Cyber insurance: the easy way to deal with a cyber-attack
Unless you’ve done brilliantly and managed to avoid all news and social media lately, words such as ‘cybercrime’, ‘hack’, ‘malware’ and ‘phishing’ will be all-too familiar.
What’s worrying is you often see them alongside a household name and its latest tech-security related disaster.
That’s worth a moment’s thought. These guys can deal with almost any problem simply by opening their wallet, so how come they’re still on the front page for all the wrong reasons? Clearly, their big budgets and big IT departments aren’t enough to keep cyber criminals at arm’s length.
If the established businesses can’t keep themselves safe, what hope is there for a fresh-faced entrepreneur like you?
The answer might be, rather dispiritingly, not very much. Of course prevention is better than cure, and we’d always advocate maintaining robust cyber security if you can. But there is a certain inevitability about cyber-attacks – a definite case of when not if.
So it’s perhaps not the worst idea in the world to accept that inevitability and put your efforts (and cash) into a solid plan B instead.
There’s no better place to start preparations than the government’s resource-packed Cyber Aware website. It’s free and, if you sign up to the self-assessment Cyber Essentials scheme, a big tick in the cyber security box.
Once you know what the risks are, you need to think specifically about how they’ll affect your business.
With your most pessimistic hat on, if you were the next cybercrime victim, could you keep things ticking over? How much will a cyber-attack cost your business? Will there be consequences for your clients? Does your business have what it takes to survive?
If you answered these with a puzzled look, it’s time to do something about it (and take off the hat).
Change of fortune
Thankfully, protecting your business doesn’t depend on having an army of tech specialists and a sky-high budget.
Cyber liability insurance is a quick and easy solution. It doesn’t stop an attack happening, but it does take care of the cost, time and expertise needed to recover from one.
That’s great but, before you go handing over your credit card, there are a couple of things you need to know.
It makes sense to buy the cover that’ll actually help when you need it. Not all policies are the same and, as always with insurance, you pretty much get what you pay for.
So it’s worth taking five minutes to check your policy has what you need – if you’re not sure what that is, try splitting it into two basic areas:
1. Your financial losses
> Hacker damage
Computers, servers, software and so on are expensive. Having to fix or replace them thanks to a hacker is expensive. Any cyber insurance will, as a given, cover these costs.
An essential part of recovering from a hack is finding out what happened. Forensic IT experts can take time and money to do their thing, and you need to be sure there’s no permanent damage. Your policy will mean these things don’t impact your business.
> Business interruption
How will your business do what it needs to do following an attack? Can you still make money? If you can’t, your insurance should cover your lost income in the time you’re out of action.
Holding your website or data to ransom is a cyber criminal’s favourite. Amounts demanded are often quite small, but just a few thousand pounds can scupper a small business. Decent cyber insurance will cover the ransom, and pay for a specialist to manage the situation for you too.
> Legal costs
Telling customers and regulators there’s a problem and getting legal advice so you know where you stand means getting a solicitor involved. And we all know how cheap they are. Your policy takes care of the bills for you.
2. Others’ financial losses
You’re liable for your clients’ personal data. Keeping it secure is your responsibility and you can be sued for not doing so. If the worst happens, cyber insurance pays a legal specialist to defend you and compensates your customers.
> Multimedia liability
You can be your own worst enemy by, for example, inadvertently libelling a third party in a leaked email. Your cover should protect your reputation and your bank balance by defending you and paying damages you’re liable for.
Once you’ve made the (right) decision to buy insurance, all you have to do is decide how much cover you need.
Easier said than done because there’s no definitive answer.
If you want belt and braces, buy as much as you can afford. Sounds obvious, but nobody needs hindsight to tell you what’s best.
It pays to be sensible and think about:
· How much your business relies on the internet, email and other systems
· How much sensitive or personal customer data you store electronically
· How big your business is (its turnover, if you have employees, who your clients are)
All told, it’s no exaggeration to say the right cover could save your business. Something to think about next time you see the word ‘cybercrime’ on the news.