Table of Contents
What is Cyber insurance?
Cyber Insurance is designed to protect your business from threats in the digital age – this can include data breaches or malicious cyber hacks on work computer systems. Many insurers offer a flexible range of benefits so that businesses can purchase the cover they really need, reflecting their risk exposures. There are a number of insurers now providing this type of insurance and the cover provided does vary greatly. Insurance can provide protection against:
- Data breaches – where personal or commercial information (electronic or otherwise) is accessed without authorisation;
- Security failure – a hacker exploits weaknesses in your security systems, leaving your business exposed;
- Cyber attacks – any digital attack against your business;
- Extortion – criminals holding your systems or data to ransom or threatening to publish information;
- Human errors – mistakes made by staff or suppliers that results in a data breach or system outage;
- Business interruption – covering the loss of income that you may suffer from a cyber attack;
- GDPR – covering your liabilities and the cost of defending regulatory investigations after any alleged breach of data protection legislation;
- Reputational damage – includes PR and crisis management support, and covers lost revenue or customers;
- Financial crime and fraud – the use of the internet to deceive employees, customers or suppliers into transferring money or goods;
- Property damage – physical damage to equipment or property resulting from a cyber attack;
- Dependent business interruption – covering lost revenue or increased costs incurred if a supplier’s systems are taken offline by a cyber incident.
Who should take out Cyber insurance?
- You hold customer or employee data including names, addresses, dates of birth, bank details and personal identity copies such as driving licence or passports
- You use a computer to operate your business
- You have a website
- You take card payments
- You make electronic payments
- You store data in the cloud or rely on a cloud based service provider
Why should businesses be concerned?
There is an increasing view that an attack against your business is no longer “if” but “when”. In a recent article, the CEO of the National Cyber Security Centre estimated that 1 in 2 businesses will be subject to a cyber attack.
At the recent EC Getting and Keeping Customers Conference, it was highlighted that the average cost of a cyber attack to a small business is £40,000 and worryingly, two thirds of small businesses do not re-open after an attack.
We have set out some real life examples of claims that insurers have shared with us:
Case Study: Ransomware Attack
The Policyholder reported that it discovered that its IT system had been infected with malware. It was subsequently discovered that the malware was ransomware identified as “ransomcrypsam.D”, a new strain of ransomware that their antivirus detection system was unable to detect. The virus quickly infected and encrypted systems throughout the organisation. All systems were locked and they closed all of their field offices and operations at its headquarters were significantly impacted. The insured received a “ransom” demand of £10,000 in bitcoin to unlock the encryption.
Total cost of the claim was over £70,000.
Case Study: A costly phishing trip
An employee at a financial services agency fell victim to a phishing incident in which a spoof email from one of the company’s senior managers requested that the employee transferred £226,000 to a specified bank account. Believing the request to be genuine, the employee issued the fraudulent wire and both the agency’s bank and the receiving bank were unable to recover the funds. The email was actually from a Gmail account created to imitate the senior manager’s genuine address.
Total cost of the claim was over £226,000.
Case Study: Advertising for Bitcoin
A PR company (with a turnover of under £1,000,000) noticed a problem with its emails. Its regular IT contractor investigated and concluded the most likely cause was malicious activity. The insured contacted us and we deployed an IT forensics team who were quickly on site to investigate and confirmed the insured had indeed been the victim of an attack. The PR company’s IT systems had been infected with cryptojacking malware to mine for cryptocurrency. They also confirmed that the hackers who deployed the malware had accessed the insured’s systems and that personal data was potentially compromised.
Total cost of the claim was over £39,000.
How can you protect your business?
A claim under an insurance policy is always the last resort. There are a number of steps that can be taken to protect your business:
- Investment in detection monitoring software – this will help you spot the early signs of malicious activity
- Employee awareness and training – teaching employees when to spot attacks such as phishing emails
- Backing up data – understanding what data your business has and taking steps to protect it
- Promote remote working best practice – this will include:
- Prevent weak passwords
- Avoid using non work specific laptops
- Up-date anti-virus software
- Avoid connection to unsecure networks
If you would like a quotation, please send an email to [email protected] setting out the following information:
- Contact Telephone Number:
- Business Name:
- Company Number:
- Business Address:
- Number of Employees:
Alternatively, if you would prefer to talk to a member of our team please call 0333 577 8232