The importance of cyber security
Cyber security has been ranked as the top business risk for two consecutive years, as the technology businesses use becomes more complex and the cyber attacks they face grow in frequency and sophistication. The average cost of a cyber incident totals £15,300, and for those where data is stolen—a data breach—the cost can be much higher.
While it's cyber attacks on large businesses that tend to make the news, they’re just the tip of the iceberg. 61% of SMBs have experienced at least one cyber attack, as their cyber security practices are often less mature. In other words, every business is a target.
That’s why cyber insurance is so vital. By taking out a cyber insurance policy, businesses can share their cyber risk with the insurer, empowering them to operate with confidence and thrive in this digital world.
What is cyber insurance?
Cyber insurance, also known as cyber liability insurance and cyber security insurance, enables businesses to reduce their cyber risk. The best policies offer broad coverage, protecting against a variety of cyber incidents from ransomware attacks and data breaches to cryptojacking and social engineering.
An essential part of cyber risk management, cyber insurance helps businesses respond and recover from the financial costs of a cyber event, including loss from operational disruption, remediation and recovery expenses, legal fees, reputational harm, regulatory fines and more.
CFC’s cyber cover goes further, offering the largest in-house team of cyber experts in market to proactively prevent cyber incidents from happening, and rapid incident response to help policyholders recover if one does occur. These types of proactive and reactive services can cost tens of thousands every year but come as standard with a standalone CFC cyber policy, at no extra charge.
Types of cyber insurance cover
Cover under a cyber insurance policy can fall into two broad categories: first-party cover and third-party cover.
First-party cyber insurance
This covers the financial losses that the insured incurs themselves as a result of a cyber event, often one that impacts their own network.
Typical first-party cyber losses includes:
- Incident response: real-time support and advice in relation to the cyber event, legal advice in relation to any legal obligations the business may have, the cost of carrying out forensic investigations to remove malware and determine the root cause of the incident and what has been accessed, the cost of notifying affected individuals that data has been breached, and so on.
- System damage and business interruption: restoring the business’s computer systems and data to the position they were in prior to the cyber event, plus any income loss as a result of system downtime.
- Cybercrime: loss of electronic funds, either through the hacker stealing directly from the business’s online bank account or through employees being tricked into sending funds to fraudulent accounts by social engineering scams, as well as the cost of reimbursing ransom payments in response to a cyber extortion event.
Any business that relies on their computer systems to carry out business operations, stores business critical or sensitive data or transfers money by electronic means is likely to have a first-party cyber exposure.
Third-party cyber insurance
This covers a business for liability actions brought against them due to a network security or privacy event, such as the failure to prevent the theft of personal data. Typical third-party cyber insurance covers:
- Damages: damages that the insured business is legally obliged to pay to third parties.
- Costs and expenses: legal fees incurred to defend the insured business against the liability action (often extending to claimants' costs and expenses if the insured is obliged to pay them).
- Regulatory fines and penalties: fines and penalties levied by regulators and other bodies.
Any business that works with sensitive client data or is responsible for protecting a client’s systems would benefit from this type of cover, including technology companies, financial institutions, healthcare providers and retailers.
How does cyber insurance work
Cyber cover in traditional lines of insurance often falls far short of the cover found in a standalone cyber policy. For instance, property insurance was designed for brick and mortar, not digital assets, and goes so far as to specifically exclude cyber events. Equally, crime policies rarely cover social engineering scams, a significant source of financial loss for many businesses. Cyber insurance is designed to fill these gaps.
What cyber insurance doesn’t cover
CFC provides comprehensive cybercrime cover for a wide range of cyber risks, including incidents that result from human error (cyber events caused be an employee error) and insider attacks (cyber events carried out by rogue employees).
But most policies won’t cover:
- Pre-existing incidents: cyber events that occurred before the policy was purchased.
- System improvements: any costs related to improving a business’s technology systems.
- Known vulnerabilities: if a cyber event is caused by failing to address a known error or vulnerability.
Claims process
CFC has built a simple claims process so that our policyholders can get the support they need, fast.
- Notify
Available 24/7, the fastest way to notify CFC of a cyber incident is through our mobile app, Response. You can also notify via email, phone or the website. - Triage A technical expert will call you back within 15 minutes, to triage the incident and work with whatever level of internal security team you may have. They’ll provide initial advice to help contain and remediate the incident.
- Coordinate, kick-off and engage
You’ll be assigned a dedicated cyber claims adjuster, who will work with you throughout the claims process and help engage with any external partners if required. - Reporting
Throughout the claims process, all stakeholders will be regularly updated on how incident remediation and the claim is progressing. At the end of the process, a findings call will bring the claim to a close.
Cost of cyber insurance
As businesses all differ in size, industry, customer base, the level of cyber security maturity and so on, there is no one-size-fits-all for cyber insurance. Each business has a different level of cyber risk, which means premiums do vary. But what all good policies have in common is that they’re more than worth the investment.
The cost of cyber insurance is influenced by:
- The frequency of cyber incidents, particularly against SMBs
- The severity of cyber incidents
- The proactive prevention and response services on offer
The cost of a cyber policy depends on:
- The type and volume of data stored
- Business revenue and industry
- Cyber security measures already in place
- Number of employees
- Policy terms, as with any insurance product
How to choose a cyber insurance policy
If you don’t know what to look for in a cyber policy, then it can be difficult to pick out the right cyber policy for you—particularly as cyber insurers mostly differ in the breadth of cover and services they provide. Here’s what to ask when selecting a policy.
What does the cyber insurance cover?
Going with an insurance provider that offers a broad cyber policy means that businesses can focus on what they do best, rather than worrying about if they’ll be covered for a cyber event. CFC’s comprehensive cyber cover is backed by more than 20 years’ experience in the market.
How much will it cost?
As cyber insurance enables businesses to share their cyber risk, the size of that risk determines the cost of the policy. The level of cyber risk is determined by business size, industry, audience, and the current level of cyber security practices. The better a business’s cyber risk posture, the lower the level of risk they represent. Other factors that influence the cost are the level of technical services some insurers provide.
While the cost varies depending on the business, cyber insurance has proven to be a very cost-effective way to alleviate cyber risk. Sitting alongside good cyber security practices, cyber insurance can be the difference in a quick recovery following a cyber event and a business-endangering loss.
Want to get a cyber insurance quote? If you're a business, contact your insurance broker. If you're a broker, reach out to our cyber underwriting team.
Do you offer sophisticated proactive and reactive services?
Cyber insurance works in partnership with cyber security, to help protect against the risks of the cyber realm.
CFC provides vulnerability scanning, threat hunting and real-time cyber attack prevention from the moment a business binds. We’ve built the largest in-house incident response and claims teams in market, to help stop cyber attacks from happening, ensure a rapid response when they do and get businesses back on their feet as quickly as possible. Learn more about proactive cyber insurance here.
How to assess your own risk
Taking a cyber threat assessment can be a helpful way of determining a business’s cyber risk. But assessments don’t tell the full story, providing only a snapshot of network health at one time, when the landscape of cyber risk is changing constantly.
Discover the level of cyber risk for specific industries in our heat map.
Case studies: Cyber insurance in action
Law firm leakage
This law firm failed to spot a malicious email attachment, opening the door to a full-blown ransomware attack that resulted in business downtime. Here, the cost of legal assistance, a forensic team and the ransom demand would have run into the hundreds of thousands.
Since the law firm had taken out cyber insurance with CFC, our incident response team and network partners offered advice in relation to the ransomware variant and the group responsible for it, conducted a forensic investigation into the root cause, determined whether data had been exfiltrated, provided legal advice and removed stolen data after it’d been published online. That’s on top of cover for financial loss.
Recruitment ruse
This recruitment firm unwittingly welcomed a fraudster into its ranks, after an employee fell for a phishing scam that resulted in a significant payment being misdirected. The funds were deemed unrecoverable, with the actual bill still to be paid.
The firm recouped lost funds under the crime section of its cyber insurance policy with CFC, which provides cover for social engineering-style losses such as this.
Getting started with cyber insurance
With cybercrime costing the world trillions each year, any modern business can use cyber insurance as an invaluable tool for mitigating cyber risk.
With over two decades’ experience in cyber, CFC is one of the most established providers in the market. Not just here if the worst happens, our proactive service is designed to get businesses ahead of cyber risk.
Learn all about comprehensive cyber cover in our cyber insurance guide. Reach out to our expert team with any questions at cybermarketing@cfc.com.