Is cyber insurance worth it?

Cyber insurance protects against losses that result from a range of cyber incidents, including social engineering scams and ransomware attacks. But is it worth the investment? It’s a resounding ‘yes’. Read on to find out why.

Cyber Article 14 min Mon, Jan 29, 2024

With the pressure on to cut costs, any business told it has to purchase cyber insurance might be tempted to resist—and without a full understanding of how cyber insurance works to mitigate cyber risk, who can blame them.

From ‘we outsource our IT infrastructure’ to ‘cyber attacks only impact big businesses’, we’ve heard a lot of reasons for avoiding cyber insurance over the years. But the reality is that almost every business has a cyber exposure—even if your IT infrastructure is handled externally or if you are a small business. After all, hackers target businesses that are vulnerable, not valuable.

What’s certain is that as cyber incidents continue to grow in cost, and cyber policies offer more innovative and effective services, cyber insurance is not just a cost-effective way of mitigating cyber risk. It’s one of the best investments any business can make.

What is cyber insurance?

Good question!

Whether it’s called cyber insurance, cyber liability insurance or cyber security insurance, this product helps businesses respond and recover from the financial costs of a cyber event. That includes loss from operational disruption, remediation and recovery expenses, legal fees, reputational harm, regulatory fines and more.

CFC’s cyber cover goes even further. Our comprehensive, standalone product not only covers financial loss. Through proactive and reactive services, we help to prevent cyber incidents from happening in the first place—and respond effectively when they do occur.

The different types of cover

Cover under a cyber insurance policy can fall into two broad categories: first-party cover and third-party cover.

First-party cyber insurance covers the financial losses that the insured incurs themselves as a result of a cyber event, often one that impacts their own network. It typically includes expert support to resolve the cyber incident and restore systems and data to the position they were in prior to the incident, and reimburses loss of electronic funds and ransom payments.

Third-party cyber insurance covers a business for liability actions brought against them due to a network security or privacy event, such as the failure to prevent the theft of personal data. It typically includes damages the insured is legally obliged to pay to third parties, legal fees incurred to defend the insured against the liability action, and fines and penalties dealt by regulators and other bodies.

Who needs it?

Every business with a cyber exposure would benefit from cyber insurance—that’s almost every business!

Not sure if you have a cyber exposure? Businesses that rely on computer systems to carry out business operations, store data or transfer money by electronic means are at risk and should purchase first-party coverage. While businesses that work with sensitive client data or are responsible for protecting a client’s systems should look for third-party coverage.

See how different industries are exposed to cyber risk in our cyber risk heat map.

What about cyber security?

An important role to play

Cyber security has been ranked no less than the top business risk for two consecutive years, with 61% of SMBs having experienced at least one cyber attack.

Businesses don’t only have cybercriminals to keep an eye on, however. Cyber compliance is rising quickly up the agenda for CISOs worldwide. The General Data Protection Regulation changed how businesses handle the data of European citizens, while in the US several states have their own cyber security and data breach laws for businesses to abide by. As cybercrime continues to increase, the regulatory landscape will only become more complex.

Despite this, a recent study found that 47% of small businesses have no cyber security budget at all.

Better together: Cyber security and cyber insurance

Cyber insurance isn’t a replacement for effective cyber security practices, it provides a different service. The two work in partnership, all the stronger to minimize the risks of operating in the world of cyber.

To understand their relationship, it helps to look at property insurance. Buildings are fitted with alarms and sprinklers, but taking out property insurance is still seen as standard practice. Cyber security measures are like your alarms and sprinklers, but cyber insurance is still a must to help businesses get back on their feet.

The pros of cyber insurance

Financial protection

The costs associated with cyber incidents are damaging and wide-ranging. Typically, they can include:

  • Loss from operational disruption
  • Remediation and recovery expenses
  • Legal fees
  • Hiring of expert teams
  • Regulatory fines
  • Ransom payment
  • Reputational harm
  • Loss of customer loyalty

That’s a huge burden for any business to handle alone, which is why cyber insurance is so valuable. Cyber insurance empowers businesses to share their cyber risk with the insurer. With a comprehensive policy, they can receive cover for financial loss resulting from a range of cyber threats and exposures, safeguarding their short and long-term future if a cyber incident occurs.

Business continuity

If your business can’t operate, it will lose money, customers and your hard-earned reputation. Whoever first said ‘time is money’ would be absolutely shocked to hear downtime after a ransomware attack lasts on average an entire 24 days.

Good cyber insurance is much more than words on a page. At CFC, we’ve assembled the largest incident response and claims team in market, here to help you recover quickly and effectively when a cyber incident hits. On-call 24/7, our team of over 130 cybersecurity specialists provides a range of proactive security services as well as post-event remediation to get our customers back online fast.

Risk management

Strong cyber risk management is essential if you are to comply with an evolving regulatory landscape and minimize your cyber exposure. But many businesses are working with limited cyber security budgets. Here, cyber insurance is a great, cost-effective way of filling the protection gap.

Offered free of charge to customers, CFC’s bespoke suite of cyber security tools is delivered through our award-winning mobile app, Response. Response allows users to activate critical tools including deep scanning, dark web monitoring and phishing simulation, get free advice from our expert cybersecurity team, and quickly notify us of any cyber incidents for immediate technical support. 

The cons of cyber insurance

It comes with a cost

Without fully understanding how cyber insurance works, it’s easy to dismiss as an unnecessary cost. When in fact it offers great value to any business.

The cost of cyber insurance is influenced by:

  • Business size and industry
  • Annual revenue
  • Volume of sensitive data
  • Cyber security posture
  • The proactive prevention services on offer

Today, the average cost of cyber claims is substantial, far exceeding the average cost of cyber premiums. And considering the proactive and reactive services on offer, it’s clear that cyber insurance is more than worth the money. Find out more in this piece exploring three reasons why cyber insurance represents great value for any business.

Limitations

The same as any insurance policy, to activate cyber insurance certain conditions need to be met. Taking out broad cover from CFC can offset this risk and provide invaluable peace of mind—if a cyber attack hits, you can focus on your business instead of worrying if you have the right cover.

CFC provides comprehensive cybercrime cover for a wide range of cyber risks, including incidents that result from human error (cyber events caused be an employee error) and insider attacks (cyber events carried out by rogue employees).

But most policies won’t cover:

  • Pre-existing incidents: cyber events that occurred before the policy was purchased.
  • System improvements: any costs related to improving a business’s technology systems.
  • Known vulnerabilities: if a cyber event is caused by failing to address a known error or vulnerability.

Cyber insurance in action

Thwarted threat

As cybercriminals looked to exploit a Microsoft Exchange Server vulnerability, this machinery manufacturer nearly fell victim to a malicious software attack. Fortunately, CFC entered the picture before it was too late.

Harnessing a range of internal and external resources, our vulnerability scans detected the presence of a web shell and the precursor malware on the manufacturer’s computer systems. We notified the insured straight away, stressing that a ransomware attack was likely to hit imminently. Our cyber security team then led the manufacturer’s IT team through the issue, explaining how to delete the malware and remove the web shell. The ransomware attack was foiled without any costs being incurred by the insured.

Law firm leakage

This law firm failed to spot a malicious email attachment, opening the door to a full-blown ransomware attack that resulted in business downtime. Here, the cost of legal assistance, a forensic team and the ransom demand would have run into the hundreds of thousands.

Since the law firm had taken out cyber insurance with CFC, our incident response team and network partners offered advice in relation to the ransomware variant and the group responsible for it, conducted a forensic investigation into the root cause, determined whether data had been exfiltrated, provided legal advice and removed stolen data after it’d been published online. That’s on top of cover for financial loss.

Recruitment ruse

After an employee fell for a phishing scam, this recruitment firm unwittingly welcomed a fraudster into its ranks. The fraudster managed to misdirect a significant payment, with the funds deemed unrecoverable and the actual bill still to be paid.

The firm recouped lost funds under the crime section of its cyber insurance policy with CFC, which provides cover for social engineering-style losses such as this.

So is cyber insurance really worth the investment?

Cyber insurance isn’t expensive, cyber attacks are

Today, practically every modern business has a cyber exposure. Unfortunately, this isn’t the kind of problem that will just go away. It needs to be addressed, and the best way of doing so is by embedding strong cyber security measures and investing in a cyber insurance policy.

Backed by 20 years’ experience in cyber, CFC has received industry recognition for our cyber product. Our award-winning insurance is protecting thousands of businesses across the world, as we look to minimize cyber exposure and perhaps even turn the tide on cybercrime.

New to cyber insurance? Learn everything you need to know in this guide. Reach out to our expert team with any questions at cybermarketing@cfc.com.