Cyber Insurance

Protecting your data and preventing others from accessing it is a major concern for most businesses.

Cyber insurance can provide important support to your business in the event of a cyber breach.

How can Cyber liability insurance help my business?

Many businesses, particularly small businesses, are likely to benefit from the assistance Cyber Insurance provides when responding to a data breach

There are many factors that a Cyber insurance policy can assist with; these may include: –

The National Cyber Security Centre has good guide to get you started – Small Business Guide: Cyber Security, which provides information on how to improve your cyber security; affordable, practical advice for businesses.

The National Cyber Security Centre’s guide provides 5 quick and easy steps to significantly reduce the chances of your business becoming a victim of cybercrime.

For those of you wanting to go further and improve your cyber security understanding then you can always look to gain certification under the Cyber Essentials scheme.

What does Cyber insurance cover?

All policies differ, but to give you an idea of the cover out there, here’s an example of Aviva’s Cyber insurance coverage (as of November 2021):

For the organisation

  • Breach response – includes forensic experts, legal advice, notifying affected customers and offering credit or identity fraud monitoring services
  • Damage to data, websites and software
  • Loss of revenue due to a malicious attack, extortion or a data breach on your IT systems or your outsourced IT or data provider
  • Additional expenses to reduce the reduction in revenue. This could be the cost to hire extra staff or equipment
  • Extortion – recovery costs or ransom payment if a hacker holds the business to ransom or threatens to reveal sensitive data until a ransom is paid
  • Costs of notifying customers of a data breach
  • Loss of the business money due to an external hack into your IT network  or by Social Engineering  fraud
  • The cost of unauthorised telephone calls and charges made by an external hacker
  • Protection against a breach of Data Protection Regulation where insurable by law. This includes cover for defence costs and regulatory fines

For liabilities to third parties

Compensation and defence costs if a claim is made against the business for:

  • Negligently transmitting a virus to a third party
  • Data privacy and confidentiality liability
  • Financial loss that results from the loss, disclosure or destruction of third party confidential commercial information
  • Costs resulting from non-compliance with payment card industry data security standards. This includes fines, charges and recertification costs
  • Multimedia Liability – Copyright or trademark infringement from use of online media. Cover for defamatory comments made online, including costs to remove online content to avoid a claim

What’s not covered with the Aviva policy

We’ve listed some of the key exclusions below. Although many of these can be covered under a different type of policy:

  • Acts of terrorism,  however cyber terrorism would be covered
  • Loss of money due to fraud or dishonesty of an employee
  • Failure of the internet, utilities and telecommunications
  • Errors or omissions in any professional advice or services
  • Any proceedings or claims brought by a subsidiary, parent or associate company
  • Misappropriation of trade secrets, licence fee or royalties in respect of intellectual property
  • Any fine, regulatory or statutory payment or criminal prosecution unless insurable by law

Want to know some actions you can take to help protect your business?

It is very likely that you will need to action some or all of the following to ensure your Cyber insurance policy operates and provides cover in the event of a claim…..and if you don’t have an insurance policy for your cyber exposure, then we’d suggest you run through the following to strengthen your defences:

  • Access and Passwords
  • Data Backup
  • Data Storage
  • Firewall Protection
  • Payment Controls
  • Software updates
  • Virus Protection

Let’s dive into each one and get an idea of the steps required.

Access and Passwords

Ensure that you need a password to access your computer equipment.

Make sure to change any default or manufacturer’s passwords on your IT equipment e.g. your router user name is still admin and the password is still password or admin

Data Backup

From a disaster recovery point of view, it makes good sense to take regular back-ups of your data. Cyber attack aside; what happens if your PC or server decides it has had enough and is not going to work anymore?

Data backup just makes sense. From our perspective, the key is to make it as automatic as possible. Our other tip is to make sure you try recovering using your data backup (take care and don’t overwrite your current data when doing this. Best to to do it on a PC not connected to your network). The reason for this is you don’t want to find out that you have been backing up the wrong data or missed something if you ever need to do a data restore.

Aviva for example currently require you back up data no less than every 7 days and that the data that is backed up must be validated. Aviva also require that the data is stored securely and separately from the original data or programs.

Data Storage

Again, another great business practice, is to make sure that all personal data and sensitive business data must be stored in a secure manner and also disposed of in a safe and secure manner (you do not want your data being accessed by third parties).

Firewall Protection

Have a suitable firewall in place where your computer equipment is connected to the internet or other external network and ensure it is updated regularly (Aviva currently requires this frequency to be at least once a month).

Payment Controls

It pays to be familiar with the dangers of Social Engineering Fraud and know how to spot these attempts e.g. phishing and mandate fraud.

You likely have read about these events in the newspaper.

Aside from knowing what to look out for, it’s good business practice to ensure you have formal payment procedures in place and that all employees are instructed in writing to follow these procedures.

Another thing you can do is before changing bank details for a customer or a supplier, is to use a different contact method to confirm any changes. Also don’t use the contact details in the email that has advised you of the change in bank details, as if the bank account details are fraudulent, then so could the contact details. We’d suggest using the existing contact details you already have. This isn’t fool proof but it will reduce the chance of Social Engineering Fraud occurring.

Software updates

When an update addresses a vulnerability that has been designated a high, important or critical severity, make sure you have installed your updates (for firmware, your operating systems, software, programs and applications) when they are released by the provider or manufacturer.

Virus Protection

It’s been good business practice for years now to have a suitable virus protection in place on your computers. So you’ve probably already got this one checked off. In that case, either make sure it is set to automatic updates so you don’t have to think about it (until it renews) and if not then ensuring that these are updated at least monthly.

Can we help you?

If the above insurances, schemes, product or article interests you, please mention this when contacting us. That way we can select the insurer/product mentioned, as we have a range of insurers that offer different benefits, for example not all of our insurers may cover the key elements mentioned above.

If you would like us to provide a quotation please complete one of the following:

We do everything we possibly can to check that we have got our facts straight, but it’s always possible that we could make a mistake (hopefully not or never would be better). Therefore we would like to make you aware that we accept no responsibility for information that may be factually incorrect or out of date, but we will do our best to make sure that all content is accurate. Our vision behind bringing the blog to the wider community is to keep our clients and prospective clients informed of their legal requirements, the different products on offer and how they may benefit your business and the new schemes we find which we think will benefit you.

We are Personal and Commercial Insurance Brokers based in Newquay, Cornwall covering the whole of the UK.