Businesses buy many types of insurance, but only a minority of them have cyber insurance.
According to the director of Sutcliffe & Co Insurance Brokers, Duncan Sutcliffe, there are more cybercrimes than all other crimes put together, yet only 5% of companies have cyber insurance.
Most companies are aware of cybercrime, have antivirus software on their IT systems and trust Microsoft to ensure Office 365 and SharePoint are secure platforms. Medium-to-large companies employ IT security personnel, and then often assume that their systems are secure.
Companies take out building, public liability insurance and are covered for break-ins, but should they also buy cyber insurance?
Do you need cyber insurance?
Many companies have migrated their IT systems to the cloud using such tools as Office 365 and OneDrive to store data. Part of the reason for this is to have a more secure technology infrastructure. If there is a break-in or laptops are lost or malfunction, data stored in the cloud is safe.
Users of SharePoint believe it is more secure than an onsite intranet system on a company’s server. However, Sutcliffe argues that this does not mean a business is 100% protected and still needs cyber insurance to cover risks.
Security issues can be caused by human error such as accidentally sending a confidential email to the wrong recipient or leaking address book contact details. Sometimes a laptop might be left turned on, allowing access without needing a password. On the issue of passwords, not all employees keep them safe, often leaving their them written on paper in their desk drawers, or choosing very obvious ones like ‘abc123’ or the classic ‘password’. Sometimes, malware gets past the antivirus programs and infects computer systems.
The introduction of the new GDPR laws also increase the importance of security. The legislation makes businesses responsible for the privacy of their data, especially data on their customers. If data is lost or stolen, a company faces severe penalties.
Cyber insurance covers many risks – data loss, fines from the regulator and malware ransoms. Many cyber insurance companies provide much more than just cover against risks. If there is a security breach, there are 24-hour helplines that give access to technical, legal and crisis management PR teams. These will help fix the breach and also assist with the bad publicity if the security issue becomes pubic knowledge.
If a company has a virus, it could spread to customer’s computers via websites or emails sent from the company. If their personal details have been stolen, they could sue the business.
What action is needed
The first thing that a company should do if worried about cybersecurity is to make sure that it has robust security systems. At WM Reply, we can advise you on data management applications that can securely store your data and if your tech systems are largely onsite, we can help you migrate to secure cloud computing. You could also use the services of an IT security expert to check that you are as secure as possible. After this, it is worth talking to a broker about the benefits of cyber insurance and how much it costs. For the first step in ensuring your cybersecurity is sufficient, get in touch today.