electronic systems have been lost, damaged, stolen or corrupted. For the business involved cover includes the cost of:

  • Investigating a cybercrime
  • Recovering data lost in a security breach
  • The restoration of computer systems
  • Reputation management
  • Extortion payments demanded by hackers
  • Notification costs, in the case you are required to notify third parties affected.

Some cyber insurance policies also offer support with income loss if your business needs to close temporarily because of a cyber attack.

Who Needs Cyber Insurance?

If your business uses, sends or stores electronic data, you may benefit from cyber insurance. That data, whether it belongs to the business or is sensitive customer information, is vulnerable to cyber-attacks and data breaches; cyber insurance can help with the cost of recovery. This is why cyber insurance can be an important part of small business insurance. It offers financial support if the worst happens.

How Much Does Cyber Insurance Cost?

The cost of cyber insurance depends upon several factors, including the business’ annual revenue, the industry it functions within, the type of data held, and the level of network security. Certain sectors are more vulnerable to cybercrime and will therefore require a higher level of coverage. For example, companies that hold a large number of personal records, such as in finance and healthcare, are at greater risk than a sector like catering, for example.

The best way to find out how much it would cost to cover your business and protect critical data is to run an online cyber insurance quote. 

What Are Common Cyber Crimes?

Unfortunately, even some of the most tech-savvy individuals can fall victim to cyber crime. While there are numerous types of criminal activities occurring online, there are a few common cyber crimes to be aware of:

1.    Malware:   A form of malicious software that can install itself in your systems via phishing scams and by exploiting software vulnerabilities. Once installed, the attacker can spy on online activities and steal private data. 
Roughly 83.45% of malware was detected on Windows devices in the first quarter of 2020. 
Meanwhile, 11.09% is detected on browsers, and 3.24% is detected on Androids. Roughly 1.91% of malware is detected on other systems.

2.    Ransomware:   This a form of malware that attacks your computer system and encrypts data. The attacker will then demand a ransom payment in exchange for the return of the data. It’s worthwhile to formulate a data recovery plan as a precaution and maintain at least one backup of your data. Since 2016, roughly 4,000 ransomware attacks have happened every day. In the United States, ransomware represents the fastest growing malware threat, according to the Federal Bureau of Investigation.

3.    Hacking:   Cyber hacking is a term used for the partial or complete acquisition of a computer system or certain functions within it. There are various methods of doing so, but the aim is generally to access important data.

4.   Insider Threats:   More than 40% of attacks involved internal actors. Data suggests that 43% of data breaches involve internal actors, including employees, contractors, and third-party suppliers. It’s estimated that half of all data breaches that involve internal actors are intentional, while the other half are accidental.

During cyber attacks, internal actors are more likely to target employee information, including identification and health data, as opposed to customer data

How Do You Gain Expertise To Assess A Policy?

Cyber insurance policies often contain detailed technical information, which can include cyber security jargon. If you don't fully understand the policy, you may need to identify people in your organisation who can help. This may include people who:

  • Deal with contracts using lawyers/commercial managers.
  • Manage and run your IT and security systems with technical experts.
  • Are responsible for the organisation's processes and procedures such as human resources

Cyber Insurance Policy Inclusions

Before purchasing cover, it is important that you understand how important your organisation's data, systems and devices are to operations, so that an appropriate level of cover can be set. Make sure you understand in detail what the policy covers, and equally important, what is excluded.  For example, some insurance policies will not cover monies lost through business email compromise fraud. This is just one instance where a relatively common incident may not be covered by a standard cyber security policy. 

If Business Email Compromise is an issue for you, you'll need to check that your policy covers this. Remember, cyber attacks are evolving all of the time, and you might fall victim to a new type that may not have existed at the time the policy was taken out. You'll need to find out from your broker if you'd be covered if affected by a new type of cyber attack that's not consistent with your current policy.

Questions To Ask Your Insurer: 

  • Whether the cyber insurance policy you are looking at covers claims for compensation by third parties in the event of a cyber-attack, or if personal data is lost as a result of a data breach at your organisation (for example, if a customer's personal data is lost).
  • What the limits of the policy are, and whether they are appropriate for your organisation.
  • What services the insurer provides in the immediate response to an incident to help manage recovery and improve resilience; if the worst happens, you want to ensure that your organisation can learn from what went wrong and adapt to be stronger in the future.

Cyber Insurance Advantages

Because the cyber insurance market in many countries is relatively small compared to other insurance products, its overall impact on emerging cyber threats is difficult to quantify. As the impact to people and businesses from cyber threats is also relatively broad when compared to the scope of protection provided by insurance products, insurance companies continue to develop their services. 

According to a survey, 46% of all breaches have an effect on companies with fewer than 1,000 employees. In this case, strong security measures and cyber liability insurance are required

As insurers payout on cyber losses, and as cyber threats develop and change, insurance products are increasingly being purchased alongside existing IT security services. Currently, the underwriting criteria for insurers to offer cyber-insurance products are also early in development, and underwriters are actively partnering with IT security companies to develop their products.

As well as directly improving security, cyber insurance is enormously beneficial in the event of a large-scale security breach.

Insurance provides a smooth funding mechanism for recovery from major losses, helping businesses to return to normal and reducing the need for government assistance. An additional benefit is that many policies require that an organisation attempting to get cyber insurance cover to participate in a Cyber Security Audit before the insurance carrier will bind the policy. 

This will help companies determine their current vulnerabilities and allow the insurance carrier to gauge the risk they are taking on by offering the policy to the business.  

By completing the IT security audit the entity procuring the policy will be required, in some cases, to make necessary improvements to their IT security vulnerabilities before the cyber insurance policy can be procured. This will in-turn help reduce the risk of cyber crime against the company procuring cyber-insurance.

Protect your Website & Get Cyber Insurance

If you look after your own website, you can apply recommended best practices. If you outsource this to a third party this constitutes a useful set of questions you can ask of your provider to see if they are well prepared for a problem. Make sure your web site was built following good secure coding principles.  

  • Check that your web server software and any other software you use is patched and up to date. If you use a third party make sure they have policies and processes to do this for you.
  • Check that when you transfer personal information, credit card or other sensitive data you encrypt the web traffic using Secure Sockets Layer (SSL). a protocol for web browsers and servers that allows for the authentication, encryption and decryption of data sent over the Internet.
  • Get a professional review of your website by a Penetration Tester that can identify vulnerabilities before the cyber criminals do. Make sure you have applied best practice first otherwise they will waste your money telling you things you should already have fixed.
  • Perform a regular scan or check on your website to spot unexpected changes or nasty malicious content.
  • Ensure you have frequent backups of your website, particularly if you host a database with dynamic content or user information, as you may be forced to restore it in the event of an attack. Sometimes tidying up the damage left by cyber criminals is hard work.

With an international cyber attack happening once every 39 seconds, knowledge could be the nation’s greatest digital protection, as an estimated 95% of attacks are directly linked to human error. Consequently, it is very important to have a complete independent review of your IT and Cyber Systems and to have this done every year at least and that you have relevant cyber insurance for your business. 

Conclusions 

Reliance on Information Technology is an inherent facet of virtually all modern businesses, the requirement for a separate product only exists because of a deliberate scoping exercise which has excluded theft and damage associated with modern technologies from the existing product lines. Insurance relies upon sound actuarial data against a largely static background of risk. Given that these don't exist at present it is unlikely that either the buyers of these products will achieve the value outcomes that they desire. 

This view of the market is reflected in the current market state where standard exclusions result in a situation where an insurer could argue they apply to almost any data breach.

In the US and around the world, breaches in cyber security remain one of the biggest threats to economic and financial stability, business success, and the protection of personal property and information. While spending on cyber security protection increases, cyber attacks show no real sign of slowing down. The US spends roughly $3.5 billion per year on cyber crime costs, a number which is only expected to increase. Worldwide, the overall costs of cyber crime are expected to reach as much as $10.5 trillion by 2025.

Cyber security insurance protects businesses against financial losses caused by incidents like data breaches and theft, system hacking, ransomware extortion payments and more.

References

Hiscox:     NCSC:  Police Bee:   MarkelUK   Dundas LifeBusiness Insurance:  

Nationwide:    ABI:   Zippia:      Forbes:  Nerdwallet:    Image: iStock

You Might Also Read: 

Data Protection Must Be a Part of Every Cyber Security Strategy:

____________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

 

Cyber Security Intelligence: Captured Organised & Accessible

 

« Update: BBC, British Airways & Boots In Supply Chain Attack
Ransomware Trends In The Aviation & Maritime Industries »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

WIRED

WIRED

WIRED is the magazine about what's next – the people, the trends and the big ideas that will change our lives. Topics covered include cyber security.

Repository of Industrial Security Incidents (RISI)

Repository of Industrial Security Incidents (RISI)

RISI is a database of cyber security incidents that have (or could have) affected process control, industrial automation or SCADA systems.

Global Forum on Cyber Expertise (GFCE)

Global Forum on Cyber Expertise (GFCE)

GFCE is a global platform for countries, international organizations and private companies to exchange best practices and expertise on cyber capacity building.

Cloudmark

Cloudmark

Cloudmark is a trusted leader in intelligent threat protection against known and future attacks, safeguarding 12 percent of the world’s inboxes from wide-scale and targeted email threats.

ESNC

ESNC

ESNC’s vulnerability management and real-time SAP security monitoring solutions help largest corporations in the world to effectively prioritize SAP security tasks and secure their business.

ISARA Corp

ISARA Corp

ISARA Corporation is a security solutions company specializing in creating class-defining quantum-safe cryptography for today's computing ecosystems.

NSIT

NSIT

NSIT SAS is a consulting, advisory and service provider in IT systems. Solution areas include networking & infrastructure, IT management & administration, and cyber security.

Sompo International

Sompo International

Sompo International is a global specialty provider of property and casualty insurance and reinsurance services including Cyber & Network Risk.

Terralogic

Terralogic

Terralogic is a software and IT services company, an expert in IoT, Cloud, DevOps, App development and Cybersecurity.

East Midlands Cyber Resilience Centre (EMCRC)

East Midlands Cyber Resilience Centre (EMCRC)

The East Midlands Cyber Resilience Centre is set up to support and help protect businesses across the region against cyber crime.

BlueSteel Cybersecurity

BlueSteel Cybersecurity

BlueSteel is a compliance consulting firm that leverages deep system, data and application expertise to build sustainable cybersecurity solutions.

Cyera

Cyera

Cyera is the data security company that gives businesses context and control over their most valuable asset: data.

Commvault

Commvault

Commvault's data protection and information management solutions help companies protect, access and use all of their data, anywhere and anytime.

Cyber Risk International

Cyber Risk International

Cyber Risk International offer CyberPrism, a B2B SaaS solution that empowers businesses to perform a self-assessment of their cyber security program.

Teleskope

Teleskope

Teleskope are on a mission to empower businesses to protect sensitive data by default.

Codezero Technologies

Codezero Technologies

Codezero is at the forefront of microservices development, employing an identity-aware overlay network that delivers zero-trust security to DevOps.