Many or all of the products and brands we promote and feature including our ‘Partner Spotlights’ are from our partners who compensate us. However, this does not influence our editorial opinion found in articles, reviews and our ‘Best’ tables. Our opinion is our own. Read more on our methodology here.
Table of Contents
Cyber attacks can pose a significant threat to small and large businesses alike, so staying secure online is increasingly important.
The government’s most recent Cyber Security Breaches Survey, published in March 2022, found that 39% of UK businesses reported being a victim of a cyber attack in the last year.
Cyber insurance, combined with a robust cyber security regime, can help protect your business from online threats, such as phishing and ransomware attacks. Read on to find out what cyber insurance is and what cover it can offer your business.
What is cyber insurance?
Cyber insurance, also known as cyber liability or cyber risk insurance, is a type of business insurance policy that can help protect your business against the effects of cyber crime.
If you are targeted by cyber crime, it could have a significant impact on your business. Cyber insurance could protect you against financial and reputational losses. It may also cover replacing or repairing your IT equipment if it is damaged following an attack.
What does cyber insurance cover?
Cyber insurance could cover your business for losses incurred from damage to the IT systems it uses. This can include financial loss, damage to reputation or equipment, and compensation for third parties in the event of a data breach.
The Association of British Insurers (ABI) splits cyber risks into two categories: first party and third party. First party risks affect the business directly, leading to business interruption, loss of business data, and reputational damage. Third party risks include loss of customer details, compensation owed to customers due to the attack, and legal costs associated with defending yourself against claims of a security breach.
For example, if you trade exclusively online and your business was hacked, your trading could be interrupted for a period of time. First party cyber insurance could cover the income you missed out on while unable to trade.
On the other hand, if your business was the victim of a cyber attack and hackers managed to retrieve your customers’ personal details, cyber insurance could cover the cost of contacting affected customers and pay out compensation, as well as legal costs, if applicable.
Some insurance policies will cover either first or third party risks, while others will cover both. It’s worthwhile checking any potential policy with your insurer to make sure your business has adequate cover.
» MORE: Do I need a business insurance broker?
Who needs cyber insurance?
Cyber threats are ever-present in today’s society. If your business is exposed to one, you could suffer loss of income, reputational damage or damage to your software or hardware. You may even have to stop trading temporarily.
Almost all businesses are involved in the digital world in one way or another. Maybe you have an app-based business bank account or you offer consumers the ability to order and pay for goods online. Or perhaps you have a website where users can create their own accounts, so you need to store customers’ personal data digitally.
In any case, you’ll need to safeguard your business against cyber attacks. If you use the internet or any IT systems as part of your business, you may need cyber insurance to protect against these threats.
Business interruption insurance or professional indemnity insurance may cover you in some specific cases, but you could also look at an additional policy to ensure you’re adequately covered against cyber threats.
You may want to consider taking out specific cyber liability insurance if your business:
- securely stores customers’ personal or financial details
- relies on the internet to trade
- uses online databases often
» MORE: Do I need business insurance?
How much does cyber insurance cost?
Cyber insurance, like many business insurance policies, can be tailored to fit the needs of your business. The cost of cover can also differ between providers, so it is worth comparing quotes from different insurers to find a policy that best suits your needs.
You can opt for a smaller or larger amount of cover depending on the size and scale of your business. If your business is particularly at risk of a cyber attack – such as businesses that store large amounts of personal or particularly sensitive customer data – you may need a higher level of cover, which can come with increased premiums.
Some insurers may offer discounted premiums to businesses that demonstrate good cyber security practices. For example, ensuring staff are trained in cyber security or showing that you have robust cyber defences.
You may be able to get cyber insurance as part of a bigger business insurance package, though some insurers will offer it as a standalone policy.
» MORE: How much is business insurance?
Common cyber crimes
Common cyber threats include:
- Phishing – emails that look genuine but try to trick you into downloading malware or giving away sensitive information, such as your bank details
- Malware – short for ‘malicious software’ such as viruses that can damage your device or extract data from your computer
- Ransomware – software that blocks access to your device until you pay a sum of money (the ‘ransom’)
How can I protect my business from cyber crime?
Whether you have cyber insurance in place or not, your business should still maintain good security practices. Security doesn’t just mean locking your physical offices each night – you need to protect your digital environment too.
You can run a risk assessment to find the weak points in your business’s cyber defence structure. Some companies also offer to simulate an attack on your IT systems to see how well protected they are.
Training your staff – and assessing how cyber-secure your business is – will make it easier to recognise cyber security threats and get into good digital security habits. For example, the government-backed Cyber Essentials scheme is designed to help businesses of any size learn how to be protected against cyber threats. You can download the assessment questionnaire for free and can then get a recognised certification once a qualified assessor has carried out a technical audit. Certification, which lasts for 12 months, ranges in price from £360 to £600, depending on the size of your organisation.
Image source: Getty Images