Businesses in the UK face an attack online every 2.5 minutes according to analysis from earlier this year. The average cost of a cybersecurity breach is £1,230, with the figure higher for bigger businesses.
Do you identify as ‘offline’? Some businesses do, like brick and mortar stores. Many can assume that they do not need insurance to protect against cybercrimes.
But online technology is used by almost all businesses. According to a government study, 98 per cent of UK businesses rely on digital communications or services such as emails, websites and online banking. No matter if you’re a solo high street store, home employed or online, it’s an integral part of how many businesses operate, and you’re vulnerable to cybercrimes.
Of course, getting insurance against risks such as fires and floods is often a priority for businesses, but not as many are protecting themselves against one of the most likely sources of damage - cybercrime. Most business insurance policies don’t cover cybercrime but 52 per cent of businesses mistakenly believe that they do.
There is also a mistaken belief that cybercrime is not a major concern for small businesses when in reality online criminals target organisations of all sizes. Small businesses are targeted by 43 per cent of all cybercrimes.
Being hit by a cybercrime can have far reaching consequences ranging from downtime, to the loss of reputation and profits, and some businesses may even have to close down.
Cyber-insurance - What should it cover?
There are a number of things you need to check that your insurance policy covers, including the following:
- Recovering lost data
- Reputation management
- Restoring computer systems
- Notifying third parties who might have been affected
- Defending yourself against claims of a GDPR breach
- Damages and settlements if claims are made against you
- A loss of income resulting from business shutdown
How much does cyber-insurance cost?
When deciding how much you need to pay for your cover, cyber-insurance providers will consider:
- What is your annual revenue
- The risk your business faces
- What type of data you hold
- How secure your network is
Businesses that hold personal data are more likely to have experienced a breach. According to research from MoneySuperMarket, 47 per cent of businesses that hold customers’ personal data have experienced a breach.
Protecting yourself against cybercrime
Putting measures in place to prevent a cyberattack will help reduce how much you pay for insurance. If you do experience an attack then being able to show you had taken steps to protect yourself will help increase your chances of an insurance pay out.
Your cybersecurity should include a number of protective measures ranging from implementing an anti-viral software to using password managers, filtering and monitoring.
To work out what protection you need, start by assessing what risk you face. Consider any activities your business carries out online, including staff who may use their own personal devices for work. Many businesses also use cloud computing so you need to be sure any work carried out remotely is done securely. Human error is responsible for as many as 90 per cent of data breaches on the cloud.
Staff training is therefore a key part of cybersecurity. At the very least staff need to learn to be suspicious about any unsolicited communications they receive online. Research has shown that the most common form of cyberattack involves sending staff a fraudulent email which looks legitimate and is designed to make the sender reveal valuable information like bank details. This technique is known as phishing.
Staff may also be duped into clicking links or downloading viruses that allow criminals to access sensitive information. If a breach does happen they need to know who to report it to and what actions to take so as to limit any further damage.
Despite taking preventative measures, a breach can still happen as unfortunately, as technology enhances, criminals are getting increasingly sophisticated and savvy. Insurers are also using more advanced techniques like artificial intelligence to assess claims being made. This can make it harder to get a pay out.
If you do suffer from a security breach, you may want to consider using an insurance claim consultant to help you navigate the complexities of dealing with a claim.
Don’t risk it
In an age where cybercrime is on the rise, you can’t afford not to get insurance to protect your business. The consequences of failing to do so can have a lasting impact which your business could struggle to recover from.
Alex Balcombe, sales, marketing and operations, Harris Balcombe