Cyber & Data Insurance Explained
A UK Government survey estimated that 81% of large corporations and 60% of small businesses have suffered a cyber breach. The average cost of a cybersecurity breach is between £600k – £1.15m for large businesses and £65k – £115k for SMEs.
What is Cyber Insurance?
Businesses of all sizes rely heavily on IT. As a result, where equipment or systems fail or are interrupted, you are exposed to the risks of:
- Business interruption
- Loss of income
- Damage to systems
- Management and repair
- Reputational damage
Cyber insurance is designed to protect against these risks.
“But we have business interruption cover!”
Existing insurance policies, commercial property, business interruption, or professional indemnity insurance, may provide some elements of cover against cyber risks.
However, businesses are purchasing specialised cyber policies to supplement their existing insurance arrangements if they:
- Hold sensitive customer details such as names and addresses or banking information
- Rely heavily on IT systems and websites to conduct their business
- Process payment card information as a matter of course
What does Cyber & Data Insurance Cover?
Cyber insurance covers losses relating to damage to IT systems and networks, or loss of information from these. Policies generally include significant assistance with and management of the incident itself, which can be essential when faced with reputational damage or regulatory enforcement.
Cyber risks fall into first-party and third-party risks. Cyber policies exist to cover first-party or both first-party and third-party exposures.
First-party insurance covers the business’s own assets:
- Loss or damage to digital assets such as data or software programs
- Business interruption from network downtime
- Cyber extortion, where third parties threaten to damage or release data if money is not paid to them
- Customer notification expenses, when there is a legal or regulatory requirement to notify customers of a security or privacy breach
- Reputational damage arising from a breach of data that results in loss of intellectual property or customers
- Theft of money or digital assets through theft of equipment or electronic theft
Third-party insurance covers the assets of others typically your customers
- Security and privacy breaches, and the investigation, defence costs and civil damages associated with them
- Multi-media liability, to cover investigation, defence costs and civil damages arising from defamation, breach of privacy or negligence in publication in electronic or print media
- Loss of third-party data, including payment of compensation to customers for denial of access, and failure of software or systems