News and Articles - Specialist Risk Insurance Solutions

Five common misconceptions about cyber insurance

Written by Specialist Risk Insurance Solutions | August 29, 2024

If your business has never been the victim of a cyber-attack, it can be difficult to comprehend how vulnerable your business could be. However, as a specialist insurance broker, we are here to help you understand the digital risks your business is exposed to, so that you can take the appropriate action.

We often hear from clients that they are unsure of the digital risk their business faces and whether cyber insurance is worth it. Below are just some of the common misconceptions and how to overcome them.

Misconception 1: “We invest heavily in IT security, so we don’t need Cyber insurance”

No matter how much an organisation invests in their IT security, they will never be 100% secure. Whilst investing in IT security is important, it is likely that your business will still be exposed to cyber risks, as cyber threats are continually evolving to bypass these security measures.

Your people are the weakest link in your IT security chain. Most cyber-claims are as a result of an easily preventable human error. Cyber insurance is a cost-effective way to get access to risk management tools, including employee training programs, but it also provides you with an expert response team and covers the financial losses in responding to a cyber-attack.

Misconception 2: “Our IT systems are managed by a third party, so we don’t have an exposure”

Even if you outsource your IT, you must remember that it's your business, your data and your responsibility. When customers entrust their personal data with an organisation, it is the company’s duty to safeguard that data, even if a third party is used to manage it. Never assume that you will be able to successfully claim back any damages from a third party and consider how will you respond and recover.

Claiming back losses from a third party can often be easier said than done. Most third party service providers tend to have standard terms of service that completely limit their liability in the event that a breach or system outage causes financial harm to one of their clients. Regardless, a third party will be looking to manage their own exposure and prioritising their business, not yours.

Misconception 3: “We don’t need cyber cover as we don’t collect sensitive data”

Any company that relies on computer systems to operate has a very real cyber exposure.

Two of the most common claims are not related to the privacy of sensitive data. Fund transfer fraud is often carried out by criminals using fraudulent emails to divert the transfer of funds from a legitimate account to their own.

Secondly, ransomware can cripple any organisation by freezing or destroying your business-critical computer systems. Neither of these types of incidents would be considered a data breach, however, both can cause severe financial damage and are covered under a Cyber policy.

Misconception 4: “Only large businesses are affected by cyber-attacks”

Cyber criminals target the most vulnerable companies, not just the most valuable. High profile cyber-attacks that have affected large organisations have raised awareness of the growing threat of cyber-crime through the media, however surveys conducted by cyber security organisations suggest that many small business owners are operating under a false sense of security because of this.

As larger organisations get serious about cyber security, small businesses are becoming increasingly attractive targets for cyber criminals – and the results are often devastating for small business owners.

Not only does insurance cover the costs involved in responding to a cyber-crisis, but it also provides you with instant access to a number of technical and legal experts who you may not have in-house.

Misconception 5: “Cyber is already covered by other lines of insurance”

While there may be elements of cover within traditional insurance policies, it tends to be partial cover and more likely to be indemnity based and has no proactive breach and reputational response cover/support, meaning that there needs to be an action to respond to. Arguably, if you are being pursued, it is probably too late from a reputational perspective.

Property insurance policies are designed to cover your bricks and mortar, not digital assets. Crime policies rarely cover social engineering scams (without onerous terms and conditions) which are increasingly conducted by cyber criminals and result in a huge source of financial loss for businesses. Professional Liability policies also do not cover the first party costs associated with responding to a cyber event.

A standalone Cyber insurance policy provides you with access to dedicated cyber claims experts who are trained to get your business back up and running with minimal disruption and financial impact. Without a specialist team, it could take your business weeks or even months to return to business as normal - this is where the Business Interruption cover offered by a Cyber policy will respond and support your business.

Here to help

With extensive experience in the digital risks businesses are exposed to, we are well placed to support and protect your business. For more information on this vital cover, please visit our dedicated Cyber insurance page or speak to one of our specialists on 020 7977 4800 or email cyber@specialistrisk.com

Article sources:

CFC | Cyber insurance myths debunked - client edition | https://www.cfc.com/en-gb/knowledge/resources/articles/2018/08/cyber-insurance-myths-debunked-client-edition/