The threat of cyber attack is a very real concern for businesses of all sizes. Whilst protection measures can be used to limit the risk no business will ever be 100% safe from a potential attack.
The financial losses associated with cyber crime can be significant and possibly even catastrophic. Existing insurance policies such as commercial property, business interruption or professional indemnity insurance, may provide some elements of cover against cyber risks, but won’t fully indemnify you in the event of a cyber attack.
Cyber insurance covers the losses relating to damage to, or loss of information from, IT systems and networks. A specialised cyber insurance policy is particularly recommended for businesses which:
- Hold sensitive customer data, such as names and addresses, or banking information.
- Rely heavily on IT systems and websites to conduct their business.
- Process payment card information as a matter of course.
Cyber insurance cover varies between providers but may include:
- Business interruption – covering the loss of net profit as a result of an interruption to your business after a cyber attack or network security breach.
- Cloud cover – insurance against a data breach that occurs at a cloud service provider.
- Crisis PR – specialist PR services to help maintain your reputation following a data breach.
- Cyber crime – covering the costs of theft of funds and cyber extortion.
- Cyber extortion – can pay the ransom payment demanded by a hacker threatening to damage your site or network.
- Data loss – covering the costs associated with data forensics, restoration, recollection and recovery following a security breach or data leak.
- Identity fraud – covering the costs incurred if a hacker has fraudulently used your identity to enter into an agreement.
- Legal expenses – covering expenses and advice for IT-related disputes with suppliers and employees.
- Regulatory investigations – covering the cost of investigations and fines from data protection regulators in the event of a confidential data breach.
- Specialist services – to assess and repair damage.
- Virus damage – covering the costs to rebuild your computer systems and restore your data following a virus attack.
All policies will have a set of exclusions, terms (such as security controls) and definitions. It is important to seek advice to ensure you are taking out a policy which best meets your business needs.