Guide to buying Cyber Liability insurance for business

If you run a business, there’s every chance that you’ve already suffered at the hands of criminals operating digitally. With this in mind, it makes sense to take out appropriate insurance and ‘Cyber Liability insurance’ has been around for a few years now. But before you go and buy a policy ‘off the shelf’ it’s worth thinking about the risks that your business may face and ensuring that the cover you’re about to buy offers the protection that you need.

What types of cyber crime do UK businesses face?

There are probably three main classes of digital crime that a business owner or manager should consider. These are:

Ransomware attacks

Where a criminal hacker ceases control of some aspect of your businesses digital estate or assets and demands payment for their return. It might be that they have ceased control of your website, for example.

Data breaches

Most businesses will hold data of some sort or another. New GDPR legislation has meant that the rules around how businesses handle client data have become more stringent anyway. If a criminal managed to gain access to business data – even client information held on a desktop in the office – it’s likely that the repercussions for the business could be severe.

Digital fraud

This isn’t necessarily a ‘cyber crime’, in fact it’s really an old fashioned fraud committed using technology. An example might be where a criminal sends you an email with an invoice for payment designed to look like one of your suppliers. You pay it in good faith, then realise you’ve been scammed. Because this isn’t a straightforward cyber liability claim, it may not be covered under a cyber insurance policy. Nonetheless, it’s something well worth considering and ensuring that you have the right cover in place.

So, the first thing to consider is ‘which of these risks is my business facing?’ This is an area where using an experienced broker, such as Real Insurance, can pay real dividends. We take time to understand a clients business and can advise on which covers you may need.

What costs and business issues can a cyber insurance policy help protect a business from?

With all three types of digital crime described above, there are a number of principle financial losses and problems that the right policy can help you with. Typically, claims fall into one of two categories – first party claims, where the financial losses are your own, and third party claims where your business faces a claim from a third party (a client or customer, for example) who alleges that they have been injured or suffered a loss as a result of your activity or alleged failure to act.

Examples of first party cyber insurance claims:

Legal costs

It’s likely that you’ll face legal bills when something goes wrong. The right policy can pay out on legal defence costs that you may face.

Loss or damage to your electronic data.

A policy will generally pay out the costs that you incur in recovering or restoring data that has been damaged or stolen. For example, it may be that you have to hire in IT consultants to manage the issue for you. Assuming the loss or damage is the result of a virus, a hacker attack or a denial of service event, a cyber insurance policy will pay out up to an agreed limit.

Loss of income

Naturally, the loss of data, or the inability to access it is likely to have an impact on your ability to trade. Likewise if your website is hacked or damaged in some way. Where a commercial property insurance policy may protect you in the event of physical damage to property, a cyber insurance policy will specifically protect you where data is damaged or stolen. Effectively, this is a business interruption cover that includes data where a commercial property policy may not provide protection.

Extortion costs

Where a criminal is holding your business to ransom using malware, the insurer may agree to cover the costs of paying the ransom in order that you can get back to trading. The policy may also pay out for any additional costs that you incur in responding to the hackers demands.

Reputational damage

It’s not always the first thing that springs to mind, but where a business suffers a cyber crime, there can be significant reputational damage that could impact on future business. Awareness that your business has suffered a data breach may put clients off doing business with you in the future, for example. Although not always required or available, cover can be purchased to assist with additional marketing and PR work needed to remedy any reputational damage you face as a consequence of cyber crime.

Notification costs

Where you suffer an attack that sees sensitive information about clients, suppliers and even employees, you are obliged not only to inform the Information Commissioner (ICO), but also anyone who may be affected. This can represent a significant amount of cost. The right cover will pay out costs that your business incurs as a consequence of having to undertake this process.

Examples of Third Party cyber liability insurance claims

Network security and privacy liability
The most obvious issue here is that where there is a data breach, it affects your business customers, who then decide to sue you for failing to keep the information you hold on them safe, and claim that they have suffered injury or financial loss as a consequence. A cyber liability insurance policy will (up to agreed indemnity limits) pay out for your legal defence costs as well as any settlements that are agreed with the injured party.

How much should a business pay for a cyber liability insurance policy?

As highlighted by this guide, there are a number of different areas to consider when taking out a policy. It’s worth making sure that you do get protection in place where it’s relevant, but also making sure that you don’t buy cover that you don’t actually need.

Similarly, the cost of cyber insurance will be affected by the levels of indemnity put in place (ie the most that a policy will pay out in the event of an event covered by the policy). There’s no point in having a £10m indemnity in place against a data breach if the most you’d ever really expect to find yourself liable for is £1m, for example.

The best advice is to speak with a qualified and experienced broker. You’ll be able to take on the breadth and value of cover that you need, ensuring adequate protection, without incurring costs you don’t want.

Get in touch