The terms ‘cyber’ and ‘insurance’ invoke negative thoughts of cost, pain, hassle and more. Cyber security, cyber attacks, cyber threats… and the list goes on. Can you feel your head entering the sand already? Dare we mention how we feel about dealing with some insurance companies...

But, the reality is that the threats to your business from the digital realm are real and many. The cyber space is like a large ocean, full of undercurrents, storms and the odd tsunami to take us by surprise. Your business is like a small boat with you trying to navigate it through these difficult waters. In this analogy, cyber insurance is your lifeboat.

Let’s consider why this is the case.

Cyber insurance unveiled

When the going is good and the waters are calm, we are in a happy place. We can focus on our business and our staff are content and productive.

But we still have business insurance, and that may be more from a legislative and compliance perspective, than as a protection.

There are times though that we are pleased to have that insurance, because it does come to our rescue when we need financially protecting. Just like a lifeboat. Perhaps there was an accident at your workplace. Perhaps some tools or stock were lost, damaged or stolen. Maybe a member of staff accidentally damaged a customer’s property. You thank yourself for having business insurance to rescue you from the unexpected cost.

Cyber insurance is a lifeboat for when you need rescuing from unexpected digital scenarios.

Damaged or lost tools, damaged property, contractual disputes, these all have fairly predictable costs if needed to be replaced or repaired. But cyber is less tangible. How do you put a price on lost data? What would downtime cost your business… per hour? What would it cost to notify customers and suppliers about a breach? How much would a potential fine cost?

At its core, cyber insurance isn’t merely about protecting against loss of physical technology assets. Instead, it’s an intricate safety net designed to safeguard your business from the financial implications of a potentially successful cyber attack.

The protective layer: What's covered

Just as health or life insurance provides a much-needed cushion against unforeseen events, cyber insurance does similar against:

  1. Data breach costs: This covers the expenses related to notifying affected customers, credit monitoring services, and even the potential costs associated with regulatory fines.
  2. Legal repercussions: If a breach occurs, there might be legal action. Your cyber insurance will handle legal fees and settlement costs that arise from these situations.
  3. Business interruptions: Should your business operations come to a halt due to a cyber event, this cover ensures that the lost income doesn't sink your ship.
  4. PR and crisis management: Post-breach, your business reputation can take a hit. This aspect aids in managing the PR fallout, restoring your business image.

Setting boundaries: What it doesn’t cover

As with any safety net, there are gaps. Cyber insurance typically won’t:

  1. Foresee future losses: It won’t account for projected profits you might have earned without the breach.
  2. Rebuild reputation: While it can manage the immediate PR fallout, long-term reputation management requires sustained effort and is not insured.
  3. Infrastructure upgrades: If you’re operating on dated systems, the insurance won't cover the upgrade costs. That's an investment you’d need to shoulder, and perhaps should have done before the cyber attack.
  4. Lack of compliance: Your cyber insurance policy may stipulate that you enforce certain controls and meet certain requirements. For instance, enforcing multi-factor authentication, or making sure you have suitable backups.

Diverse packages for varied needs

Navigating the cyber insurance world might seem daunting, but it’s quite the opposite. Broadly, there are these types of cover:

  1. First-party cover: Focusing on direct losses to your company, such as ransomware attacks or employee fraud.
  2. Third-party cover: Catering to liabilities if client or partner data is compromised under your watch.
  3. Standalone policies: Specific policies tailored for cyber risks, separate from traditional business insurance.
  4. Add-ons or endorsements: Additional cyber coverage that can be added to an existing business insurance policy.

Why invest in cyber insurance?

Remember our ship analogy? In today's digital age, the waters are teeming with unseen threats. These digital threats can destabilise your business. In some cases, in an instant. With the reassurance that a lifeboat is in emergency radio range, cyber insurance ensures that in the face of an online storm, your business remains resilient.

A balanced approach: Cyber insurance meets cyber security strategy

When you start to investigate the world of cyber protection, you will find out that just having insurance is not enough, or even viable. Purchasing suitable cyber insurance will also require that you implement a cyber security strategy. Relying just on cyber insurance is like having home insurance, but leaving the doors unlocked and the CCTV turned off. If your home is burgled or burglarised, your home insurance will not cover you if you do not meet their expectation that you actually had locked those locks and had the CCTV monitoring turned on.

Combining the two strategies of having suitable cyber insurance and enforcing best-practice controls, provides the best safeguard for your business.

Let's simplify this relationship between these two strategies:

The cyber safety net: Cyber insurance cover

Cyber security on its own, while diligent in its watch, isn’t infallible. Even the most meticulous strategies might overlook a chink in the armour.

When this is the case and that weakness is exploited by a persistent enemy, cyber insurance swoops in, cushioning the financial repercussions of unexpected breaches, ensuring a brisk business bounce back. Your cyber insurance will tackle the fiscal, legal, and image-related aftermath of potential cyber skirmishes.

The insurance-driven push for peak security

Over recent years, cyber insurance providers are increasingly nudging businesses towards tighter cyber security. Why should they be expected to pay out, when you forget to lock the doors? As part of the insurance agreement, you will need to adhere to top-notch cyber controls. The result? Your organisations cyber health will be in a far better position than before your started.

When you start the process of applying for your cyber insurance, you will need to complete a comprehensive questionnaire. This is used by the insurance underwriter to check your compliance to their standards and requirements. Your managed IT service provider can help you with the technical parts of this application form. Remember though, that this is your insurance policy. You are liable for failures in your cyber security strategy. As such, your questionnaire must be completed accurately and truthfully for the insurance to be effective.

It is likely your managed IT service provider will recommend implementing additional controls. This may help reduce the insurance premium cost, and further improve your cyber health.

Don’t stand still

Digital threats aren’t static. They are constantly morphing, evolving, and intensifying. Herein lies the brilliance of a synchronised cyber strategy and insurance duo. Regular dialogues between your managed IT service provider and insurance provider ensure that your protective and financial shields are always in tune with the latest cyber trends.

In conclusion...

The digital realm is vast, complicated and sometimes intimidating. But it can be navigated safely with the right tools, knowledge and partnerships. Cyber insurance is one of those essential tools, interlocked with a thorough cyber security strategy. If you are interested in ensuring your business remains digitally resilient, then let’s have a discussion. We’re not in the insurance game, but we're pros at guiding businesses through the intricacies of cyber coverage.

August 21, 2023 — Paul Stanyer