Should you buy cyber insurance?

Reading Time: 2 minutes15th April 2019 | Modified: 19th December 2022

Companies can now take out insurance to protect their business against damage from a cyber-attack.

CNC

While more businesses are taking out cyber insurance, many appear sceptical about whether it would cover all the risks from what’s a constantly-changing threat.

A 2018 report by Ovum for FICO revealed a rise in the number of organisations taking out cyber insurance over the previous 12 months. Encouragingly, the number without it dropped from 31 per cent to 10 per cent yet only 38 per cent of those surveyed said their cyber insurance covered all the risks.

So how does a company choose the best policy? Is there insurance cover for all types and sizes of company?

Get advice

The simple answer is to ask an experienced insurance broker. A broker should have a good overview of the market and all the policies available.

As with all insurance, there will be some cheaper but with larger excesses to pay and the small print needs to be carefully scrutinised to make sure it really covers all the risks.

A good first step is to take a look at the Association of British Insurers’ website .

Hiscox is just one provider that’s offering cyber insurance to smaller enterprises as an extension to traditional policies.

Its head of cyber, James Brady, points out that such cover should be a standard component of any business insurance policy because the statistical probability of having to make a cyber claim is greater than for fire or theft.

When a company applies for such insurance it can be tailored to their specific business activities but the insurers’ assessment will probably also be linked to the turnover of the business as a measure of how much a business stands to lose in the event of an attack.

Cyber Essentials

You could pay lower premiums by demonstrating cyber security is the cornerstone of your business.

An effective way to do this is by gaining Cyber Essentials Accreditation and also ISO 27001 certification in information security management.

Cyber Essentials demonstrates you know how to use a firewall to secure your internet connections and you choose the most secure settings for your devices. You also control who has access to your data and services and you protect your network from malware and viruses. You also keep all your software and devices up to date.

And ISO 27001 certification shows your company has identified the cyber risks, assessed the implications and put in place controls that limit any damage to your business.

Gary Jowett, from Computer & Network Consultants in Brighton, said: “While you may have all the proper cyber security measures in place, the threat from cyber space is constantly changing and a cyber-attack could still get through your defences.

“Having insurance will at least reduce any financial losses and having to pay the premiums is a big incentive to maintain the best security practices to ensure the cover isn’t deemed null-and-void. Insurance could also help you to settle any claims made against you by your customers and business partners as a result of any data breach.”

Newsletter Archives

By Gary

Gary has always focused on making sure the most appropriate solution is provided to help customers, not just what's new and shiny. With over 30 years in the IT industry Gary has the experience to tell the difference between something that's game-changing or is just a passing fad!

View all of Gary's posts.

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Analytics" category .
cookielawinfo-checkbox-functional	1 year	The cookie is set by the GDPR Cookie Consent plugin to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Necessary" category .
cookielawinfo-checkbox-others	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to store the user consent for cookies in the category "Others".
cookielawinfo-checkbox-performance	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to store the user consent for cookies in the category "Performance".
CookieLawInfoConsent	1 year	Records the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie.
elementor	never	This cookie is used by the website's WordPress theme. It allows the website owner to implement or change the website's content in real-time.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gat_gtag_UA_20840989_1	1 minute	Set by Google to distinguish users.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.