Romero’s Ultimate Guide To Cyber Insurance

An Emerging Threat

The impact of a cyber attack can be devastating for any business. That’s why it’s more important than ever to consider cyber insurance. Every business, no matter its size, is a potential target for cyber crime and fraud. And, according to the Identity Management Institute, 90% of cyber attacks are successfully executed.

Who is at risk?

There are two types of businesses…

1. Those who have had a breach
2. Those who will have a breach 

The world of cyber crime is evolving, so we can’t ever predict what’s just round the corner. Though there are mitigation measures you can put in place to minimise your risk, cyber attacks can’t always be avoided. Cyber attacks are extremely sophisticated. Your business really could be next.

Why are cyber attacks so dangerous?

Traditional risks to businesses such as fire and theft, are easy risks to see. They have physical consequences and it’s something that we’re all familiar with. Yet, here in the UK, you’re more likely to be the victim of cybercrime than any other. 

Cyber threats hide in plain sight, masquerading as legitimate activity. Social engineering is the most common type of cyber attack. Which means that it’s your employees that could inadvertently bring down your business, regardless of how much security software you’ve put in place. 

In reality, one wrong click could bring down your business’s entire system. Whether it be through malicious software that will infiltrate your system and destroy your files, or ransom attacks where cyber criminals hold your systems hostage, each cyber threat has the potential to cripple a business. Particularly one that is under protected, and underinsured.

Because the threats are invisible, it’s easy to dismiss cyber crime as a significant potential problem. You might think it’s something that will happen to someone else. Which is possible, until it happens to you. And it’s at this time that you’ll feel the impact of not taking cyber threats seriously.

Cyber attacks don’t just happen to big businesses

According to the FSB, small businesses are subject to 10,000 attacks per day, costing the sector almost £4.5billion. 

What’s more concerning, is that whilst some firms say they have only been attacked once or twice, over 10% of small businesses that were attacked have fallen victim to more than 20 separate attacks over the last two years.

No longer are cyber attacks solely targeted at multinational corporations and government agencies. Businesses of all sizes are seeing an upward trajectory of the number of cyber attacks directed at their businesses. SMEs are being hit by attacks as they are large enough to have significant data or material value. However, they often don’t have the relevant investment in cyber security to protect themselves. This makes them an easy target for potential cyber criminals.

This threat is constantly growing and evolving, making it more and more difficult to protect your business against the threats.

It’s true that the financial implication of a cyber attack could be much greater for a larger corporation. But, for a smaller business, the impact could be long lasting – enough to cause significant damage to a business.

My business isn’t at risk

Think again! You might have the very best technology in place, with sophisticated security software ready to combat attacks. Do remember, though, that your system security is only effective against the latest known threats – but not the next unknown threat. Cyber attacks and cyber crime are ever-changing and becoming more sophisticated, so you can’t always protect your business against it. 

Your employees also put your business at risk of social engineering. Let’s put this in context and look at burglary as the crime. You could have many strong lock up procedures in place, but if an employee leaves a window open a criminal could still get in! Social engineering is exactly the same. You must trust that your employees know how to keep your business safe. Even seemingly innocuous actions such as leaving paper records in public, or clicking on a link in a fraudulent email, could seriously damage your business. 

You may outsource your data handling or IT, and mistakenly think cyber security isn’t your responsibility. That’s not correct. You are still the data controller, and as such you’ll have liability over that information. Third party providers often have tight contract conditions limiting their liability. Even so, any breach of theirs will likely involve the breach of multiple customers. Consider whether that provider will be able to provide recompense, or whether your own policy could help you in this case. 

What should you do if you’re a victim of a cyber attack?

You should report a significant attack to the National Cyber Security Centre (NCSC). You may also be required by law to report the incident to the Information Commissioner’s Office (ICO). All incidents must also be reported to Action Fraud. 

Assess the damage and the extent of the attack, and do all you can to stop the incident from getting worse (with the help of your IT team, of course). 

Qualified cybercrime investigators may be able to help you prevent further damage. The criminals may have breached a level of your security, but you might have a chance of stopping them getting any deeper into your system.

You must also contact your insurance broker as soon as possible. An established and reputable broker like Romero Insurance Brokers will guide you based on experience and expertise. Your brokers will give you the next steps to take to remain compliant with your policy and have the best chance of recouping your losses. 

You can then begin to take steps to resolve the incident. This could include restoring services through backup data, or changing all passwords. 

Throughout the process, you should keep all staff, customers and other stakeholders in the loop. They’ll want to know what’s going on, and how a cyber incident might impact them.

Protect yourself and your business

There are a number of steps you can take in order to protect yourself and your business. A cyber security audit will demonstrate exactly where your weaknesses lie, and how you can plug the gaps. By recognising where you might be vulnerable to threat, you can take steps to prevent it.

A cyber criminal can target your business in several ways – and this type of crime is ever evolving. Do be mindful that you can never eliminate all risk. By investing in a bespoke, Cyber and Crime Insurance policy, you can rest assured that if the worst does happen, it won’t have a catastrophic effect on your business.

What does cyber insurance cover?

Cyber insurance will cover you for cyber extortion, fraud, business loss (including Business Interruption), employee dishonesty, social engineering, criminal damage costs, court fees, public relations expenses, data damage costs, commercial disruption costs and much more. Put simply, it will pay out for most expenses associated with the impact of a cyber incident. 

Why is cyber insurance expensive? 

However expensive cyber insurance is, cyber attacks or cyber crime is even more so. The cost of cyber attacks and cyber crime is increasing. The average ransomware payment was £10,209 in January 2019. Fast forward just one year and the average ransomware payment is now £89,284. These attacks are extremely costly to businesses as cyber crime becomes more advanced and sophisticated. 

The cost of a data breach includes breach response costs, Business Interruption, reputational harm, monetary loss and defence costs… plus potentially much more. Cyber crime is no laughing matter, and could cripple your business financially. 

There is no “cheap” option when it comes to cyber insurance. If your business is struck by a cyber attack, and you don’t have adequate insurance, you could be facing extreme losses. Cyber insurance gives you peace of mind that, if something does go wrong, your insurance policy will help you get back on your feet. 

You should do all you can to minimise the chances of a cyber attack from happening. But, unfortunately, unlike other risks such as fire or flood, there really is no way of knowing what the next evolution of cyber crime may be… until it happens. 

Perhaps your current policy mentions cyber insurance. Check the small print. The level of cover could be minuscule – barely covering the cost of the specialists you’ll have to hire to investigate the incident. A separate cyber insurance policy ensures you have the right level of cover to keep your business afloat if a cyber attack knocks you down. 

Here at Romero, we work with a specialist cyber insurer. We’re able to beat 92% of other existing policies, without losing vital and valuable cover.