background imagebackground image

Why buy standalone cyber insurance?

  • Cyber Insurance
The Knowledge
,
3rd April 2024

The reasons might surprise you

Cyber breaches continue to be a pervasive and evolving problem for businesses of all sizes. According to UK IT Governance’s list of Data Breaches and Cyber Attacks in 2023, there were more than 8 billion records breached in UK organisations across all industry sectors last year.[1] To help put that figure in perspective, the UK government’s Cyber Security Breaches Survey 2023 found that 59% of medium-sized business and 69% of large businesses reported experiencing a breach during the year. The proportion of micro businesses rating cyber security as a high priority decreased from 80% in 2022 to 68% in 2023, but this may be because other concerns like inflation and economic uncertainty have become more pressing for them – not because the risks to these businesses are smaller.[2]

“Businesses of all shapes and sizes have cyber risk exposure,” said Chris McMurray, Managing Director for Cyber at Travelers Europe. “The number of ransomware-related incidents has continued to increase in the past year and is not likely to slow down, and we are also seeing more frequent cases of business email compromise and increasingly sophisticated phishing attacks.”

Cyber insurance can provide meaningful protection against this backdrop of these threats, but there are still a large number of businesses without protection. McMurray estimates that only 10-12% of businesses have cyber cover, and believes the low uptake is due to some false perceptions in the market about the likelihood of a breach, as well as businesses feeling the pinch of a difficult economy and wanting to avoid paying for another insurance product.

“The sad reality is if you haven’t already suffered a breach, then it’s likely you will at some point,” McMurray said. “A lot of businesses are just not prepared for that and will find it difficult to recover, particularly if they don’t have a cyber insurance policy in place and all the benefits that come along with that.”

Understanding the benefits

So how does stand-alone cyber cover protect a business at a time when cyber threats continue to grow in frequency and sophistication? This is a question Forrester studied last year when it conducted research to assess the impact of having a standalone cyber insurance policy as opposed to having cyber cover woven into a combined policy (also known as “silent cyber”) or no cyber cover at all.

Their report, The State of Cyber Insurance, 2023, came to some telling conclusions. Specifically, businesses with stand-alone cyber insurance experience fewer breaches. To qualify for cyber insurance, businesses need robust cyber security programmes – or take action to develop them. By making themselves better risks for insurers, they also strengthen their defences against threat actors.

Forrester also found that businesses with standalone cyber insurance have better outcomes with threat detection and response. The research revealed a consistent pattern of improved detection and response times across common incident alert and response steps. For example, 48% of respondents with stand-alone cyber insurance policies reported that they were able to detect a threat in less than seven days, compared to 21% of those without cyber insurance or with cyber coverage as a part of another insurance policy.[3]

A stand-alone cyber policy provides a business with critical protection – and peace of mind – by helping to make it a more challenging target for threat actors, and perhaps even more importantly, by helping a business get back on track with minimal disruption after a breach occurs.

“While it’s understandable that businesses may be looking to cut expenses in the current environment, cyber cover should still be a priority for businesses of all sizes,” McMurray said. “If they suffer a cyber breach, the cost to the business is likely to be far higher than any potential cyber insurance premium they may pay.”

The information provided is for general information purposes only. It does not constitute legal or professional advice nor a recommendation to any individual or business of any product or service. Insurance coverage is governed by the actual terms and conditions of insurance as set out in the policy documentation and not by any of the information in this document.

[1] https://www.itgovernance.co.uk/blog/list-of-data-breaches-and-cyber-attacks-in-2023

[2] https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023

[3] https://www.forrester.com/blogs/the-state-of-cyber-insurance-2023/