What to look for in cyber insurance coverage

Select the right cyber insurance coverage for your business with key insights in this comprehensive overview. It’s time to safeguard your business against cyber threats.

Cyber Article 12 min Tue, Apr 9, 2024

2024: Cyber insurance essentials

Why cyber insurance is a must-have

Whether it’s called cyber insurance, cyber liability insurance or cyber security insurance, this is a product built specifically to mitigate cyber risk—a top business risk in today’s digital world.

Cyber insurance does more than cover financial losses relating to cyber incidents, however. The very best policies come with advanced  cyber security and incident response services to help stop cyber incidents from developing and responding effectively when they do occur—services that would cost thousands without a cyber insurance policy in place.

And the need protection has never been greater. Cyber attacks on global corporations are never far from headlines, but these are just the tip of the iceberg. A huge number of cyber attacks are aimed at small to medium-sized businesses, with 73% of US small businesses facing one in the last 12 months, to which small businesses are particularly vulnerable as they typically have less mature cyber security practices in place. 


Ensuring compliance

As our reliance on technology grows, and cybercriminals become more dangerous, regulators are introducing new laws that make certain protocols mandatory. Often these are aimed at data privacy, such as the EU’s 2018 General Data Protection Regulation, while in the US the Cyber Incident Reporting for Critical Infrastructure Act requires all critical infrastructure entities to report any cyber incidents within a specified timeframe.

Always consider the regulatory landscape in the regions you operate. Complying is not just a matter of staying on the right side of the law, it’s an important part of any strategy for building cyber resilience.

How to identify your cyber risk

Since cyber risks come in different forms, from cyber extortion and ransomware to social engineering scams and electronic compromise, it can be difficult to assess your risk profile. Learn more about individual cyber risks here, but know that every business is unique. So how can you paint a picture of the cyber risks that you are facing?

Firstly, the level of cyber risk varies from industry to industry. See which cyber risks map to your specific industry with our cyber risk heat map, a resource based on a wealth of real-life claims data. Then use our ransomware calculator to learn how much you would stand to lose if hit by a ransomware attack, this resource again based on data gathered from thousands of cyber claims.

It can also help to conduct a risk report or vulnerability scan, so you can discover any gaps in your cyber security. But know these often do not tell the full story, providing just a snapshot of your cyber security at one moment in time rather than a comprehensive analysis of your security over a longer period.

To learn more about your unique risk profile, speak with us. At CFC, we’ve built the largest in-house incident response and claims team in market, and work in collaboration with an extensive group of threat intelligence providers that empower us to stay ahead of the latest cyber threats. So get in touch, we’d be happy to help.

Choosing the right cyber insurance coverage

Aligning cover with your business needs

There are two broad categories of cyber insurance, and the type which is best for your business depends on what you do.

First-party cyber insurance is for any business that relies on computer systems to operate. It covers financial losses the insured incurs themselves as a result of a cyber event, often one that impacts their own network. Typical cover includes incident response services, system damage and business interruption, as well as the impact of cybercrime.

Third-party cyber insurance is for any business that works with sensitive client data or is responsible for protecting a client’s systems, such as technology companies, financial institutions, healthcare providers and retailers. It covers liability actions brought against the insured due to a network security or privacy event, such as the failure to prevent the theft of personal data. Typical cover includes damages the insured is obligated to pay to third parties, costs and expenses such as legal fees, as well as regulatory fines and penalties.

Broadly speaking, taking out a comprehensive policy is the best way of ensuring your business has the protection it needs. Cyber threats come in many shapes and sizes, and there’s nothing worse than taking out a policy that can’t give you cover for a specific event.

Find everything you need to now about what cyber insurance covers, including common inclusions and exclusions, in this article.

Proactive and reactive services

Cyber insurance is much more than words on a page. Always consider the services that come the policy, as insurance providers continue to innovate and develop their cyber security capabilities.

At CFC we provide vulnerability scanning, threat hunting and real-time cyber attack prevention from the moment a business binds  a policy. We’ve built the largest in-house incident response and claims team in market, to significantly reduce the impact of cyber attacks , ensure a rapid response when they do occur and get businesses back on their feet as quickly as possible. All that comes free with a standalone cyber policy.

Learn more about our market-leading cyber insurance here.

How you could benefit

Social engineering: covering financial loss 

Today, social engineering is a top cyber risk, even for those businesses with robust cyber security in place. Just look at this recruitment firm, where an employee fell for a phishing email and unwittingly handed their login credentials to a fraudster. The fraudster gained access to the employee’s account and successfully misdirected a substantial payment. The funds were deemed unrecoverable, with the actual bill still to be paid.

In social engineering scams, the hacker often targets employees rather than directly attacking IT systems. It’s possible for any business to fall victim, regardless of their cyber security posture. Taking out cyber insurance is a great way of mitigating this risk, with good cyber insurance covering lost funds under the crime section of the policy.

Data damage: covering loss and restoring data

According to IBM, the average cost of a data breach is $4.45 million. That’s a huge burden for any business working alone to bear, taking into account the risk of regulatory fines and reputational harm. After all, people are less likely to hand over their data to a business associated with a breach, instead choosing to go with a competitor. And that’s before considering if losing data will impact your ability to operate and trade.

Good cyber insurance covers regulatory costs and fines that result directly from a cyber incident, and provide access to expert PR support if reputations are at risk. At CFC we have carefully crafted our cyber working to help businesses not only recover data that’s stolen but re-create that data if it’s deemed unrecoverable.

Ransomware: minimizing the disruption  

Imagine you experience a ransomware attack, and it’s easy to see how things can escalate. First, malware encrypts your IT systems and data, halting your business operations. The cybercriminal then issues a ransom demand, and every second your business isn’t trading it’s losing money. Recently, a bank with £100 million revenues had an unpatched vulnerability in its virtual private network infiltrated. The cybercriminal encrypted software and demanded a substantial ransom, also claiming they had stolen sensitive data.

In this case, the bank had taken out a policy with CFC. As soon as they notified us, our expert team sprang into action, identifying offline backups that enabled the bank to quickly resume business as usual. We then investigated the root cause of the attack and determined that no data was stolen. The total cost of the forensic investigation, legal fees and hiring of a crisis communications agency came to £140,897—all covered by the bank’s cyber policy with CFC.

“More than a promise to pay, cyber insurance should protect policyholders against cyber threats they’re faced with. That’s why CFC place innovation at the heart of our cyber product.” – James Burns, Head of Cyber Strategy

More than a promise to pay, cyber insurance should protect policyholders against cyber threats they’re faced with. That’s why CFC place innovation at the heart of our cyber product. James Burns, Head of Cyber Strategy

Getting started with cyber insurance

The cyber threat landscape is wide and ever-changing. To stay ahead of risks, it’s best to go with an insurer who offers broad coverage, protecting against a variety of cyber incidents from ransomware attacks to data breaches and social engineering.

Take the next steps on your cyber journey by watching our new on-demand webinar. You’ll discover the core principles of cyber insurance, explore what they matter and look at today’s top cyber threats.