A Guide to Cyber Insurance: How SMEs Can Protect Their Most Valuable Digital Assets

  • Mark Thomas, Founder and Director at Compare My Insurance

  • 16.04.2024 01:45 pm
  • #insurtech #cyberinsurance #security

Over half [54%] of SMEs in the UK were victim to some form of cyber-attack in 2022, up from 39% in 2020. With 1 in 5 reporting that the average cyber attack could cost their business over £4000, the fact that only 17% of small businesses in the UK have a cyber insurance policy in place is eye-opening.

In an increasingly digital-first world, robust cyber security and insurance is no longer only a concern for large corporations. Small and medium-sized companies rely on the smooth running of IT systems and the security of their data for a multitude of business-critical operations, and a lack of coverage relating to the loss of these digital assets can be a costly situation for many SMEs to find themselves in.

What is cyber insurance?

Cyber insurance, also sometimes called cybersecurity insurance, protects your business by covering losses relating to damage to, or loss of, information from IT systems and networks. 

If your company uses any sort of connected device for business purposes, such as laptops, smartphones, tablets or payment devices, you are vulnerable to potential cyber-attacks. These attacks can take several forms, with some of the most common being DoS [Denial-of-Service] attacks, whereby a business network is flooded with false requests to disrupt and prevent operations, malware and phishing attacks, as well as ransomware attacks and general data breaches.

Cyber insurance covers the direct financial losses of a business as a result of such an attack, with losses usually being the result of data or monetary theft or damage to other valuable digital assets, such as a company website. This is known as first-party cyber insurance.

Third-party cyber insurance will also cover your business against potential liability actions brought against you as a result of an attack. It covers partners, suppliers and contractors affected by a cyber-attack, as well as protecting your business from the claims made against you.

What does cyber insurance cover?

The digital landscape is complex, presenting multiple opportunities for unscrupulous parties to hack, attack and exploit your IT systems and networks. As such, cyber insurance will usually cover several key areas.

Pre-incident support:

Having a robust cyber insurance policy can help you manage and mitigate your cyber risk and prevent potentially damaging incidents before they have chance to occur. To this end, many insurers offer access to cyber security experts and threat intelligence services that help you take a proactive approach to cyber security.

Cyber forensic support:

In the period following a cyber-attack, cyber forensic support [sometimes called post-incident support] will give you access to cyber specialists who will identify and investigate the source of the breach, as well as provide crisis management and legal support to ensure your business is able to resume operations both rapidly and safely.

Damage to digital assets:

Many cyber-attacks can result in data becoming lost, corrupted or altered in some way, or damage occurring to other digital assets such as software and company networks. Your cyber insurance policy covers the costs associated with restoring or replacing these assets.

Security and privacy breaches:

Security breaches such as unauthorised access to your networks and IT systems, or the theft of personal data, can result in businesses being liable for several costs. This might include legal fees, the costs associated with informing those affected by the breach, or even the cost relating to restoring damage to reputation. Security and privacy breach protection offers protection against these costs.

Cyber extortion:

Certain types of cyber-attacks, such as ransomware attacks, will take control of business-critical networks, or threaten to release sensitive data unless a fee is paid. Cyber extortion cover provides access to experts that can advise the best course of action, or even cover the cost of paying such a ransom.

Why do SMEs need cyber insurance?

Many smaller businesses fall into the trap of thinking they are too small for malicious actors to pay attention to. In reality, SMEs are often the target of cyber-attacks simply because they do not have the same level of security as their larger counterparts, making it far easier for bad actors to gain access to IT and network systems and sensitive information.

While a cyber breach can be disastrous for any company, they can be particularly devasting to smaller businesses, where an unexpected loss of revenue and halt to normal business operations, along with potential liabilities, can have long-term damaging effects.

Commercial liability insurance does cover some cyber risks up to a certain value, but in today’s rapidly evolving digital landscape, often this level of basic coverage is simply not enough for most SMEs, leaving them vulnerable to increased risk.

Closing the cyber insurance gap

While cyber insurance is still a relatively new area for many insurers, the prevalence of sophisticated cyber attackers and their ability to bring small companies to a grinding halt make it a key consideration for savvy SMEs. Though small and medium companies have been traditionally under-protected when it comes to cyber insurance, leaders at the senior level are increasingly understanding the need to protect their most valuable digital assets from cyber-attacks.

Other Blogs