Businesses have never been more vulnerable to cyber risks – a cyber attack and data loss can lead to disastrous consequences for many companies. For many, IT and data are crucial to the functioning of their business, yet it’s an unfortunate reality that cyber incidents, instigated by viruses, fraudsters and hackers are commonplace in the 21st century. Managing these risks is essential, as well as the risk of genuine human error too. Putting things in place to do so can help you avoid breaking the law, avoid penalties, and make your customer base extremely annoyed and frustrated.
One of the most effective measures you can implement is to get a cyber insurance policy that will protect you against these risks and the legal procedures and additional costs that they usually create. With The Insurance Octopus, a Feefo Platinum awarded cyber insurance provider, you can create a bespoke policy to ensure you have the protection you need and that you aren’t paying a single penny more than you need to. If your requirements change, then no problem. We never charge administration fees for mid-term adjustments, ever.
If you require cyber security insurance to protect your company from human error or a cyber breach, then complete the online form or request a call back. One of our insurance experts will then be in touch to discuss your options, helping to give you peace of mind that your company is protected with adequate cyber insurance cover.
This type of business insurance can protect you from a range of cyber incidents and subsequent claims. Some of these might include:
Compensation For Business Interruption
When you suffer from a cyber event, it can grind your business to a halt. This cover provides compensation for the loss of income you may suffer as a result of an attack.
Support For Data Breaches
With our cyber insurance coverage, you’ll have support available whenever you need it, in the event of hacked data breaches and even an accidental loss of data.
Reimbursement For Hacker Damage
Fixing the damage that has been caused by hackers can be an expensive task. With this cover, your costs will be reimbursed so that your financial circumstances aren’t impacted.
Cover For Legal Action
Data breaches can often lead to legal action which, of course, leads to hefty legal costs. This cover will protect you against these costs.
What Your Cyber Insurance Policy Includes
In it’s simplest terms our cyber insurance protects you from the financial implications that you may incur as a result of a cyber attack or incident. With one comprehensive policy providing protection for your computer systems and data.
With cover for:
- Data breaches: offering support for hacked breaches and accidental loss of data.
- Cyber business interruption: with compensation available for loss of income following a cyber attack.
- Cyber extortion: with cover to protect you should a hacker attempt to hold your business to ransom.
- Hacker damage: with costs reimbursed in the event of a hacker attack.
- Crisis containment: With expert support from a leading public relations firm to help you communicate with customers and various stakeholders in the aftermath of an incident.
Your cyber insurance can also help when defending yourself (or meeting settlements) if you face legal action from a data breach. It could also cover your legal bills and fines if you inadvertently infringe someone else’s digital copyright or you libel a third party online for example.
What if a hacker damages your business IT systems, websites or data files? Your cyber insurance would reimburse the costs of repairing, replacing or restoring such items.
A Cyber Liability Insurance Broker
Providing Cyber and Data breach insurance to small businesses
Your IT and data are the lifeblood of your business. But hackers, viruses and online fraud are now a feature of everyday life. Nor is data loss always due to malicious IT problems at the hands of cyber criminal. You only need to read the media to realise that even big brands with deep pockets can fall victim to human error and oversights.
Keeping data private and secure is a continuous, round the clock battle. It has never been more closely scrutinised either, as a result of the EU GDPR. The ripple effect of any form of data breach can be substantial. This includes hefty financial penalties, but also loss of reputation and damaging disruption to day to day business.
Managing these risks is commercially vital. When it’s done properly, it could even mean the difference between recovering quickly or going out of business – which is why we offer cyber insurance along with our large portfolio of insurance products and services.
Our cyber policies give your business a single insurance policy to protect you against many modern-day IT perils. It includes cover – and peace of mind – to help you even if the worst does happen.
What is Cyber Insurance?
When you’re using the internet or any form of IT to run your business, you’re instantly at risk of cyber security incidents that could lead to your company suffering drastically. To mitigate the impact of these risks and threats, it’s important to take out cyber insurance – a specialist form of business cover that’s designed to provide support for businesses that rely on IT in some way. Cyber insurance covers attacks designed to disrupt access to devices, systems and networks, as well as issues caused by human error, such as an accidental loss of data. No matter how protected you think you are or how unlikely you think it is, you never know what’s around the corner.
Regardless of whether you’re a small business, a large corporation, a contractor or a freelancer, you could be a victim of cyber crime or a data breach at any time. You might think you don’t need to take out cyber insurance, either because you’re only a small business or because you’re a large company with existing measures – like antivirus software – in place. However, cyber criminalists are getting more sophisticated by the day and can carry out attacks that are detrimental to businesses. That’s why it’s vital to have the right cover – the correct cyber security policy can help to resolve some of the issues that arise as a result of a cyber security breach. If you operate online and handle a large volume of data, having cyber cover is an essential component of risk management.
Here at The Insurance Octopus, our cyber crime insurance specialists can create a bespoke policy that fits your circumstances and your needs, whilst protecting your business’s income, customers and reputation in the event of a cyber security breach. When it comes to business insurance, and cyber insurance more specifically, we know that a ‘one size fits all’ approach simply doesn’t cut it. That’s why we’ll analyse your turnover, number of employees, and the number of devices you’ve got that are connected to the internet to design a policy that’s right for you. We’ll ensure you have all the cover you need but that you don’t pay a penny more than you have to.
What Your Cyber Insurance Policy Includes
In its simplest terms, our cyber insurance protects you from the financial implications that you may incur as a result of a cyber attack or incident. With one comprehensive policy protecting your computer systems and data.
Our protection provides coverage for:
A breach of security that results in unintentional or unlawful destruction, loss, alteration, unauthorised disclosure, or access to personal data is referred to as a data breach. This encompasses both unintentional and intentional breaches. The UK GDPR requires you to notify the people affected directly and as soon as possible, particularly if a breach is likely to result in a high risk to their rights and freedoms. Our policies offer support for hacked breaches and accidental loss of data, by covering the subsequent costs including forensic investigations, notifying the relevant parties, credit monitoring support for customers and legal advice.
Cyber Business Interruption:
Damage caused by hackers may prevent you from earning an income for a significant period of time. As a result, you can face a loss of income and a damaged reputation, both of which can be detrimental to the survival and the success of your business. With our cover, there’s compensation available for loss of income following a cyber attack. Not only that, but we’ll provide support to help mitigate the damage that has been done to your reputation.
This is an online crime where hackers will hold your systems, data or site until you meet their demands, which are usually for ransom payments. Many tactics are used to do this, although the most common is ransomware. This involves a hacker tricking an employee into opening a link or file within an email. By clicking it, the employee activates the ransomware which encrypts your servers and data. If a hacker attempts to hold your business to ransom, we’ll protect you by covering any ransom you pay. We’ll also cover the costs of hiring a risk consultancy firm to manage the situation.
Hackers can do all kinds of damage to your business once they’ve accessed or ruined your files and data. As a result of this damage, you may need to invest in restoration, a repair or a replacement for your systems, data, website and programs, and this certainly isn’t cheap. Yet with our cyber insurance, you’ll be reimbursed for these costs, should your business suffer from a hacker attack.
Our support goes far beyond compensation. We know that a cyber incident can be detrimental to the reputation of a business, and breaking the news of an event like this needs to be done in the right way. That’s why we provide expert support from a leading public relations firm to help you communicate with customers and various stakeholders in the aftermath of an incident.
If you’ve failed to keep personal data secure, then we can help you to settle the claims that are made against you, in relation to this failure. Our policy also covers regulatory investigation costs, and we can also help to settle any civil penalties applied by regulators, if possible.
If you accidentally infringe someone else’s copyright, then we’ve got you covered. For example, you may have used a picture without permission from the original owner, or you could libel a third party in your digital communications. Whatever it is, we can support you when it comes to media liability.
Your cyber insurance can also help when defending yourself (or meeting settlements) if you face legal action from a data breach. It could also cover your legal bills if you inadvertently infringe someone else’s digital copyright or you libel a third party online for example.
What if a hacker damages your business IT systems, websites or data files? Not to worry, your cyber insurance would reimburse the costs of repairing, replacing or restoring such items.
Who Might Need Cyber Insurance?
Every company that holds data and relies on its IT to do business should consider cyber insurance.
However, it is particularly vital if you hold sensitive information on customers, such as financial or health details.
This includes professional or financial service firms, but also manufacturers, retailers and businesses in the tourism and hospitality sectors.
Don’t assume if you are an SME that you are immune from cyber crime either. IT issues such as malware (malicious software) and ransomware (which demands financial payments) are all too common. They can impact companies of all types and sizes.
Having a trusted partner available to help you to deal with such issues can be crucial. To fully understand “what is cyber insurance” and what does it cover, contact us. We can discuss your organisation’s risks and the help you will need to recover quickly from a data breach.
Cyber Insurance For Various Markets
Nowadays, most businesses will rely on IT and technology to operate, even if their services or products aren’t delivered using IT. For example, many will use software and systems to store sensitive customer data, regardless of the industry you’re in, and fall victim to cyber attackers. Here are just some of the sectors that would benefit from a cyber attack insurance policy:
Tradesmen & The Construction Sector
Traditional sectors are often guilty of thinking that they won’t be impacted by a cyber attack, but this mindset in itself can make them vulnerable if they fail to invest in adequate protection. Even in the construction sector, data breaches are still a possibility, especially on email platforms – data breaches can commonly involve misdirected emails. They may also occur accidentally by employees, especially if they decide to ‘take their work home’ and send it to their personal email so that they can work on it from a personal device as opposed to a work one.
Even if you’re an independent restaurant as opposed to a national chain, you still need to protect your business from hackers. The customer information that you store, such as card details and email addresses, is extremely valuable to a hacker. You can protect yourself by educating your staff on cyber security practices, investing in a firewall and other security controls, and getting a cyber liability insurance policy.
Shops / Retail
The retail industry is particularly vulnerable to these incidents and attacks, especially because they store information relating to cardholder data, personal data and intellectual property, all of which a cyber criminal would be able to exploit. Within this sector, poor wireless security allows hackers to gain access, many of which then go on to steal customer card data. As well as this, an inside job can go undetected for years to come. With all that in mind, investing in an adequate insurance policy is essential.
For hotels, a cyber security breach can be fatal, as widely documented in the past. Again, hotels store personal data that is of great value to hackers, including customer email addresses and payment details. If your hotel does suffer a breach of security, not only does it affect your reputation and your brand, but the legal impact can be significant. Many hotels are now aware of the risks and are implementing plans to protect information. However, despite these measures, it’s still important to be protected with adequate insurance in case you incur any financial or legal costs as a result of a security breach.
eCommerce / Online
Whether you’re a small business with only a couple of employees or a global company, you must put measures in place to protect the sensitive information that you store. Cyber criminals will use a variety of methods to obtain this information – some of the most common are phishing (where you’re tricked into clicking a malicious link), distributed denial of service attacks or ‘DDoS’ (where a botnet is used to flood your systems, servers and networks), brute force attacks (where a password-guessing program is used to break into your systems), and SQL injection attacks (where a malicious code is inserted into a server that uses SQL). There are a variety of ways to protect yourself, and taking out a cyber insurance policy is one of the main ones.
Hair & Beauty
Contrary to popular belief, this industry is just as susceptible to cyber attacks as any other, even though the service isn’t delivered online. Many salons still store sensitive information online, such as their clients’ email addresses and payment details. Cyber criminals therefore pose a threat to your business, but so does poor organisation and a lack of understanding. One of the most common ways for cyber criminals to harm a business is to send an email attachment to an employee who believes this is from a trusted source and opens it. It’s therefore important to educate your staff, as well as ensure that you have the right measures in place, including cyber insurance.
Finance & Accountancy
Cyber attacks are all too common in the financial sector, mainly because that’s exactly where the money is and that’s usually what cyber criminals are looking for. Attacking financial institutions gives attackers multiple options to make a profit, including theft and fraud. Some may even choose to target this sector for political or ideological reasons. Popular methods of attack include phishing, DDoS, artificial intelligence and advanced persistent threats (APTs). Whatever the motive and methodology, cyber attacks on financial firms can have grave consequences for the institution itself, not to mention the customers.
Like many companies, law firms now rely on IT and technology to deliver their services and store their data. Regarding the latter, a lot of this data is confidential and sensitive information. Therefore, cyber threats are common within the legal sector and include phishing, data breaches, ransomware attacks, and supply chain compromise. This can be devastating not just for the firm, but for their clients too. It’s important that law firms recognise vulnerabilities and put the relevant protections in place. One of the key parts to this protection is having cyber insurance to protect your business, both financially and reputationally.
Protect Your Business From These Cyber Attacks – Malware, Trojans, Phishing & More
Protecting your business from cyber threats and network attacks can seem a daunting task, but it’s imperative for the safety of your company, your staff and the customers you serve. To ensure you are fully aware of the various types of cyber attacks, we outline and detail them below.
Malware relates to a whole array of attacks including spyware, viruses and worms – using a network vulnerability to breach the network when a user accidentally clicks on a dangerous link or email attachment, which then unfortunately installs malicious software inside of the network and/or system.
With it comes to computer systems, malicious software may:
- Remove access to the critical parts of your business network.
- Steal information by obtaining data from your hard drive.
- Disrupt the system and even make it unusable.
The most common types of malware include:
- Viruses: This malware infects applications by attaching to the initialisation sequence. The virus works by replicating itself, and then infecting code in the computer’s system. Viruses may also attach themselves to executable code or create file viruses by creating a copy of a current with an .exe extension, thereby establishing a decoy which carries the virus.
- Trojans: A malicious program that hides inside a beneficial one. Deceiving users into downloading it, a trojan allows cyber attackers entry to your system for exploitation purposes.
- Worms: These are usually installed through email attachments, sending a copy of themselves to each and every contact in an impacted computer’s email list. Most commonly, they are used to overload an email server and create a denial-of-service attack.
- Ransomware: A cyber attack that denies access to an individual’s data, threatening to publish it publicly, or deleting it unless a costly ransom is paid. More advanced ransomware may use cryptoviral extortion, encrypting a victim’s data so that it can’t be decrypted without a decryption key.
Spyware: A program that gleans information from users, their operating systems and browsing habits, and sends this data to another user. The cyber attacker can then use this information for blackmail, or send through malicious programs from around the world wide web.
Phishing is a common cyber threat and revolves around sending mass fraudulent emails to unsuspecting users, seemingly arriving from a trustworthy source.
These fraudulent emails typically look legitimate, but actually link the recipient to a malicious file or script which provides the cyber attackers with access to your computer, laptop or other such electronic device, to either control it, or install malicious scripts and/or files, or to extract data such as personal data and financial information. What’s more, phishing attacks can also take place through social media networks and online communities – for example through direct messages from users with malicious intent. Phishing may also use social engineering tactics and sources of public information to discover your interests, hobbies and work activities – helping to create an illusion of who they are, and convincing you that they’re who they claim to be.
Phishing attacks can include:
- Spear Phishing: Specifically targeted attacks at companies, organisations and even individuals.
- Whaling: Attacks targeting senior members of staff and key stakeholders within an organization or business.
- Pharming: Using DNS cache poisoning to steal user credentials via a fake login landing page.
Phishing attacks can also occur through the telephone – known as voice phishing, and via texts – known as SMS phishing.
Man-in-the-Middle (MitM) Attacks & Denial-of-Service (DOS) Attacks
An MitM attack happens when a cyber attacker interjects a two-party transaction, and places themself right in the middle of the business deal. By doing so, they can steal and disrupt data, and even prevent traffic from visiting your website. It’s this type of attack that highlights security vulnerabilities in a network – for example, an unsecured public WiFi, where a cyber criminal can insert themselves between a user’s device and the network. MitM attacks can be very tough to detect, because the victim believes their information is going to a trusted destination. Still, the damage can be overwhelming, with personal information being stolen, resulting in much stress and financial loss.
DOS attacks involve flooding systems, servers and networks with lots of traffic to overwhelm resources and bandwidth. This renders the system inoperable and unable to process and action requests. DoS attacks permeate a system’s resources with the aim of hindering response to service requests. On the other hand, a distributed denial of service attack (DDoS attack) is launched from a number of infected host machines and aims to deny service to the system, by taking it offline and allowing cyber attacks to enter the system far more easily.
Examples of DoS and DDoS attacks include:
- TCP SYN flood attack
- Teardrop attack
- Smurf attack
Along with SQL injections, password attacks and cross-site scripting, there’s much at play when it comes to cyber attacks, cyber security and ensuring you back up the information, files and data that is key to business processes. A cyber insurance policy from The Insurance Octopus can help should you ever suffer from such an attack, assisting with cyber extortion, hacker damage and media liability. To learn more, and for your bespoke cyber insurance quote, please click here.
Cyber insurance is Just One Fundamental Step Towards Complete Cyber Protection.
Small business can be easy prey for cyber criminals
Even the most secure companies suffer data breaches which is why having dedicated cyber insurance cover is oh so important for a range of small businesses, helping to protect your businesses income, customers and reputation.
Only pay for the exact cover you need
Our team of cyber insurance specialists will always look to tailor a policy that meets your unique and exact needs. There is no off the shelf solution when it comes to business insurance, so when it comes to designing a policy for you we’ll look at all aspects of your business from turnover, or number of employees to the number of internet connected devices you use within your business.
Why Choose Us For Your Cyber Insurance?
We proudly make buying insurance different and our cover comes with a range of benefits.
Up to £2 million of cover
While we can’t stop hackers or data breaches, we can give our customers comprehensive cyber cover that they can rely on. With up to £2m worth of cover available on demand.
Fast specific cover
To help save you both time and money. We compare prices from a range of different insurers so you don’t have to.
Specialists who understand your profession
Connecting you with agents who specialise in your field. They understand many of the challenges you face, & can tailor a policy to your needs.
Easy claims process
Any and all businesses no matter their size can become victims to cyber crime. So it helps to know that if something does go wrong that you’ve got a dedicated team of specialists on hand to make the claims process as quick and stress free as possible.
No mid term fees, ever
Make adjustments to your cyber cover as and when you need with our flexible cover. We don’t charge any mid-term fees at all during the life of your policy.
How Cyber Insurance Works
Examples of Cyber insurance in action
A Disastrous Data Breach
A small business named His and Hers is operated by two sisters and located in Swansea. They sell a variety of men’s and women’s clothes out of their medium-sized brick and mortar store, located in a retail park. They also fulfill online orders through their own website which is hosted via a well known eCommerce platform… continue reading
Pay Up, or Else
A small firm of accountants operates out of an office located on a high street in Kent. The small business has five employees, and serve a variety of local businesses and residents with accounting, tax, and financial advisory needs… continue reading
How much does cyber insurance cost?
At The Insurance Octopus, we offer tailored policies that are built around your business and your needs. As such, there is no set price for a cyber policy, although they tend to start at around £182 a year. Because we tailor our policies based on the level of coverage you need, the risk your business faces and your annual turnover, you can rest assured that you’ll have everything you need, but won’t pay a penny more. Included in the price is cover against breach costs, hacker damage, privacy protection, cyber business interruption, cyber extortion, and media liability. Remember, investing in cyber insurance provides great value for money – cyber incidents can be costly and you could face huge consequences, all of which cyber insurance can protect you against.
What are the most common cyber insurance claims?
Inevitably, as the dependence on technology continues to grow, so too do the number of cyber incidents, and therefore the number of cyber insurance claims. The reasons why businesses need to make a claim can vary from attacks to employees simply not paying attention. Here are just some of the most common cyber insurance claims that we see here at The Insurance Octopus:
- Human error
- DDoS attack
- Misleading communications
- Unauthorised access
- Data breaches
- Rogue employees
As you can see, cyber incidents and attacks can happen in many forms – it’s important to understand the risks, mitigate them, and protect yourself with cyber insurance.
Do cyber criminals target small businesses?
When larger corporations fall victim to cyber criminals, these cases are often high profile and hit the news in no time. As a consequence, many small businesses get complacent and are under the illusion that they are too small to be a target. However, that couldn’t be further from the truth – cyber criminals still target small businesses. Any sensitive data, such as email addresses and payment details, are highly sought after by cyber criminals, and small businesses often don’t have the measures in place to protect this information from an attack. As such, they can become an easy target.
Why is cyber security important?
Now more than ever, cyber security is vital for several reasons. Firstly, cyber incidents are more commonplace than ever, so it’s important to protect your business from the threat. Secondly, without cyber security, you could lose crucial data, bringing your business to a halt. Thirdly, not only could you lose data, but you’ll also lose credibility, reputation, trust from customers and money. Regarding the latter, reversing the effects of cyber incidents can be costly, as are the penalties you could face from regulatory bodies. In fact, these penalties are so significant that they cripple many businesses.
What is cyber liability insurance?
Cyber insurance, also known as cyber risk insurance and cyber liability insurance, is a policy that helps protect businesses and organisations of all shapes and sizes from the potential fallout of cyber attacks, network attacks and hacking threats. Having this in place can help reduce business disruption during a security breach and afterward, as well as help to cover the financial and reputational costs associated with such an event. Recovery can also be an overwhelming and financially difficult situation to deal with alone; therefore, finding a policy that comprises backup solutions and restorative processes is always a good idea.
However, there are certain aspects that a cyber insurance policy can’t protect against, and it’s key that every business ensures it understands what is and isn’t covered before they sign a contract. While having some form of cyber insurance in place can help a company should a cyber attack occur, the business is still responsible for managing its own cybersecurity and ensuring it has processes in place that keep its online practices secure.
As the National Cyber Security Centre states in its guidance: ‘’Cyber insurance will not instantly solve all of your cybersecurity issues, and it will not prevent a cyber breach/attack’’. This is up to you, as the business owner or chief security officer – otherwise, you could be in breach of GDPR and your own industry regulations.When it comes to who may need cyber liability insurance, any business that has an online component or stores electronic data could benefit, as could any company that depends on technology for its operation. Personal data such as customer contact details, staff information and sensitive financial data could all be hacked maliciously by cyber criminals and sold on for big money. There’s also the possibility that cyber hackers could cripple a network with ransomware. You may think your business may never fall foul of this, but you’d be surprised how often small businesses are virtually broken into and how much can be lost. That’s why a cyber insurance policy is so important, to ensure your losses are minimal, and that everything is taken care of should the worst happen.
What is cyber liability insurance?
- Data breaches – We can provide extensive support for hacks and accidental loss of data, ensuring that your reputational damage is minimal, and that your clients are kept secure.
- Business interruption insurance – Should damage caused stop you from earning an income – for example, because your website becomes inoperable and therefore trading has to halt from your online platform – then your insurer can cover any loss of income, therefore not hindering your financials.
- Cyber extortion – This is the act of demanding extensive payment through data compromise or a denial of service attack. Your insurer can cover any pay out you are being extorted for.
- Hacker damage – If a hacker causes you loss by either damaging, destroying, altering, corrupting, or misusing your website, intranet, network, computer systems or data that you store electronically, or steals it, then your insurer can provide you with restoration support, as well as compensation for any losses.
- Crisis containment – We know that damage is far more lasting from a reputational point of view if data breaches, unauthorised access and hacks are not handled correctly. Our strong relationship with a leader in public relations can help you to appropriately address any unexpected issues, ensure the necessary damage control occurs and that your clients and key stakeholders have all the information they need to rebuild their trust in your capabilities.
Also covering privacy protection, media liability and other useful insurance policies, our cyber insurance solutions are as extensive as they are useful.
What types of attacks can cyber insurance cover?
Due to the variety and severity of cyber attacks, we can cover the majority of security breaches, such as:
- Malware: This is any type of malicious software created to exploit any programmable device, network of service, and it is typically used to extract key data that cyber criminals can leverage over businesses for great financial reward. What this key data is will vary from business to business, but it often pertains to personal information, such as client data, healthcare records and credit card details. Should this fall into the wrong hands, the misfortune that can befall the data owners could be detrimental.
- Phishing: A phishing attack is where a cyber criminal attempts to trick a company into handing over their key information – for example, passwords, credit card details and intellectual property. Common phishing attacks include emails pretending to be from legitimate organisations, such as your bank.
- Man-in-the-Middle attack (MitM): This is where a cyber hacker intercepts the private conversations and communication of two parties to effectively spy on them both, steal private information or even alter it in some way.
- Distributed Denial-of-Service (DDoS) attack: This is where a hacker completely floods a server with traffic to disrupt it, potentially even bringing it down.
- Structured Query Language (SQL) injection – Specific to SQL databases, this cyber attack uses SQL statements to query data, exploit the HTML of the website and modify it with malicious intent.
- A zero-day exploit: This is where cyber criminals learn of a specific vulnerability in industry-wide applications or operating systems, which they then exploit to target the businesses that use them.
- Cryptojacking: A cyber threat where a user’s device is compromised to mine cryptocurrencies, such as Bitcoin, Ethereum and Tether. What’s particularly bad about this is that a hacker could be using valuable network resources to mine a cryptocurrency without your business having any knowledge of them doing so.
- A Drive-by Attack: This is an internet-based risk where an unsuspecting victim visits a website, which then infects their device with malware. The website may have been hacked by a cyber criminal and has therefore been compromised.
- A password attack: Impacting not only business owners, but also clients that may have logins to your website, this is where a cyber criminal cracks passwords to gain access and potentially wreak havoc.
Eavesdropping attack: This is a security breach where an attacker searches for unsecured network communications to intercept and then access data being sent throughout the network. If you’ve ever been asked to use a virtual private network (VPN) when accessing the business network from an unsecured public Wi-Fi hotspot – this is why.
What is cyber security & how to prevent cyber attacks?
As the National Cyber Security Centre states: ‘’Cyber security’s core function is to protect the devices we all use (smartphones, laptops, tablets and computers), and the services we access – both online and at work – from theft or damage. It’s also about preventing unauthorised access to the vast amounts of personal information we store on these devices, and online.’’ Because the prevalence of cyber threats is ever-growing, it’s key that businesses put processes in place that reduce potential damages and the fallout from this. Ways to prevent cyber attacks include:
- Train your employees to recognise fraudulent emails: Providing your staff with the right training to detect emails that impersonate known individuals asking for personal information or files will ultimately save your business a lot of hassle. For example, getting them to verify email addresses, check links before clicking them and use common sense when disseminating company information are all key.
- Keep systems and software up to date: Many cyber attacks occur due to outdated programmes allowing hackers to exploit weaknesses within and gain access to your networks. Patch management is one way to build up resilience.
- Ensure endpoint protection is secure: Endpoint protection covers networks that are remotely connected to devices. However, mobiles, tablets and laptops that are connected to corporate networks provide access to security threats. Endpoint protection software can assist with this.
- Install a firewall: Placing your network behind a firewall is one of the most effective ways to protect your business from a cyber attack. Firewall systems block any forced attacks on your systems before they do any damage.
- Run a data backup: To avoid downtime, data loss and big financial losses, backing up your data can ensure that clients, customers and business practices are protected and that business interruption is minimal.
- Optimise password safety: Using the same password for all related business accounts is never a safe bet. If a cyber criminal figured out your password, they’d then have access to all your systems and applications. Using a range of strong passwords for every account boosts your security, and regularly updating them will help maintain your business protection.
Have a cyber insurance policy in place: An extra layer of protection should the worst happen – this cover can secure your operations against various cyber threats and help reduce financial losses and reputational damage. Offering restoration processes, press control and peace of mind, you can make a potentially stressful situation far more manageable, as well as maintain trust from clients, customers and key stakeholders. Our cyber insurance policies are as varied as they are beneficial, and we encourage you to speak to one of our insurance experts today to learn about our options.
Beyond cyber insurance, what security measures should you put in place?
Taking out a cyber risk insurance policy may require you giving information about your current security measures. This could include both technical, human and procedural safeguards that you actively promote across your organisation, and collating this information could require detailed input from IT teams within your business – or beyond it, should this be an outsourced function.
For business protection, it’s key you determine what functions need support, identify what security threats must be addressed and what must not be allowed to happen. Even if your insurer has a minimum cyber security requirement, it may still not be enough to protect your business. For extensive detail on this, the National Cyber Security Centre has provided guidance on how to mitigate and manage cyber risks, and this can be found here.
What’s more, many insurance companies provide discounts should your company already have reputable cyber security defences in place – for example, Cyber Essentials, or Cyber Essentials Plus. Cyber Essentials looks at patch management, boundary firewalls and internet gateways, as well as malware protection, secure configuration and access control to ensure weaknesses can be identified and security features recommended for better business performance and protection. Cyber Essentials Plus has all the benefits of the former, but also includes a technical verification from a trusted security professional. At The Insurance Octopus, we’d highly recommend a defence process is put in place, and that you regularly check this to ensure continuity. Making your insurer aware of this too may also reduce your premiums too.
Beyond lowering your insurance premium, having a scheme such as Cyber Essentials in place also shows your customers, stakeholders and business suppliers that you understand the importance of cyber security, have put measures in place to monitor this, and that you have gone beyond cyber insurance to prevent issues before they even become them.
What may also be relevant, is that some companies who reach Cyber Essentials status can also be offered cyber liability insurance as part of this certification via the IASME Consortium. This can therefore protect your business at every level, and provide cost savings too. At The Insurance Octopus, we would however remind you to check this policy will cover your needs completely, as a more tailored cover may be what’s best for your business.
What should my business have in place to claim against a cyber insurance policy?
First things first. You need to have a policy in place that covers you fully, taking into account both evident and potential network attacks and cyber threats that could hinder your business. With The Insurance Octopus, we know that every business is different, and cyber threats could come from varying points, and that’s why we take the time to understand how your business may be impacted, and the level of cover you may require. Even through our cyber insurance quote form, we ask questions around client records and your cyber limit needs, ensuring our clients adhere to GDPR and related regulations surrounding cyber processes and the protection of data. It is this approach that ensures you can trust that your cyber risk insurance is the right one for you.
Beyond the right policy, it is good practice to have the following security processes in place to protect you from malware attacks, software flaws, and other such cyber attacks:
1) Using strong passwords throughout your business, and especially when it comes to accessing key tools and client information. You can make passwords tough to hack by:
- Utilising a mixture of capital and lower-case letters, numbers and symbols and making each password at least 12 characters long.
- Updating your business passwords frequently and never using the same ones across multiple accounts.
- Incorporating two factor authentication for key accounts so that only assigned and trusted team members can access them.
2) Control access, by ensuring only authorised individuals can access data, private information, tools and services, via:
- Controlling physical access to your business premises, computer networks and internet connections.
- Restricting access to unauthorised users, and not making free Wi-Fi accessible to visitors unless necessary.
- Limiting what can be sent and received via email attachments and installing error controls should attachments trigger concerns.
3) Put up a firewall, to help protect your devices from internet-borne threats, such as viruses and malware. Checking your firewall devices fairly regularly and ensuring they have the most recent software updates installed is also key here, otherwise they may not be effective.
4) Install security software, such as antivirus, anti-spyware and anti-malware protection software to help identify and remove any malicious code should it enter your network.
5) Update your programs and systems frequently, to help protect against any bugs or vulnerabilities, and continuously monitor them to check for any unusual or suspicious network activity. If a potential security breach is detected, you can receive alerts based on the activity found.
6) Regular training, as every single member of your business has the responsibility to keep it safe and secure. Ensuring they understand best practices, their roles and responsibilities and any relevant security procedures and providing them with regular cyber security training can help to mitigate any risks, and keep your company safe.
It is good practice to reevaluate your cyber insurance policy cover annually to ensure that the policy provides sufficient protection for your business; remember to account for any incidents that may have occurred during the year. While you are completing your review, it is a good time to check that your company’s cyber security measures are up to date and communicated to your insurer. As with all other cover, it’s key that you let your insurer know should your circumstances change so that your business is still protected against cyber threats. Should you ever claim that security measures are in place when they’re not, your insurance company may not have to pay out on any cyber crime insurance claims. This could be detrimental to your reputation, financials and company’s future.
Will my policy include support during or beyond a cyber attack?
This will wholly depend on your insurance company. Some insurers will offer services that are immediately useful, including legal support, IT forensic services or PR assistance to lessen any reputational damage. They could also put you in contact with a Cyber Incident Response (CIR) organisation, or their own internal cyber response team.
The majority of insurance companies will look to swiftly restore network systems and data, while also reducing any losses caused by business interruption. For example, due to data breaches, there could be legal action from your customers, clients, stakeholders or suppliers – among other impacted parties. With a suitable cyber insurance policy in place, the defence and claims will typically be covered. If you have a claim you can contact our customer services team on 0161 968 2030 and we will direct you to your insurer.
What isn’t covered by cyber insurance?
Policy cover differs from business to business, and your specific requirements, but in general terms, your cyber insurance won’t cover:
- Any potential future lost profits: Cyber insurance will cover money lost during company downtime, but this won’t extend to any future lost profits. For example, if – due to the cyber breach, your year end profit projections will be less than expected, you can’t claim for this. We can however cover business interruption, which is the loss of revenue and additional increase in cost of working because of reputational damage.
- IP (intellectual property) theft: If your IP gets hacked into, and therefore becomes unusable, your insurance likely won’t cover this, or any loss of contracts, lost opportunities, or devaluation of your trade name.
- Upgrades and associated costs: Following a security breach (though we’d always recommend before), you may decide to upgrade your technology and security systems. Here at The Insurance Octopus, we may cover resilient improvements – i.e. – the costs to improve resilience of computer systems following a loss, but this may vary depending on your insurer.
- Third party errors: If you use a third party for email services, web hosting, cloud services, customer relationship management or any other business operations, and they suffer a breach which impacts you, this may not be covered. With many businesses using popular platforms such as Gmail, Office 365 or Amazon Web Services, it’s always worth checking your policy document for complete protection.
- Social engineering – for example, where team members or business executives are tricked into sending money to outside accounts (perhaps because they are posing as trusted sources or have hacked into your payment provider) is not usually covered.
- Illness, injury or property damage: Though we here at The Insurance Octopus can offer employer’s liability insurance, personal accident insurance and content’s insurance as separate policies (or under one policy should you require it), the cyber insurance policy itself will not cover this. This may not seem relevant, but consider the following: A manufacturing firm may run on computers to assist with the manufacturing, distribution and shipping of goods, as well as keeping track of sell-by dates. If a cyber attack interrupted any part of this process, it could cause defects, goods to spoil or damage to contents. This knock-on effect could be costly, so we’d suggest having a think about other policies you may need for full business coverage.
What is a cyber incident response and how can it help my business?
Incident response is a key part of your cyber security strategy, and part of the wider cycle of business protection. As detailed by the National Institute of Standards & Technology (NIST), this cycle includes: Identify, Protect, Detect, Respond, Recover. Your incident response plan is related to disaster recovery, and your crisis management, and they all come into play when the incident is momentus enough to cause serious disruption and damage to your company.
According to the National Cyber Security Centre, your incident response plan should include:
1) Key contacts, such as your IT provider, senior management team, your solicitors, digital PR company, HR department and insurance company. It’s recommended that you have at least 2 contact methods and at least 2 contacts for each of these, just in case 1 of them isn’t available.
2) Escalation criteria – Matrices should be developed to identify the seriousness and priority level of an incident, as this can then inform how quickly it needs to be taken care of, and who it needs to be escalated to. As an example, a high or critical severity incident should likely go to the board level, whereas a low priority event could be handled by your IT team.
3) Processes – such as the incident response cycle, which includes:
Analyse: This includes everything from technical analysis through to reviews of any online and offline reactions, so that they can be handled correctly. It’s key that these tasks are prioritised and that any findings are reviewed, as this could lead to new tasks.
Contain/Mitigate: The next step is reduce any impact or fallout from any incidents, and also lessen the chances of them getting worse. This could involve: Blocking access/activity, isolating related systems and resetting accounts and passwords, as well as any media handling. Two key things to take into account here:
- You may need to make critical decisions here regarding key business systems, and the consequences of this.
- It’s possible that your cyber attacker may react badly to actions, and make further attempts to hinder your network security. Therefore, it may be better to monitor and analyse the current situation before taking further action.
Remediate / Eradicate: This is where you aim to remove the cyber threat from your systems and networks.
Recover: Once the cyber threat has been contained, and systems have returned to normal, clean systems and data are put back online, and any further regulatory, legal or PR-related problems are handled.
4) Have at least one conference number to hand, and this should always be available to make any urgent calls.
5) Basic guidance on both relevant legal or regulatory needs, and knowledge of when to utilise legal support and your HR department, as well as how to follow guidelines that will ensure you stick within the law.
How much cyber insurance do I need?
Your IT infrastructure is the foundation of all of your processes and operations, and therefore it all needs to be protected. Should you have lots of hardware, this means there’s more that may need to be repaired or replaced, whereas your software may require data restoration. This should all be taken into account when considering how much cybersecurity and cyber insurance you may need. Could you still trade without access to your key systems or website? How would you communicate both internally and externally without email and cloud services? If you accept online payments, how will you protect customer data? Ultimately, what would be the fallout should your business be hacked, and could you afford the legal costs and associated expenses? Having to contact regulators and customers and making them aware of the incident can also be costly and time-consuming, and not an easy thing to have to do either.
Whatever you decide, we here at The Insurance Octopus know that without cyber insurance, a cyber attack will cost you money, but how much is another story. A cyber insurance consultant can help you to understand how much cover you may require based on your current operations and the potential costs that a network attack could cause.
What can well-known cyber attacks teach us about cyber security?
According to Beaming, via IT Pro, UK businesses each faced on average 686,961 attempts to breach their systems in 2020, and this was the busiest year for cyber attacks. This rise in attempted cyber attacks can be attributed to COVID-19, and the shift to remote working. Even big businesses – such as Nintendo, Twitter, EasyJet and Zoom suffered at the hands of cyber criminals, and there’s much we can learn from this, such as:
1) No business is safe and any business, of any size can be subject to cyber attacks or threats to their cybersecurity. Even the most seemingly secure companies can be taken advantage of – whether through network attacks, spear phishing attacks, IP spoofing attacks or security flaws.
2) Testing your systems and processes often is key. Attackers will always be searching for misconfigurations or flaws that provide access, so it’s up to you to find those vulnerabilities first and protect them.
3) Staying up to date with software updates and hardware upgrades is key, as older systems can easily be exploited, and may be harder to recover data from too.
4) How vital cyber insurance is, and how much money it can save you, along with the reduction in stress knowing there is a trusted company by your side that is there to support you, no matter what.
Get Cyber Insurance Off Your To Do List
Help protect and grow your business with a tailor made Cyber insurance policy from The Insurance Octopus
Insurance Know How Making business insurance easier to understand
The ultimate small business checklist to help protect against cyber threats
Cyber threats are heard about more and more in the news with many attacks affecting larger businesses. However...
The top 10 Cyber Insurance claim types
Cyber insurance claims are becoming more and more common with each passing year. As business grows more depend...
How much does cyber insurance cost?
Cyber insurance, which covers your business against the effects of a serious cyber incident, is not an “off ...
Get to grips with Under-insurance & The Insurance Act
Inadequate cover presents a great risk to businesses – help ensure your cover is more than adequate by u...
Business Insurance Blog For all the things business & insurance
A Guide To Cyber Security For Small Businesses
Cyber security is one of the most discussed topics in the world of technolo...
Helen Bush Named Director at The Insurance Octopus
Leading commercial insurance broker, The Insurance Octopus, has appointed H...
How to Attract Students During Freshers’ Week
Universities all over the UK are preparing for the arrival of Freshers̵...