What is Cyber Insurance
Cyber Insurance provides specialised cover for your business in the event of a cyber-attack.
Cyber insurance is designed to protect businesses against financial loss resulting from a range of cyber threats and exposures, including cybercrime, data breaches and system and business interruption.
You may think you’re not likely to be affected by a cyber-breach or attack, but any business can suffer, not just well-known IT and financial companies.
All businesses hold information, whether that be personal, medical data or credit card details, and so each one is at risk. Threats can come in different forms with different levels of severity. From cyber criminals attempting to steal data for competitive advantage, to unintentional error such as the loss of a laptop or the inability of a business owner or employee to spot attacks.
A single incident could seriously damage your business, by causing financial losses through theft of information, bank details or money. You could experience disruption to trading and need to pay the cost of cleaning up affected IT systems. There are huge fines in place for a breach of GDPR (General Data Protection Regulation) through the loss of personal data, plus you could cause damage to other companies you supply or are connected to, and lose future contracts.
What is a cyber-attack?
There are a number of cyber threats that can cause havoc to your business despite your best efforts to avoid them. Some of the most common ones include:
Under this attack, cybercriminals use the trial and error approach to guess the password successfully. Attackers try every possible combination of passwords and passphrases until the account is unlocked. Perpetrators use brute-force attacks to gain passwords to access the data of a website or a personal account.
Credential stuffing is when the attacker used stolen credentials to gain unauthorized access to a user’s account. With automation, the process gets simpler. Huge databases containing compromised credentials are used to break into an account. Once the attacker is successful, the hacked account can be used to initiate fraudulent transactions, for carrying out other ill-intended activities, to alter or misuse the stored data.
Phishing, Malware attacks, Insider threat and supply chain attacks.
Where hackers replicate your comms and pose as your business reaching out to staff and customers to obtain sensitive information such as online banking passwords and login details.
Ransomware – this is when hackers log into your site’s mainframe and access sensitive data while blocking your access. They then seek a ransom to be paid for you to regain access.
Trojans – Malware with disguised intention is popularly known as Trojans or Trojan horses. Apart from attacking the system, Trojans can create a backdoor for the attackers to stealthily get into the system.
Bad bots – Bots (or Internet bots) are software programs developed to automate a repetitive task. While bad bots are self-propagating malware that infects the host and reports back to the connected central server. These bots are capable of collecting passwords, log keystrokes, personal financial data, and other sensitive data.
An insider threat is a security incident that originates within an organisation as opposed to one from an external source. It may be a current or former employee, a contractor, a third-party vendor or any other business associate that has access to the organisation’s data and computer systems. Insider attacks can be particularly dangerous because, unlike external factors attempting to infiltrate a network, insiders typically have legitimate access to an organisation’s computer systems.
Supply chain attacks
A supply chain attack, also known as a third-party attack, attempts to damage an organisation by exploiting vulnerabilities in its supply chain network. Supply
chain attacks have the potential to infiltrate an entire network through a single compromise. They can be harder to detect than traditional malware attacks.
Difference between Trojans and Viruses: Unlike viruses, Trojans do not self- replicate themselves.
The damage to your reputation could be significant, as the trust you’ve built up with both customers and suppliers could be lost in an instant if their data was compromised.
Your business, your money, your reputation, your customers and suppliers, your data, your IT equipment and services are all at risk if you suffer a cyber-incident.
What does Cyber Insurance cover?
In the event of a cyber-attack, most cyber insurance policies will cover the first-party and third-party financial and reputational costs if data or electronic systems have been lost, damaged, stolen or corrupted.
For the business involved – the first-party — cover includes the cost of investigating a cybercrime, recovering data lost in a security breach and the restoration of computer systems, loss of income incurred by a business shutdown, reputation management, extortion payments demanded by hackers, and notification costs, in the case you are required to notify third parties affected.
Third-party coverages (that result from claims against you) include damages and settlements, and the cost of legally defending yourself against claims of a GDPR breach.
- Theft or loss of client information
- Business interruption costs
- Forensic investigation
- Data recovery
- Fines and penalties
- Crisis management costs (to repair your business’ reputation after an incident).
- Legal costs from any civil action taken against you or your company as a result of an incident
Reasons to take out Cyber Insurance
It is noteworthy that the majority of data breaches are the result of a hack or indeed extremely targeted cyber-attacks.
Cyber-crime is one of the world’s largest and fastest growing crimes and most traditional policies do offer cyber incident cover. Some of the most important reasons to have this insurance in place include:
- SMEs carry a higher risk of a cyber-incident.
Hackers are professional scammers and criminals. They know that SME businesses usually don’t have the same level of IT security as large PLCs that often have a full team of IT specialists. In their minds SMEs are easier targets to access sensitive data. As well as added risk, SMEs can rarely afford the financial burden of recovering from a cyber-attack.
2. Electronic data is not covered by standard property insurance.
Data is arguably a more valuable asset to you compared to the machinery it is stored on. However a data breach is not covered as part of your property insurance.
3. Standard business interruption insurance does not include interruption caused by cyber-incident.
If an attack causes your systems to shut down a traditional business interruption policy won’t cover your losses. Cyber Insurance offers cover for lost profits associated with a cyber-related systems outage.
4. It protects your reputation.
You risk losing the confidence of your consumers and suppliers if your data is compromised. Cyber Insurance helps pay for a public relations firm to help restore this trust and covers the loss of future sales.
Cyber Insurance Quote
Getting a quote for Cyber Insurance is quick and easy. Find out more about our Cyber Insurance offering and contact our team for a quote today.