IT Solutions
Depend on us to get your organisation to the next level.
Sectors
BCN have a heritage of delivering outcomes through our cloud-first services and currently support over 1200 customers across specialist sectors.
About Us
Your tech partner
Posted 17th November 2023
As the cyber threat against UK businesses increases, cyber liability insurance is becoming an essential element of any SME’s security strategy. In this blog, our cyber experts examine the current threat landscape, ask what cyber liability insurance can protect against, and look at why insurers are requiring policyholders to have certain cyber security measures in place before they will provide cover.
Businesses in the UK are coming under increasing attack from cyber criminals. In 2022, 54% of SMEs experienced some form of cyber-attack.
The rise in cyber-attacks has been a global phenomenon, sparked at least in part by the coronavirus pandemic that struck in late 2019. As governments imposed lockdown restrictions and businesses scrambled to send their teams home, cyber criminals took advantage of the increased attack surface brought about by remote working. Previously secure business networks were blown wide open as employees began to access business systems from countless new locations, and in 2020, at the height of the pandemic, malware attacks increased by 358% against 2019.
Falling victim to an attack can cost a business dearly – both financially, and in terms of reputation – and this is something insurers are keenly aware of. When the pandemic struck in 2020, cyber insurance was still a fairly immature market. Up until that point, insurers hadn’t really been designing products that matched the risks. So, when the number of attacks exploded in the wake of Covid, insured businesses made claims that few insurers could handle. In 2020, direct loss ratios reached an unsustainable average of 72%.
Throughout 2021 and 2022, the cyber liability insurance market matured massively. Those that survived hefty post-pandemic losses were forced to take measures to better protect themselves in the face of what had become a relentless cyber threat. Some levied significant price hikes (premiums shot up almost three-fold), others reduced their policy limits, but most took steps to mitigate the risk by forcing businesses to better protect themselves. These days, if you want to insure your business against a cyber-attack, you need to prove you’re taking cyber security seriously with certain protections in place.
Cyber insurance – also known as cyber security insurance, cyber liability insurance and data breach cover – is a type of insurance policy that provides financial protection in the event of a cyber incident. It can cover a wide range of risks including data breaches, cyber-attacks and events like network outages and ‘act of God’ incidents.
While cyber liability insurance can’t prevent cyber-attacks or incidents, it acts as a safety net that can mitigate or significantly reduce the financial and operational consequences of your business falling victim to one.
Getting cyber liability insurance for your business is a straightforward process, but it requires careful consideration. Many insurers have tightened their underwriting guidelines over the past couple of years and now require businesses to have certain cyber protections in place. These may include security measures like:
In order to get the right policy in place for your business, you’ll need to:
It’s worth bearing in mind that cyber threats are evolving all the time and that a new type of attack might emerge after you’ve taken out your policy. Make sure you clarify with your insurer that, in the event you fall victim to a new type of attack, you are still covered.
There are so many potential impacts of a cyber-attack that it can be difficult for SMEs to anticipate them all, let alone protect against them. Cyber liability insurance can help by covering businesses to ensure:
Financial recovery: Cyber liability insurance provides financial coverage for expenses related to data breaches, incident response, legal costs and even ransom payouts in the event you fall victim to a ransomware attack. Without insurance in place, these costs can be crippling to smaller businesses, even causing them to cease trading.
Reputation protection: In the event of a data breach – particularly one that impacts customers, partners or stakeholders – cyber liability insurance can cover the cost of public relations and communications. Some insurers will have in-house teams for dealing with reputation management, which can be crucial for protecting your business against lost customer trust.
Business continuity: Cyber liability insurance can cover business interruption costs, allowing you to recover more quickly and continue serving clients and customers both during and after a cyber incident. This can further reduce the financial impact, helping you maintain operations and positive customer relationships.
Legal compliance: Cyber liability insurance often helps SMEs meet legal and regulatory requirements, ensuring you don’t face penalties for non-compliance.
Third-party liability mitigated: Cyber-attacks and data breaches can result in harm to third parties such as clients, vendors, supply chain partners and customers. Cyber liability insurance can cover liability claims brought against your business by others who have been exposed to risk through the attack on you.
Peace of mind: Don’t underestimate the importance of the peace of mind that comes from having a good cyber liability insurance policy in place. Cyber-attacks are increasingly a ‘when’ not ‘if’ scenario for businesses, and knowing that you have a safety net in place to deal with the potential fallout means you can focus on growing your business instead.
In a world where cyber threats are a growing reality for businesses, cyber liability insurance has evolved into a crucial safeguard, especially for the UK’s many SMEs. As cyber-attacks become more sophisticated, the financial and reputational consequences of falling victim to one can be severe. For SMEs in 2023, cyber insurance is no longer a nice-to-have: it’s an imperative protection, and a critical component of a robust cyber security strategy.