Written by John Peskett, Director at Fairweather Insurance

20 years ago, a prospective burglar might walk down a street opportunistically looking for unlocked doors or open windows.  Today, the modern burglar can do this from the comfort of his or her bedroom by exploiting weaknesses in the security of a company website or IT system.  Not only are the potential targets virtually limitless, the potential rewards can be much greater and, given the sophisticated techniques and methods of modern cyber criminals, they can be extremely difficult to trace and stop.  The upshot is that all businesses – large, medium and small – are at risk of a cyber attack and can benefit from having Cyber Insurance in place.

As an SME, why do I need Cyber Insurance?

To the average person or small business, the notion of a Cyber attack or data breach might seem like a remote concept – surely that only happens to big companies!?

It is certainly true that large, high profile companies can be vulnerable, and in recent weeks stories have appeared in the press detailing a cyber attack on Furniture Village which has caused a delay in the processing of customer orders and even an attack on the healthcare system in Ireland which resulted in widespread appointment cancellations and disruption of services at a number of hospitals.  However, for every high profile ransomware attack or data breach, thousands of lower profile cyber attacks will go unnoticed or unreported.

As with many intangible risks, it is a common instinct to take the view “that will never happen to me”.  However, the associated costs and reputational damage that might be incurred as a consequence of a cyber attack or data breach could be equally, if not more, catastrophic to a business than a severe fire or flood.  Arguably, a customer may be sympathetic to a business that has suffered an unfortunate fire or flood, whereas a cyber attack that has breached their personal data might be considered suggestive of an apathetic or laissez-faire attitude to data security.

A Cyber Insurance policy also known as Cyber Liability Insurance, Data Protection Insurance or Cyber and Data Insurance can help to offset the potential risk and consequences of a Cyber breach, be it a hack, theft, malicious attack (such as a virus introduction) or ransomware attack.

What protection will a Cyber Liability policy give me?

Given the array of potential risks and range of unique and almost mysterious jargon used – hack, virus, threats, data breach, GDPR breach, worms, malware, BOTS, trojans, ransomware, phishing, keylogging, social engineering to name but a few terms – Cyber Insurance, can often seem almost remote and inaccessible.  There is certainly an argument that the insurance industry needs to do more to make the topic seem less abstract and more accessible to consumers.

In broad terms, a robust Cyber Insurance policy encompasses three key areas:

1. 1^st Party – direct losses arising from a data breach or hack, including theft, extortion, business interruption and system repair work
2. 3^rd Party – claims for compensation, fines or penalties payable to customers and regulators
3. Crisis management costs – Complimentary access to expert consultants to provide support in relation to forensic analysis, legal advice and public relations etc

In addition to protecting direct financial costs arising from a data breach or hack, a comprehensive policy will also offer professional support in relation to the subsequent post-loss clean up (which, in itself, could otherwise be extremely expensive).

How do I select a Cyber Insurance policy that will be suitable for my requirements?

There is not an off-the-shelf, one size fits all Cyber Insurance solution.  Whilst basic policies are available for a few hundred pounds, they may not adequately address the risks specific to an individual business and it is a good idea to seek professional advice.

For example, some businesses may retain a high volume of personal customer data, whilst others may hold less personal data but hold highly sensitive or confidential information.  Some businesses are almost exclusively reliant on their website to generate sales, whilst for others their website is more for brand awareness.  In most cases the IT system will be integral to the operation of the business so, if it is breached or compromised in some way in a cyber breach or attack, the business will inevitably suffer some form of disruption or cost.  For these reasons, one business may require a different type of Cyber Insurance to the next.

However, the one thing that all businesses, big, medium or small, have in common is that, if they utilise an IT system, they do carry a potential cyber risk and a Cyber Insurance policy can help to protect against the consequences of a cyber burglar working from home finding a way into your business.