Should I insure my company against Cyber Crime?

UK businesses are under attack, so is it time to guard against the cyber crime threat in the same way we do floods and fraud?

Two-thirds of UK businesses have been victims of a cyber-attack over the past 12 months. Figures released in June 2016 by the Department for Culture, Media and Sport (DCMS) highlighted a serious and persistent threat, with a quarter of all large firms that had experienced a breach being attacked at least once a month.

“Everyone from TalkTalk to Sony and Ashley Madison have hit the headlines after suffering some form of cyber-attack,” said the Association of British Insurers’ Malcolm Tarling. “It used to be the province of large multinationals but small businesses are equally vulnerable to this type of crime and much less resourced to tackle it. In some cases, it could threaten their very existence.”

Falling victim to cyber-attack will never have a positive outcome, but the one measure you can put in place, aside from making sure your systems are fully patched and your network is as secure as possible, is to take out cyber-insurance. Although not new, this specialist cover is gaining prominence as cybercrime becomes more mainstream.

Basic protection

The government is looking beyond traditional online crime – fraud, child pornography and so on – to make business cyber-attacks a priority. “Too many firms are losing money, data and consumer confidence with the vast number of cyber-attacks,” said Ed Vaizey, former minister for the digital economy. “It’s… crucial that businesses are secure and can protect data. As a minimum, companies should take action by adopting the Cyber Essentials scheme, which will help them protect themselves.”

Cyber Essentials is a system of accreditation that certificates qualifying companies as being hardened against attack. It costs around £300 exc VAT, depending on the accreditation body, but earning certification will protect you from a wide range of online threats. The government claims implementing Cyber Essentials will shield you from around 80% of vulnerabilities.

That still leaves a one-in-five chance you’re vulnerable, and the cost of putting right the damage can be significant. Over the past year, the cost to SMBs of repairing a network, database and business operations ranged from £75 to £311,000, according to the Federation of Small Businesses. The lower end of that scale is manageable but at the upper extreme, as Tarling explains, “a cybercriminal can bring any business –particularly an [SMB] – to its knees”.