Cyber Attacks – do you need separate cover?

When it comes to preparing for a cyber attack, insurance should be one of your last lines of protection. Insurance companies often expect a business to have multiple risk mitigation policies in place to help reduce both a security breach disruption and also the premium on your cyber insurance policy.

Your risk mitigation policies should include an up-to-date anti-virus and anti-spam tool plus system backups which get tested regularly. Firm rules around passwords are essential, along with teaching your staff what a cyber attack or threat is, and how they can help prevent it.

Insurance, can play a role. “I liken it to the mythical beast from Greek legend called Hydra, a serpent with many heads. That’s what cyber protection is like, because it can come up in lots of different policies,” says Steadfast’s broker technical manager, Michael White.

Having a cyber insurance policy provides some cover in the unfortunate circumstance of a financial loss due to a cyber attack. These types of events can include ransomware attacks, where a criminal blocks a company out of its own IT system in exchange for a ransom. Another cyber threat could be a malware attack where a criminal accesses a business’ IT system to store malicious software, for example a tool that steals customer data or infects the firm with a virus. Some sources believe there are over 350,000 malware attacks per day!

Emergence Insurance, a cyber insurance specialist underwriting agency conducted a recent portfolio analysis, showing FY19 cyber claims frequency went up 29 percent compared with FY18. In light of this alarming statistic, so few small businesses invest in cyber cover.

Professional, scientific or technical service industries represented 20 percent of claims; healthcare and social assistance 14 percent; and financial and insurance services 12 percent.

A cyber insurance policy will cover a business from the costs incorporated with responding to a cyber threat. These events could include a denial of service attack, resulting in a firm, its clients or staff, not being able to gain access to its own IT system. Insurance covers the cost of lost sales due to the cyber attack, as well as the expense of a technician having to resolve the problem and the economic loss suffered as a result of it.

It’s is, however, important to understand the areas of an attack where cyber policies do not offer any cover. Although cyber insurance policies can offer protection for a financial loss, the do not, however, usually provide protection for a physical loss, White clarifies.

“If someone hacks into a car’s system and causes it to crash, the event would normally be covered under traditional vehicle insurance, rather than by a cyber policy.”

Similarly, if an attack results in the companies servers failing, this can be be construed as property damage and therefore could be covered by a separate policy to the cyber policy.

As you can see, businesses require a number of seperate insurance policies to ensure, not only their property is protected, but also digital assets and goodwill are properly covered in the event of a cyber attack. It is advisable to chat with an insurance broker so you can be reassured you have the right protection in place should you find you business under a cyber attack.

To find out more about cyber policies for your business, get in touch with High Street Insurance Brokers.