Why do I need Cyber Insurance when I'm already working with an IT company?

Some of the most common questions we get asked when talking to clients about their cyber security position are around Cyber Insurance and what it does or why it's needed in the first place.

First thing - for those who don't like reading long blogs, here's the summary - If you can afford it, get cyber insurance added to your business policy.

Now let's look at why you shouldn't overlook Cyber Insurance when you're renewing your corporate insurance policies.

What IS Cyber Insurance?

Cyber Insurance is an insurance policy specifically designed to assist your business in the event of a cyber attack. However, it usually offers a lot more cover than just that. Most policies will cover you for all sorts of data and IT related breach issues - such as the accidental leaking of data, loss of devices leading to a breach, GDPR breaches, etc.

To illustrate, here are some of the items that a Hiscox policy from 2021 covered under it's schedule:

• Cover for claims and investigations against you arising from your cyber or data liability
• Payment for losses arising due to a cyber or data incident
• Provision of specialist IT forensics, legal and PR firms to deal with a cyber incident and the fallout
• Payment of a ransom, where required, to release data
• Provision of a ransom negotiation team
• Costs to recover data from backups
• Cover for claims against you for breach of confidence, personal data, commercial information
• Cover for claims arising from breaches of GDPR, PCI-DSS or infringement of IP/defamation
• Cover for claims arising from you or your staff transmitting a virus, or your systems being used as part of a denial of service attack

Isn't some of this covered by my usual insurance?

Some of the items above may be covered by your regular insurance policy, but it's very unlikely it will cover all the above (and more) that a cyber policy does, and many general or professional indemnity policies now have specific cyber/technology exclusions. Make sure you check!

I'm only a small business, surely the chances of being attacked and needing this cover are slim?

One big mistake that company owners and managers make is believing they aren't a target for a cyber attack. Many attacks are automated and targeted against discovered weaknesses or vulnerabilities, which means that you aren't being specifically targeted for who you are/what you do, but you may have a weakness that means you're at risk.

We would never consider not insuring our premises for fire/flooding/damage/theft, but these are also very unlikely events to happen. In fact, I'd argue that you're more likely to have some sort of cyber attack, data breach or accidental data leak than you are to have a fire at the office.

When thinking like this, why wouldn't you want to insure against that type of a risk?

OK, I get it, but surely a cyber issue is easy to sort and the insurance will just be an additional cost to bear?

A cyber attack could be very small and picked up quickly with little/no damage. We see this a lot with things like Office 365 compromises, which are detected and resolved without any major fall-out. However, the same issue could also cause huge damage.

Take an example of an accounts payable e-mail address being compromised - a hacker can intercept inbound invoices, change the payment details, and potentially make you pay them instead of your actual supplier. Attacks like this are simple to execute, and effective - especially with new supplier invoices.

Another example of how things can go wrong is when ransomware gets into the network and encrypts all of the systems and data. At this point the business cannot function as no computers or servers are working. The downtime, depending on backups and disaster recovery processes, can be very long - and in some cases business ending.

How do I go about getting the right Cyber Insurance?

At 1-Fix we don't sell or recommend any specific insurance products - we're not experts in the field. We'd recommend you speak to your insurance broker as a first port of call, as the cyber risk is quite industry and technology specific, so they will be best advised to help.

What we can do to help is providing you with security baselines and frameworks such as Cyber Essentials or Cyber Essentials Plus which are government backed initiatives to improve the cyber health of businesses. These certifications also include a basic Cyber Insurance policy as part of the benefit of passing, alongside the kudos of being able to show your customers and prospects that you take cyber seriously.

We can also recommend some brokers who specialise in Cyber Insurance should you require a second quote or opinion.

If you'd like our assistance, just drop us a line.



Good luck, and make sure you get your cyber cover sorted!