Cybersecurity breaches are rife. Last year, 93% of large organisations in the UK had a security breach and 87% of small businesses (with less than 50 members of staff) suffered a similar incident.
Affected companies experienced roughly 50% more breaches on average than they did in the previous year and these breaches cost businesses a considerable amount. The worst case scenario breach for a large company cost on average £450k to £850k and the same event cost a small business on average £35k-£65k. According to the cybersecurity alliance and Symantec many small businesses can actually be taken out of business after a data breach.
When the risk is this great, businesses simply cannot afford to have poor cybersecurity practices, and an integral part of a safe cybersecurity policy is proper insurance.
Current Insurance Probably Won't Cover You
In the UK by law you are required to have employers' liability insurance, and you may well have other kinds of insurance including business interruption insurance, but this won't always cover the cost of cybersecurity breaches. Business interruption insurance may well cover the cost of lost profits, but it won't cover the cost of reputation damage or the actual cash needed to clean out and repair your IT systems.
Since security compromises are becoming increasingly prevalent it's wise to examine your current insurance to investigate what eventualities are covered and invest in add on cyber insurance if you're not protected in the instance of a serious cyber-attack, because as the statistics demonstrate, they do happen.
What's more the EU have proposed regulations which overhaul current data protection laws and will require a company to notify a party if their data has been compromised. If the regulations come in and something happens to your client's data you will be obligated by law to notify them within 24 hours of discovering the breach.
If a company fails to do this they will be fined up to 2% of their annual global turnover. There has been suggestion that this 2% will be raised to 5%.
This has obvious implications for reputation management. It may also mean that Europe and UK follow the trend established in Japan whereby companies pay out "apology money" to compensate for loss of data. If this is the case, insurance will be pivotal.
It also proves to your clients and customers that you take your cybersecurity seriously.
What you need to know before you buy
The cyber insurance market in the UK and Europe is only just starting to grow and those is predicted to take off in the next couple of years, at the moment policies can differ a lot compared to the more standardised policies on offer in the US. That means it's crucial to do your research and establish exactly how a policy may interact with your current insurance. Make sure the policy you are taking actually offers you something valuable and understand how it will protect you in different scenarios.
Insurance isn't an excuse to become lax on your cybersecurity. If anything, it should encourage you to examine your current cybersecurity policies and make sure you are complying with best practice as much as possible.
Naturally, insurers will charge higher premiums if you have a bad cybersecurity policy and they may refuse to insure you if they do not think you are safe enough. Recently insurers refused to insure some energy firms in the UK because their cyber-defences were too weak.
Basic tips to stay cyber-secure:
• Introduce a formal cybersecurity policy
·This should include guidelines for online behaviour, how to deal with BYOD, social media use and use of personal email.
·It should also give clear advice on who to notify if an employee suspects a security breach
•Regularly train all staff in good cybersecurity practices and how to comply with your policy
·This should include training in how to spot potential risks, what to avoid online and what the policy means to them on a day-to-day basis
•If you outsource your IT use an ISO27001 accredited firm
•ISO27001 is the gold standard in data security. Your IT support firm should have it.