layer 1 layer 2 layer 3 layer 4 layer 5 abstract shapes

Cyber Insurance: What is it and why is it so important?

Posted 17th November 2023

As the cyber threat against UK businesses increases, cyber insurance is becoming an essential element of any SME’s security strategy. In this blog, our cyber experts examine the current threat landscape, ask what cyber liability insurance can protect against, and look at why insurers are requiring policyholders to have certain cyber security measures in place before they will provide cover.

The current threat landscape for UK businesses

Businesses in the UK are coming under increasing attack from cyber criminals. In 2022, 54% of SMEs experienced some form of cyber-attack.

The rise in cyber-attacks has been a global phenomenon, sparked at least in part by the coronavirus pandemic that struck in late 2019. As governments imposed lockdown restrictions and businesses scrambled to send their teams home, cyber criminals took advantage of the increased attack surface brought about by remote working. Previously secure business networks were blown wide open as employees began to access business systems from countless new locations, and in 2020, at the height of the pandemic, malware attacks increased by 358% against 2019.

Insurers have counted the cost of cyber-attacks

Falling victim to an attack can cost a business dearly – both financially, and in terms of reputation – and this is something insurers are keenly aware of. When the pandemic struck in 2020, cyber insurance was still a fairly immature market. Up until that point, insurers hadn’t really been designing products that matched the risks. So, when the number of attacks exploded in the wake of Covid, insured businesses made claims that few insurers could handle. In 2020, direct loss ratios reached an unsustainable average of 72%.

An insurance policy for insurers

Throughout 2021 and 2022, the cyber insurance market matured massively. Those that survived hefty post-pandemic losses were forced to take measures to better protect themselves in the face of what had become a relentless cyber threat. Some levied significant price hikes (premiums shot up almost three-fold), others reduced their policy limits, but most took steps to mitigate the risk by forcing businesses to better protect themselves. These days, if you want to insure your business against a cyber-attack, you need to prove you’re taking cyber security seriously with certain protections in place.

What is cyber insurance?

Cyber insurance – also known as cyber security insurance, cyber liability insurance and data breach cover – is a type of insurance policy that provides financial protection in the event of a cyber incident. It can cover a wide range of risks including data breaches, cyber-attacks and events like network outages and ‘act of God’ incidents.

While cyber insurance can’t prevent cyber-attacks or incidents, it acts as a safety net that can mitigate or significantly reduce the financial and operational consequences of your business falling victim to one.

How do I get cyber insurance for my SME?

Getting cyber insurance for your business is a straightforward process, but it requires careful consideration. Many insurers have tightened their underwriting guidelines over the past couple of years and now require businesses to have certain cyber protections in place. These may include security measures like:

  • Multi-factor authentication for remote access
  • Anti-malware protection
  • Firewalls and DMZs
  • Network segmentation
  • Immutable backups
  • Web Application Firewalls for high-risk portals
  • Advanced Endpoint Detection and Response (EDR) protection
  • A business continuity plan

In order to get the right policy in place for your business, you’ll need to:

  • Perform a risk assessment
  • Choose the right coverage
  • Understand policy details
  • Identify any additional services you want

It’s worth bearing in mind that cyber threats are evolving all the time and that a new type of attack might emerge after you’ve taken out your policy. Make sure you clarify with your insurer that, in the event you fall victim to a new type of attack, you are still covered.

What are the benefits of cyber insurance?

There are so many potential impacts of a cyber-attack that it can be difficult for SMEs to anticipate them all, let alone protect against them. Cyber insurance can help by covering businesses to ensure:

Financial recovery: Cyber insurance provides financial coverage for expenses related to data breaches, incident response, legal costs and even ransom payouts in the event you fall victim to a ransomware attack. Without insurance in place, these costs can be crippling to smaller businesses, even causing them to cease trading.

Reputation protection: In the event of a data breach – particularly one that impacts customers, partners or stakeholders – cyber insurance can cover the cost of public relations and communications. Some insurers will have in-house teams for dealing with reputation management, which can be crucial for protecting your business against lost customer trust.

Business continuity: Cyber insurance can cover business interruption costs, allowing you to recover more quickly and continue serving clients and customers both during and after a cyber incident. This can further reduce the financial impact, helping you maintain operations and positive customer relationships.

Legal compliance: Cyber insurance often helps SMEs meet legal and regulatory requirements, ensuring you don’t face penalties for non-compliance.

Third-party liability mitigated: Cyber-attacks and data breaches can result in harm to third parties such as clients, vendors, supply chain partners and customers. Cyber insurance can cover liability claims brought against your business by others who have been exposed to risk through the attack on you.

Peace of mind: Don’t underestimate the importance of the peace of mind that comes from having a good cyber insurance policy in place. Cyber-attacks are increasingly a ‘when’ not ‘if’ scenario for businesses, and knowing that you have a safety net in place to deal with the potential fallout means you can focus on growing your business instead.

Cyber insurance is essential for SMEs

In a world where cyber threats are a growing reality for businesses, cyber insurance has evolved into a crucial safeguard, especially for the UK’s many SMEs. As cyber-attacks become more sophisticated, the financial and reputational consequences of falling victim to one can be severe. For SMEs in 2023, cyber insurance is no longer a nice-to-have: it’s an imperative protection, and a critical component of a robust cyber security strategy.

Contact us to find out how we can support your cyber insurance strategy

Get in touch today down down down