Cyber security threats: What is cyber insurance and do I need it?

These days incidents like hacking and data breaches are rarely out of the news, with big businesses like British Airways , Sony, Equifax, and Marriot all affected in recent years.

But it would be a big mistake to assume cyber security threats are the preserve of large businesses – every business relying on technology is a potential target, and smaller firms may not have the financial might to soak up the losses.

To put the issue for SMEs in context, one in two SMEs suffered a cyber security breach in 2017 , with average losses ranging from £1,400 to £2.48 million.

So, what are cyber security threats, how can businesses insure against them, and do you need to?

typing on computer keyboard

Cyber Security Threats

Cyber threats come in many forms, but are essentially related to unauthorised access to your computer systems, either by a ‘malicious insider’ or by cyber criminals. The big issue for businesses falling victim to cyber security threats is what happens next, and there are a number of possibilities – which include:

  • Damage to computer systems: Hacking and computer viruses can seriously damage computer systems, leaving them requiring expensive remedial work. Computer viruses, can be passed on to customers and suppliers, potentially leaving the business liable for their clean-up costs too.
  • Theft of data: Cyber criminals may use unauthorised computer system entry to steal data, including customer details. This can be very serious when financial, payment or bank details are stolen. For example, in 2017, the Information Commissioner’s Office (ICO) fined a small video game rental firm £60,000 after hackers exposed more than 26,000 customers’ personal information.
  • Ransomware attacks: Ransomware attacks essentially lock organisations out of their own computer systems, then demand a ransom in order to unlock them. The highest profile incident in recent years was the ‘WannaCry’ attack, which had a massive impact on the NHS. Recent research revealed that 87% of SMEs had been targeted in a 12 month period.
  • Impersonation attacks and bank payment fraud: These attacks involve cyber criminals posing as senior employees, then using legitimate-looking email addresses to ask finance staff carry out urgent bank transfers or payments. Unfortunately, those payments end up in the hands of cyber criminals.

This is far from an exhaustive list of the cyber security threats facing businesses. Cyber-crime is growing fast, with some estimates suggesting that cyber criminals drain close to £500 billion from the global economy every year , so they work hard to evade new security measures. The result is a battle between hackers and security, with new methods of attack emerging at an alarming rate.

Clearly that means keeping up-to-date with computer systems security is vital, but it also means cyber insurance is becoming more and more important.

What is Cyber Insurance?

Cyber insurance offers important protection for firms of all shapes and sizes – it could help your business survive if you are targeted by hackers or cyber criminals.

In most cases, cyber insurance will assist in a number ways:

  1. Forensics: Access to computer experts to find out what happened, what has been affected and how it can be contained, repaired or restored.
  2. Legal and PR: Legal and PR consultancy to help contain damage to reputation.
  3. Notification: Covering the cost of telling customers or suppliers they have been affected and, for instance, offering credit monitoring to help them avoid further losses.
  4. Fines and investigation: Help to prepare for any investigations that may follow a cyber-attack, as well as covering insurable fines and penalties.
  5. Liabilities: Cover for legal costs and damages if the business is taken to court following a cyber-attack.
  6. Business interruption: Replacing lost income and helping to cover the increased cost of working resulting from a cyber-attack.
  7. Hacker damage: Cover for losses caused by damage to computer systems.
  8. Cyber extortion: For instance, paying ransom demands resulting of cyber extortion, including ransomware.

Do I Need Cyber Insurance?

Like most businesses, it’s likely yours gathers and stores customer and supplier data – including sensitive information like payment details. If that is the case then, make no mistake, your business is at heightened risk from cyber security threats.

But, like all risks, it is all too easy to assume ‘it won’t happen to me’ – in fact, at present only around 10% of SMEs are insured against cyber security threats.

That is a mistake. The truth is SMEs face significant risk. Small and medium-sized businesses have a 50:50 chance of experiencing a cyber security breach . Perhaps that is why over 70% of businesses say they expect to buy cyber insurance.

But as with any insurance purchase, it is about understanding your risks and buying the right cover to defend against them– and that will boil down to issues like the nature of your business, the data you hold and the security you have in place.

In the end, this is a complex risk area, so it vital to get expert input from a broker who can help you understand the risks you face and defend against them.



[i] National Cyber Security Centre - Cyber Security: Small Business Guide 2017



[iv] Cyber Security: Small Business Guide 2017

[v] Ponemon Institute 2017 Cost of Data Breach Study




[ix] Cyber Security Breaches Survey 2017