For many SMEs, cyber insurance falls into the category of “it will never apply to me, so I probably don’t need it.” But any company of any size, especially those which conduct the majority of their business online, will be reliant on online data. Whether it’s employee information, client data, payment details or business strategy documents, a data breach represents a major risk. Your customers are already stressed about their finances; don't add to their worries with inadequate security strategies. Here are some of the key issues you should consider when weighing up cyber insurance.
The type of cyber crime you want to prevent
Cyber crime encompasses a variety of illegal activities, including identity theft, cyber stalking, network hacking, computer hacking, phishing scams, data theft, extortion, and viruses and malware. Many attacks are multi-pronged and incorporate several of these elements. Insurance can't be your sole defence against online attacks, but it can be a useful element in your arsenal.
The size of your business
Ask yourself these questions:
- How much will you be impacted if a breach takes place and you lose access to your data?
- What will the subsequent effects of this be? How much revenue will you lose if you can't trade for an extended period?
Think about the repercussions long-term. For example: do you have a large customer base? If so, you will probably have to offer compensation and deal with a lot of negativity if an attack succeeds. That said, a small business can collapse after losing just a handful of customers.
Also consider the size of your team. How many employees could be affected by a breach? In some circumstances you could leave yourself open to legal action if you don’t provide enough security for your team members and a breach takes place. If you don’t want to implicate your staff, protection is a sensible strategy.
Cyber liability insurance typically provides benefits for first-parties and third-parties (depending on what you opt-in to), which means you can cover all bases.
First-party coverage will typically include:
- Cover for business interruption – Provides cover for any income loss or related costs when a cyber attack or breach renders you unable to conduct your regular business.
- Theft and fraud – Destruction and data loss is covered if it’s the result of a breach.
- Forensic investigation and data recovery – Sometimes you may have to pay additional technical costs in order to establish whether or not an actual breach has occurred, and this can be expensive.
- Extortion – This provides protection for if criminals demand compensation or payment.
- Crisis management – If you have to conduct any PR campaigns or expensive crisis management actions as the result of the breach, you can receive cover for this.
Third-party coverage can include:
- Regulatory defence expenses – Sometimes there may be a regulatory claim from a government consumer protection agency, which can be expensive. In this case, coverage is available for fines, penalties and investigations that may occur.
- Litigation – If there are any consequential lawsuits or penalties, you can receive cover for this.
- Notification costs – Alerting your customer base to the breach’s occurrence could be expensive.
- Monitoring – Any fraud or credit monitoring of employees or customers afterwards.
The ultimate decision to purchase cyber liability insurance must be based on your needs, and you need to balance costs against risks. Weigh up the benefits, consider the cost, and decide whether the repercussions are too great to justify not having protection.