- Cyber Insurance
“Do we really need standalone cyber insurance?” It’s a question owners of small and medium-size enterprises (SMEs) may ask themselves as they juggle a host of challenges and priorities in a difficult economy. The ever-changing risks facing businesses today require clients to have accurate, up-to-date information about cyber threats when answering the question. Here are some myths we often hear about cyber threats:
Myth 1: Only large organisations are targets of cyber crime.
Threat actors are looking for easy targets, regardless of the size of the organisation. All businesses need to understand their cyber risks and consider a range of security measures. While updated cyber security protections and insurance don’t guarantee your client’s business will avoid an attack, they will help it put up barriers to critical information. That may be enough to send a cyber criminal on to another target.
Myth 2: We have state-of-the-art systems.
Your client’s business is only as secure as its weakest link. Employees are often the biggest threat to data security, whether through inadvertent or intentional action. Even if a business has quality, up-to-date cybersecurity software, an employee can still fall for a phishing scheme in a moment of distraction and open a gateway to thousands of client details.
Myth 3: We’ve outsourced our data and/or IT so we are okay.
Under GDPR, even if a business outsources its data, it is obligated to keep that information confidential and is liable if it is breached. For example, if a company’s third-party vendor experienced a ransomware attack, the company would still be responsible for contacting impacted clients and managing other fallout to its business and reputation. These are tasks that cyber cover can help a business manage.
Myth 4: We’ve never had an issue.
Threat actors are adopting increasingly sophisticated approaches to seizing valuable data – and they will continue to do so as long as there is money to be made from cyber attacks. Businesses that have never had an issue are fortunate and becoming less common: So far this year, 39% of UK companies have reported cyber security breaches – and nearly one-third of these businesses say they have been attacked at least once a week. The actual figure is likely much higher as smaller businesses tend not to report cyber attacks.
Myth 5: We are already covered for cyber events in another policy.
It’s true that an insurance policy designed to cover other aspects of a business might be used to pay a cyber claim. However, when a business relies on “silent cyber” – the term for the potential cyber protections contained within a traditional insurance policy – it does not explicitly know what may or may not be covered in the event of a cyber claim. A dedicated cyber policy provides fit-for-purpose protection, such as post-breach support needed to help an insured get back on track with minimal interruption and damage to its reputation.
Myth 6: We can handle the cost of a breach. Besides, cyber cover is too expensive.
A breach can generate costs well beyond the financial, harming a company’s reputation and ability to trade. Cyber cover provides substantial value for the investment if a breach occurs – and financial protection is just a small part of it. For example, clients may choose (or be required) to offer an ongoing credit monitoring service to help diagnose any financial damage resulting from the breach. The company may also be required to absorb additional costs to individuals that result from the breach.
For a business with cyber cover from Travelers, a breach will trigger an immediate incident response, which includes 24-hour access to specialists ranging from IT forensics, data restoration, credit monitoring and PR. The clients are guided through the steps that must be taken to communicate with customers, the Information Commissioner’s Office and other stakeholders. This support is especially useful for SMEs as they are unlikely to have that resource on staff – or to be able to afford to hire such support within the time frame needed.
Once business owners understand the risk of not having standalone cyber cover, the decision to purchase it makes a lot of sense. That said, not all policies are created equal. Most cyber policies in the market are robust, but their lack of standardisation makes it important to understand the limitations and restrictions of any given policy. In the midst of a challenging economy and an environment of evolving cyber threats, cyber cover can be an investment in the continuity and longevity of a business. You can help your clients ensure it provides the fit-for-purpose protection they need.
Chris McMurray is Cyber Lead at Travelers Europe.