Business insurance covers all kinds of outcomes from death in service, to public injury to professional indemnity.
But with around a third of UK businesses suffering a cyber attack in 2022, it’s more important than ever your business has protection against claims resulting in a successful breach of your computer systems.
That’s where cyber liability insurance comes in.
What is cyber liability insurance?
Cyber liability insurance provides financial cover in the event of a security breach.
It can also cover any costs of claims made against you by third parties in the event their data is lost, stolen or corrupted while in your possession.
Cybercriminals target businesses to steal confidential customer information, employee information, bank account details, usernames and passwords. All of which can result in significant damage, downtime and financial losses.
Do I need cyber liability insurance?
If you store your own business’ sensitive commercial data – or have customer data that can be accessed then online, then yes, you need cyber liability insurance.
Even most small businesses operate online in some capacity, meaning they’re just as at risk of a cyberattack as anyone else.
In fact, small firms suffer around 10,000 cyber attacks every single day, according to the Federation of Small Businesses. If your business falls under this category, you should at the very least consider cyber liability insurance.
All businesses that handle customer data are required, by law, to protect it adequately and use it in accordance with General Data Protection Regulation (GDPR). If your company experiences a data breach, it could be sued for breaching GDPR. Cyber liability insurance can help cover the costs involved.
Common cyber security threats your business could face
Phishing and Smishing
Cybercriminals trick thousands of people into releasing sensitive data or unknowingly installing dangerous programs every day.
Someone claiming to be a genuine contact, like a fellow employee or someone working for HMRC, may request the login information for your business system via email. As soon as someone hands this information over, the cybercriminal can access the relevant systems and wreak havoc.
Smishing works the same way, but instead, the messages are exchanged over SMS.
Clicking on certain websites, links or downloads could result in you unknowingly downloading a virus. These viruses can infect your business devices and systems, destroying, damaging or leaking sensitive data.
Some viruses can also give someone outside of your network remote access to your devices.
Ransomware holds your systems, programs and data hostage, with criminals demanding you pay a fee to unlock them and regain control.
But even if a business pays the ransom, there’s no guarantee they’ll gain control over their systems again.
If a person or a bot can crack the usernames and passwords for your business systems, often using complex programs, they may go undetected and steal sensitive business data right from under your nose.
Human error accounts for 82% of data breaches, according to Verizon, either through simple mishandling of data or falling for traps laid by cybercriminals like the ones described above.
If businesses want to give themselves the best defence against this kind of data loss, they should ensure all staff receive network security training and refresher courses at least once per year.
Systems are updated by developers to improve overall processes, but also to patch previously unseen security problems.
When a hacker targets these unseen vulnerabilities, it’s known as a zero-day attack. Once the issue has been discovered by the hacker, they can write simple pieces of code to put data and entire systems at risk.
What makes these kinds of attacks even worse is that the person who discovers the vulnerability is often the only person who’s aware of it, giving them a massive advantage over those in charge of network security who will be playing catch-up.
How can cyber liability insurance protect me in the event of cybersecurity breaches?
It covers losses for time lost
If your business is targeted in a cyberattack, you’ll undoubtedly lose time and productivity as a result, even if the damage is minimal.
Time is money, and every second you spend focusing on repairing the damage caused by a cyberattack is a second you could have spent focusing on your business and revenue.
Cyber liability insurance takes note of this lost time and accounts for it in insurance payouts.
It covers costs involved in the recovery of data
Lost data can be a nightmare to deal with, especially if your databases are destroyed as well as stolen.
If it’s possible to recover your data, cyber liability insurance will help cover the cost of this very technical process, which is usually fulfilled by an external IT professional.
It covers costs for rebuilding websites
Your website is the online face of your business. If a cybercriminal destroys it, the results can be devastating. If your website needs to be repaired or rebuilt from scratch, cyber liability insurance will assist with the involved costs, including paying for web developers.
It recovers losses as a result of stolen identity
There were around 226,000 cases of identity fraud recorded in the UK in 2021, according to Cybercrew.
If customer data is stolen from businesses in a cyber attack, in some cases it can be used by criminals to falsify documents in a specific person’s name. This is often to open a credit account and illegally spend funds using someone else’s identity.
Alternatively, criminals can use this information to try and access a customers’ bank account and funds directly.
If this happens, cyber liability insurance providers will work with banks, the police and victims to restore lost funds. However, not every level of cyber liability insurance works to recover customer funds as well as business funds.
What kind of cyber liability insurance do I need?
Cyber liability insurance is usually broken down into two categories:
First-party cyber coverage
This cyber coverage primarily has the business’s best interests at heart and will help protect it when it comes under attack.
It will also cover the costs of any steps that need to be taken to uphold good post-breach business practices, including contacting anyone who may have been affected, monitoring finances and public relations.
Third-party cyber coverage
Third-party coverage focuses on managing financial fallout if a company is attacked.
If cybercriminals access a customer’s data, and that customer attempts to sue your company because you failed to protect it, this insurance will cover the costs of legal fees, court fees and settlements in relation to the case.
Who should I talk to about cyber liability insurance?
If you’re interested in protecting yourself in the event of a cyber attack, speak to your current business insurance provider, if you have one.
You may already be covered against these types of attacks, or the provider may offer a product you could add to your current insurance deal.
But before taking out a new deal, be sure to look into the specifics. Make sure your entire business network is covered in the event of a breach, not just individual devices.
If you feel you may find a better deal elsewhere, set aside plenty of time to take a deep dive into cyber liability insurance providers. Check star ratings and reviews, along with any other comments you can find on social media.
Choose a reputable insurance provider who puts your interests, and the interests of your customers, first. Then, if you suffer a breach, you can take some peace of mind knowing a reliable and experienced insurance provider has your back.