While there has been plenty of discussion about cyber insurance, the reality is the demand for policies remains low amongst commercial organisations.
The occurrence of cyberattacks has rapidly grown in recent years but many businesses do not have adequate insurance cover in place. Recent figures released by Police Scotland show that last year recorded cybercrimes increased by almost double on the previous year's figures. Research conducted by the insurer Aviva found that the majority of SME’s in the UK are without cyber cover, with just 3% of Scottish SME’s having cyber insurance.
The pandemic has accelerated digital adoption across businesses, meaning that cyber insurance has rapidly evolved from a perceived luxury to an absolute necessity.
Ultimately every business is vulnerable to a breach but there are many reasons behind the low take up of this cover with businesses.
These range from a lack of clarity over the cost to be fully covered, placing trust in IT providers to provide sufficient protection, lack of awareness of developing electronic risks, or even the IT department's fear of criticism of their cybersecurity.
Cyber incidents can be criminally motivated & intentional, but they can also be caused by poor working practices or simply human error. News coverage tends to focus on large scale industry cyberattacks but there are also negligent internal breaches that can result in claims and losses.
If your organisation does any work with digital technology you have likely encountered a cybercrime in some form.
Here are the most common examples of cyber incidents:
• Malicious Software - virus scams such as malware or spyware sent in emails.
• Phishing - social engineering, criminal using email or persuasive techniques online as a weapon to manipulate staff.
• Ransomware - encryption to prevent systems operating or exfiltration of client data and/or committing ransom by threatening to release sensitive data.
• Distributed Denial of Service - a cybercriminal targets your networks and overloads them.
• Advanced Persistent Threat - criminals getting access to your systems and watching undetected until the best time to strike, perhaps when a major transaction is happening.
The potential for hackers, or human error, to damage your professional reputation is significant. The combined costs incurred for investigating the root cause and the restoration of your operations can result in a substantial loss of income.
Here are five essential elements of cover that can help you recover from the threats posed by a cyberattack:
• Incident Response – a cyber event has happened, what do you do next? This emergency service includes cyber forensics, crisis management, PR reputational support, managing GDPR notification.
• System Damage - the expenses to repair or replace hardware & software.
• Third-Party Liability – covers defence and damages for transmitting the problem upstream and/or downstream in your supply chain network.
• Business Interruption – provides security against the loss of profit or revenue or the impact in continuing to provide services during a cyber incident.
• Cybercrime – assists you during the recovery of funds in the aftermath of a fraudulent event.
Cyber insurance is like any other type of insurance in that the coverage you choose depends on the nature of your business. This approach ensures that your business has sufficient funds to cover downtime in the event of a cyber incident or if criminals demand a ransom.