There is a discrepancy between the percentage of business leaders that identify cyber threat as a serious threat and those that follow through and purchase appropriate protection. One of the misconceptions is that cyber is covered by existing insurance, such as general liability, but this is incorrect. 

Our cyber products combine insurance protection that covers both the obvious and less obvious consequences of cyber risk as well as risk management tools designed to respond to a variety of cyber risks exposures not covered under conventional insurance policy. Our cover can help businesses deal with the effects of sensitive data breaches, computer hacking, dumpster diving, computer viruses, employee sabotage or error, pilferage of information and identity theft. 

Speak to us to establish how you can manage and reduce the risks your business faces and what insurance cover is needed to ensure that in the event of an attack, your business will have the appropriate protection in place. 

Businesses face a range of cyber risks including but not limited to: 

  • rogue employees stealing hardware or data to gain competitive advantage, sell on to criminals or for extortion 
  • negligent employees sending incorrect data, losing hardware or falling victim to phishing attacks  
  • hackers 
  • malware 
  • poor IT controls 
  • data breaches as a result of outside providers with inadequate security 
  • backdoor intrusion into the business through employees social networking accounts 
  • employees accessing company data through their own smartphones or tablets, this is often referred to as Bring Your Own Device (BYOD) working. 

Who is at risk 

Small to medium sized businesses 

Common misconception: small equals safe 

The 2011 small business study by the National Cyber Security Alliance found that 40% of all cyber attacks are directed at firms with fewer than 500 employees. 

Open to attack 

Smaller businesses may have less robust security and no audited response initiatives (perhaps seen as too costly). They often present opportunistic targets and criminals may use them as a backdoor means of attacking larger organisations. 

Vulnerable to damage 

Smaller companies may have no access to forensic, legal and PR experts after a security failure. As a result loss of revenue, inability to cover operational expenses and reputational damage can be devastating for them. 

Larger businesses 

Bigger target

Large companies with more data means that breaches can lead to more records being stolen and more costs to manage the loss. They are also more susceptible to third party and shareholder class actions. 

Harder to track 

Monitoring employee activity, tracking stolen and lost hardware and the corresponding theft of proprietary information is much harder in large complex organisations and data breaches can take much longer to resolve. 

Direct costs

Loss or damage to digital assets

If you suffer loss or damage to data or software programmes, costs will be incurred in restoring, updating, recreating or replacing them. 

Non-physical business interruption and extra expense 

A cyber attack, administrative and operational failures of employees and third party providers that prevents your company from trading would inevitably result in a loss of income whilst you cannot carry out business as usual.

Reputational damage 

Years of good work could be damaged by just one incident that sours your customers view of you as a business, meaning a loss of customers and subsequently income. 

Indirect costs 

Civil damages 

If you suffer a security breach on your network, transmit any malicious code, or if you breach any third party or employee privacy rights or confidentiality, you may be subject to defence costs and/or civil damages. 

Regulation defence 

If you are investigated by any regulator as a result of the above, you will face investigation and defence costs, as well as potential fines. In the majority of cases, responsibility is on the data owner (you), rather than any data processor you may outsource to. 

Customer care 

There is sometimes a legal or regulatory requirement for you to notify the individuals affected by the security or privacy breach, in which case you may be subject to legal, postage and advertising expenses. Forensic expenses will also likely be necessary to establish the cause of the breach and credit monitoring may also be necessary.

The average cost of cyber attack (per record) 

  • detection and escalation - £24
  • notification - £7
  • post data breach - £26 
  • lost business - £44. 

Total direct loss from a data breach per record in the UK - £101. 

Source: 2014 Cost of Data Breach Study: Global Analysis by Ponemon

 

The best way to protect against cyber attacks is to prevent them in the first place - but sometimes that is not possible. If the first line of your defence is breached, our network has access to products which are designed to help you manage and control the impact and get back to business as usual.  

  • After a breach has occurred, expert forensics can determine what has been affected and how it can be contained, repaired or restored. 
  • Expert legal and PR consultants can formulate a plan to contain reputational damage. 
  • Data subjects who have been affected by the breach can be notified and credit monitoring can take place to prevent further losses. 
  • Professional preparation can take place for any investigations you may be subject to. A cyber policy will also cover payment of insurable fines and penalties imposed upon you. 
  • Defence costs and damages for: 
    • any breach of personal or corporate data 
    • contaminating someone else’s data with a virus
    • theft of system access code 
    • theft of hardware containing personal data 
    • a negligent act or error by an employee.