Understanding cyber insurance costs

Making sure you have comprehensive managed cyber security protection in place is vital.

But what happens if something still goes wrong despite all of your sensible precautions?

Your managed service should get you back to full operational capacity quickly and easily. But what about potential losses you’ve suffered in the intervening time?

That’s where your cyber insurance comes in. For all businesses – especially those who are intending to grow – it’s something you can’t afford to skip.

Here is everything you need to know about the basics of how cyber insurance works:

What is cyber insurance?

Cyber insurance is a type of business insurance. It is designed to cover the financial fallout when or if you suffer a cyber attack.

With roughly 46% of UK businesses suffering cyber attacks in the last 12 months (according to the Cyber Security Breaches Survey 2020), going without this kind of protection is a risky plan for any organisation.

Yet it’s all too common. Partly because cyber insurance used to come in the form of big expensive policies or weird sub-limited additions to other policies.

These days though, thanks to greater technological understanding on the part of insurers, you’re much more likely to pay a cost-effective rate that reflects the potential losses a cyber attack can lead to.

How does cyber insurance work?

You always want to take out insurance cover that is appropriate to the size of your business and risk level.

For example, if you hold the credit card information of several thousand customers as part of your e-commerce store’s operation, your risk level may be different to a company that doesn’t.

It’s important to understand that some cyber security breaches go undetected until after the event. Most insurers these days allow you to claim from the date the breach was discovered rather than when it occurred, though it’s always best to be sure this will be the way your policy works.

What does cyber insurance cover?

There are several key areas which most cyber insurance policies will mention they cover or do not cover you against:

  1. Network security issues – including data breaches, malware infection, ransomware attacks and when your business emails are compromised.
  2. Security issues – necessary for any company with information or privacy risks.
  3. Network business interruption issues – to protect you from the losses you might suffer if a cyber attack forces your business to have any downtime.
  4. Media liability issues – covering Intellectual Property problems or issues relating to the advertising of your services.
  5. Errors and omissions – if a cyber attack prevents you from fulfilling contractual obligations or delivering agreed-on services, errors and omissions coverage protects you against any costs – legal, for example – that might arise.

Types of cyber insurance

In general, there are two broad categories of cyber insurance. Each covers different things:

1) First-party cyber insurance

This covers your own business’s assets and tends to be related to network security, business interruption, media liability and errors and omissions issues. You will be able to claim for direct and indirect losses of:

  • Money
  • Data
  • Software
  • Customers
  • Your IP

You might claim for either the direct damage the attack causes and any costs of your response to it, the reputational damage you suffer, or the amount of downtime the attack causes.

2) Third-party cyber liability insurance

This covers other people’s assets, such as your customers’ information. In the event of a cyber attack where your customers’ assets are affected, this type of insurance will cover the costs of damages and compensation, investigation and so on.

How to keep cyber insurance costs down

If you own a car and buy car insurance, you are still expected to drive carefully and park sensibly overnight.

The same logic applies to cyber insurance. Often, the best way to apply for insurance is to be able to show that you have taken sensible steps to protect your business.

The government-supported Cyber Essentials and Cyber Essentials Plus schemes are two of the most commonly suggested ways to do this.

Compliance with these schemes is a prerequisite if you want to work with the UK government and most major organisations. It’s also a good way of both showing your would-be insurer that you’re a good prospect – and knowing that you have taken all sensible precautions to protect your company anyway.

Need to put those sensible precautions in place so you’re ready to get insured?

Dial A Geek helps more than 900 businesses in and around Bristol with their cyber security.

Set up a commitment-free consultation with Chief Geek Gildas Jones today. Let’s see how we can help you with yours.