Here are 6 common misconceptions about purchasing Cyber cover and why there has never been a better time to get protected:
- We don’t need cyber insurance; we invest in IT Security……
No matter how much a firm invests in IT security they will never be completely secure. Hackers are constantly coming up with new ways to bypass security and exploit human error. As a business you ensure your premises are protected with the necessary locks, alarms, sprinkler system etc., but you still usually purchase property insurance as a secondary layer of protection in the event of fire or theft, so why take the risk on Cyber?
- We outsource all our IT, so we don’t have an exposure………..
Most third-party service providers have standard terms of service that limit their liability if a breach or system outage causes financial harm to one of their clients, and if the service provider suffers a breach, it is likely that you would still be responsible for notifying affected individuals and dealing with any subsequent regulatory action. In addition, most firms rely on service providers for business-critical operations, should those third-party providers experience a system outage caused by a cyber event or system failure, it could have a catastrophic effect on your ability to trade, resulting in a substantial financial loss.
- We don’t collect any sensitive data, so we don’t need cyber insurance….
Not holding sensitive data does not mean that you don’t need Cyber Insurance. Any business that relies on computer systems to operate, whether for business-critical activities or electronic banking is still very much at risk. The two most common types of Cyber claims/losses seen by insurers are Ransomware and Funds Transfer Fraud, neither of these need to involve a data breach but can still result in significant disruption to the business and crippling financial loss.
- Cyber-attacks only affect big business. We’re too small to be a target…
Largescale cyber-attacks are regularly seen in the media, but most cyber-attacks are aimed at small businesses. Smaller companies are less likely to have sophisticated IT security systems in place compared to larger organisations and so are seen as ‘easy targets’ by criminals.
- Cyber is already covered by other lines of insurance…
Most Professional Indemnity Insurance policies now specifically exclude Cyber and Data risks and whilst there may be elements of cyber cover existing within some traditional insurance policies, it tends to be very limited. A stand-alone Cyber policy will provide comprehensive cover filling any gaps in traditional policies. One of the most valuable aspects of a robust Cyber policy is the First Response Services, which in the event of a Cyber Breach will give you 24/7 access to incident response experts who will triage incidents, contain threats and repair networks, minimizing the impact to your business and getting you back up and running quickly.
- Cyber insurance is too expensive…….
A comprehensive cyber policy can include first and third party loss, business interruption and lost revenue, data and hardware repair and restoration, funds transfer fraud, breach notification costs, cyber extortion, regulatory defence and penalties, and cyber-attack prevention tools, making a cyber policy one of the best value investments a firm can make. It’s also less expensive than you might think! There are many Cyber Insurance providers, but the breadth of policy cover can vary dramatically, so it’s worth engaging with a broker that has specialist knowledge on Cyber to ensure you get the most appropriate cover for your business.
QPI are an Independent Risk Management and Insurance Consultancy and have been serving the Professions since the year 2000. Our experts have decades of experience in arranging Cyber Insurance and will be delighted to obtain a range of quotations on your behalf. Contact us today for a no obligation chat……….
Source material – CFC Underwriting
Written by Hayley Dawson, QPI