Romero’s Ultimate Guide To Cyber Insurance

The impact of a cyber attack can be devastating for any business. That’s why it’s more important than ever to consider cyber insurance. Every business, no matter its size, is a potential target for cyber crime and fraud. And, according to the Identity Management Institute, 90% of cyber attacks are successfully executed.

The latest article in this series explains what a Cyber Verification Check is, and why you should carry this out as soon as possible. Read it here.

Download our Cyber Insurance Whitepaper

A cyber attack is, by far, the most common risk a business will face. Our whitepaper covers all the essential need-to-knows as well as how to defend against the emerging threats.

Cyber Insurance Whitepaper

Who is at risk?

There are two types of businesses…

  1. Those who have had a breach
  2. Those who will have a breach 

The world of cyber crime is evolving, so we can’t ever predict what’s just round the corner. Though there are mitigation measures you can put in place to minimise your risk, cyber attacks can’t always be avoided. Cyber attacks are extremely sophisticated. Your business really could be next.

Why are cyber attacks so dangerous?

Traditional risks to businesses such as fire and theft, are easy risks to see. They have physical consequences and it’s something that we’re all familiar with. Yet, here in the UK, you’re more likely to be the victim of cybercrime than any other. 

Cyber threats hide in plain sight, masquerading as legitimate activity. Social engineering is the most common type of cyber attack. Which means that it’s your employees that could inadvertently bring down your business, regardless of how much security software you’ve put in place. 

In reality, one wrong click could bring down your business’s entire system. Whether it be through malicious software that will infiltrate your system and destroy your files, or ransom attacks where cyber criminals hold your systems hostage, each cyber threat has the potential to cripple a business. Particularly one that is under protected, and underinsured.

Because the threats are invisible, it’s easy to dismiss cyber crime as a significant potential problem. You might think it’s something that will happen to someone else. Which is possible, until it happens to you. And it’s at this time that you’ll feel the impact of not taking cyber threats seriously.

Listen to the Cyber Insurance Podcast

IT Director, Mark Noble details the necessary cyber security precautions all businesses should have in place. He answers what is cyber insurance, what do cyber criminals want, and what businesses can do to stay fully financially protected.

For more from the Romero Expert Insights podcast series, see here.

What is the difference between Cyber Attack and Cyber Crime? 

Cyber Attacks cause business disruption through network failures, privacy breaches or data loss. Could your business recover if key software or systems were corrupted, or if your business’s files and data were temporarily or permanently lost? 

Cyber Crime is related to monetary loss caused by the malicious actions of a hacker. Social engineering is a form of cyber crime, where an employee is deceived or scammed into giving financial details or making payment to a fraudulent source.

So why is cyber crime so popular? It’s simple. The goal for most cybercriminals is financial gain; either from pilfering money or by ransoming stolen information and data.

Both cyber attacks and cyber crime can be incredibly damaging to a business. You can find out more about the intricacies of these different terms by downloading our whitepaper below. 

We recommend businesses have an all-in-one cyber insurance policy that incorporates both cyber attack and cyber crime insurance. This ensures businesses are comprehensively covered, whatever happens.

Cyber attacks don’t just happen to big businesses

According to the FSB, small businesses are subject to 10,000 attacks per day, costing the sector almost £4.5billion. 

What’s more concerning, is that whilst some firms say they have only been attacked once or twice, over 10% of small businesses that were attacked have fallen victim to more than 20 separate attacks over the last two years.

No longer are cyber attacks solely targeted at multinational corporations and government agencies. Businesses of all sizes are seeing an upward trajectory of the number of cyber attacks directed at their businesses. SMEs are being hit by attacks as they are large enough to have significant data or material value. However, they often don’t have the relevant investment in cyber security to protect themselves. This makes them an easy target for potential cyber criminals.

This threat is constantly growing and evolving, making it more and more difficult to protect your business against the threats.

It’s true that the financial implication of a cyber attack could be much greater for a larger corporation. But, for a smaller business, the impact could be long lasting – enough to cause significant damage to a business.

Protect your business

Business owners and managers must ensure they are aware of cyber threats that could impact their business and do all they can to mitigate these risks. There are three pillars of cyber security to be aware of…

Business owners and managers must ensure they are aware of cyber threats that could impact their business and do all they can to mitigate these risks. There are three pillars of cyber security to be aware of…

  • Employees

Your staff members can cause data breaches and cyber incidents, even accidentally. Remember that your business is only as strong as your least informed employee! Social engineering is big business, and cybercrime doesn’t have to be remote. Without adequate security, a person could enter your business and access your systems – causing utter havoc. 

  • Process

Your business should make sure all employees follow documented procedures. Business systems and data should be protected thoroughly. All staff should receive regular training on spotting the signs of suspicious behaviour. Cyber security induction sessions, plus regular refresher sessions, should help to ensure every member of staff is looking out for your business. 

  • Technology

Antivirus software or specific Cyber Security software will help to protect your business. You should have email-vetting technology in place as well as backups on all important systems.

My business isn’t at risk

Think again! You might have the very best technology in place, with sophisticated security software ready to combat attacks. Do remember, though, that your system security is only effective against the latest known threats – but not the next unknown threat. Cyber attacks and cyber crime are ever-changing and becoming more sophisticated, so you can’t always protect your business against it. 

Your employees also put your business at risk of social engineering. Let’s put this in context and look at burglary as the crime. You could have many strong lock up procedures in place, but if an employee leaves a window open a criminal could still get in! Social engineering is exactly the same. You must trust that your employees know how to keep your business safe. Even seemingly innocuous actions such as leaving paper records in public, or clicking on a link in a fraudulent email, could seriously damage your business. 

You may outsource your data handling or IT, and mistakenly think cyber security isn’t your responsibility. That’s not correct. You are still the data controller, and as such you’ll have liability over that information. Third party providers often have tight contract conditions limiting their liability. Even so, any breach of theirs will likely involve the breach of multiple customers. Consider whether that provider will be able to provide recompense, or whether your own policy could help you in this case. 

What should you do if you’re a victim of a cyber attack?

You should report a significant attack to the National Cyber Security Centre (NCSC). You may also be required by law to report the incident to the Information Commissioner’s Office (ICO). All incidents must also be reported to Action Fraud. 

Assess the damage and the extent of the attack, and do all you can to stop the incident from getting worse (with the help of your IT team, of course). 

Qualified cybercrime investigators may be able to help you prevent further damage. The criminals may have breached a level of your security, but you might have a chance of stopping them getting any deeper into your system.

You must also contact your insurance broker as soon as possible. An established and reputable broker like Romero Insurance Brokers will guide you based on experience and expertise. Your brokers will give you the next steps to take to remain compliant with your policy and have the best chance of recouping your losses. 

You can then begin to take steps to resolve the incident. This could include restoring services through backup data, or changing all passwords. 

Throughout the process, you should keep all staff, customers and other stakeholders in the loop. They’ll want to know what’s going on, and how a cyber incident might impact them.

Protect yourself and your business

There are a number of steps you can take in order to protect yourself and your business. A cyber security audit will demonstrate exactly where your weaknesses lie, and how you can plug the gaps. By recognising where you might be vulnerable to threat, you can take steps to prevent it.

A cyber criminal can target your business in several ways – and this type of crime is ever evolving. Do be mindful that you can never eliminate all risk. By investing in a bespoke, Cyber and Crime Insurance policy, you can rest assured that if the worst does happen, it won’t have a catastrophic effect on your business.

What does cyber insurance cover?

Cyber insurance will cover you for cyber extortion, fraud, business loss (including Business Interruption), employee dishonesty, social engineering, criminal damage costs, court fees, public relations expenses, data damage costs, commercial disruption costs and much more. Put simply, it will pay out for most expenses associated with the impact of a cyber incident. 

Why is cyber insurance expensive? 

However expensive cyber insurance is, cyber attacks or cyber crime is even more so. The cost of cyber attacks and cyber crime is increasing. The average ransomware payment was £10,209 in January 2019. Fast forward just one year and the average ransomware payment is now £89,284. These attacks are extremely costly to businesses as cyber crime becomes more advanced and sophisticated. 

The cost of a data breach includes breach response costs, Business Interruption, reputational harm, monetary loss and defence costs… plus potentially much more. Cyber crime is no laughing matter, and could cripple your business financially. 

There is no “cheap” option when it comes to cyber insurance. If your business is struck by a cyber attack, and you don’t have adequate insurance, you could be facing extreme losses. Cyber insurance gives you peace of mind that, if something does go wrong, your insurance policy will help you get back on your feet. 

You should do all you can to minimise the chances of a cyber attack from happening. But, unfortunately, unlike other risks such as fire or flood, there really is no way of knowing what the next evolution of cyber crime may be… until it happens. 

Perhaps your current policy mentions cyber insurance. Check the small print. The level of cover could be minuscule – barely covering the cost of the specialists you’ll have to hire to investigate the incident. A separate cyber insurance policy ensures you have the right level of cover to keep your business afloat if a cyber attack knocks you down. 

Here at Romero, we work with a specialist cyber insurer. We’re able to beat 92% of other existing policies, without losing vital and valuable cover.

The importance of working with an insurance broker

Three quarters of business leaders claim they have insufficient cyber cover, or none at all. Are you one of these businesses? 

Cyber insurance is crucial, and should be a non-negotiable policy as part of your business protection. You shouldn’t view cyber and crime insurance as an investment – you should view it as an invaluable cover. The cost of your policy will, after all, be nothing in comparison to the potential costs entailed if you fall victim to a cyber breach or attack.

Some businesses may find it particularly difficult to secure cyber insurance. Businesses in trades such as IT software, healthcare or political associations are particularly likely to be a cyber attack target and thus their risk is much higher. Off the shelf policies may not be applicable, but a specialist broker will be able to help these businesses asses their options. 

An insurance broker like Romero is dedicated to protecting your today and your tomorrow. 

Acting as an expert middle man between your business and your insurer, brokers are in the best position to give you the insight into staying safe online, and the importance of cyber insurance and crime insurance.

We really do feel strongly that businesses should recognise the potential impact of a cyber attack, and do all they can to protect themselves from it. We always have our customers’ best interests at heart, which is why we offer a quote for cyber insurance at every renewal. Customers have to opt out if they choose not to have cyber insurance, as in all good conscience we must recommend this as an important, vital option.

Download our cyber and crime whitepaper

We have created a comprehensive guide, to help you understand what cyber threats are, how they could manifest themselves in your business, and more importantly how to protect yourself. So click below to download and get one step closer to securing yourself and your business.

Alternatively, get in touch to speak to our team about how we can help.

Download the whitepaper

Important Update for Motor & Fleet Policy Holders