Do I Need Cyber Insurance?
Whilst the team at ICU have years of experience providing IT support, and helping our clients establish good cyber security measures is a large part of that – we can’t tell you if you need cyber insurance or offer you advice as to what level of cyber insurance cover you need. You would need a certified insurance broker for this.
However, we have put together some guidance for you so you can ask the right questions and decide what type of cover you want for your business. We pride ourselves on offering IT support in plain English, so if you need any help identifying security vulnerabilities, establishing effective security measures, or you want to work with us to plan for disaster recovery or business continuity – simply contact us today.
In the meantime, find out more about cyber insurance and its benefits below…
Do you Already Have Cyber Insurance?
Before you look at buying a standalone cyber insurance policy, check to see if you have cover already within an existing insurance policy. You may have a low level of cover within your buildings or business interruption insurance for example, but it may not cover all the situations or all the expenses that you want – so check it carefully before relying on it.
That said, trying to check the finer details of any insurance policy can be like trying to read an unfamiliar language, and that’s even more true with a cyber insurance policy. You will often find that they are filled with technical jargon and complex security terms, so you may need to call on professional advice to ensure all relevant threats and scenarios are covered.
Cyber Liability Insurance
The threats from cyber attacks are not static; unlike home insurance where you’re protected against the normal concerns such as theft, the threats from cyber attacks are constantly evolving and becoming more and more sophisticated.
Not only that, but your level of liability may also change. For example, if you took out a policy before the GDPR regulations came into force, you may now find that you’re responsible for data breaches in situations where you wouldn’t have been before.
Cyber insurance can offer varied protection to account for the different costs to your business, such as:
- Consultation fees for IT experts
- Business disruption costs
- Financial protection during an attack
- Legal support following an attack
However, just like with home insurance policies where you will find your cover is void if you didn’t lock your front door, you will be expected to have taken reasonable steps to secure your IT infrastructure.
Here at ICU IT, we often work with businesses to gain Cyber Essentials certification. This simple government scheme evidences your commitment to cyber security and ensures you have the basic cyber safeguards in place to protect your business. Find out more about Cyber Essentials here!
The potential consequences of a cyber attack can be extensive. For example, if a ransomware virus gets into your IT network, you may find yourself locked out of your systems and computers for an indefinite amount of time.
That’s why it’s essential you understand the threats, and the impact they will have on your business. If you have a backup system separate from your main network (such as in a cloud service), the impact will be less, but if you are locked out of your IT network, will you be able to operate at all? Will you have access to client information? Will you know what jobs you have booked in and where you should be sending your workers? Will you have access to your financial information? What will happen if you can’t access your accounts to pay your suppliers or staff?
And of course there are the additional costs to consider, such as the financial impact of not being able to trade or operate during the attack, the expense recovering your systems and your data (if at all possible) and the cost to repair and secure your systems against further threats.
What Does Cyber Insurance Cover?
Once you have a solid understanding of the threats and potential impacts, you can determine an appropriate level of cyber insurance cover. As with all types of insurance, different policies offer cover for different types of threat, different levels of cover and different benefits. A few questions to ask include:
- Are you insured against new types of attack that haven’t been specifically defined in your current policy?
- Will you be covered in the event that fraud (perhaps by an employee) causes the cyber attack?
- Will you be covered if a claim is made against you by a third party, for example, if a customer seeks compensation for a data breach concerning their personal data?
- Can you claim for expert consultancy expenses, such as PR assistance in the event of reputational damage?
- Can you recover the costs of replacing or repairing hardware and equipment that is damaged?
- Will you be covered for contingent business interruption if your business is disrupted by a cyber attack that occurs with your vendors or suppliers?
Cyber Security Defences
Many cyber insurance policy providers will ask for evidence that you have certain security controls in place. This might include a combination of procedural, human and technical controls designed to protect information, systems and data from the threat of a cyber attack.
If you say you have these steps in place when you don’t, you may find that your policy won’t pay out in the event of an attack. You should also make sure you keep your insurance company updated of any changes, and ensure all policies or software are updated and renewed as required to remain covered.
If you work with us to achieve a Cyber Essentials certification, you may be eligible for cyber liability insurance as part of your certification, provided by IASME Consortium. Whilst this insurance is ideal for many businesses, it doesn’t cover all businesses and all threats, so it’s important to check the policy thoroughly.
A good starting point is to identify your most vital information and work backwards to secure it at every point. There are so many different types of threat, that it makes sense to get professional assistance to identify any weaknesses and protect against them.
The team at ICU offer extensive business continuity planning that will ensure you are protected, as much as possible, from a wide range of threats. Find out more about our Business Continuity services here!