Should cybercrime insurance become compulsory for UK firms?

It’s huge security issue right now and cybercrime is on the rise with criminals coming up with new ways to hack into businesses and make a quick buck every day. As technology advances and UK firms become more reliant on computers, servers and networks, so do the risks become greater. For most businesses, unfortunately cyber-attacks are a case of when, not if.

Despite the threat, just a quarter of businesses (24%) are taking steps to protect themselves from being the victim of a cyber-attack despite the Office for National Statistics revealing that there were 2.5million incidents of cybercrime just between May and August of 2015.

Such attacks include:

Malware – Software that can gather and steal information from other computers without the user knowing.

Virus – A compute ‘bug’ that can be replicated and spread to other computers and networks.

Trojan horse – A code that is hard to detect but can steal and destroy key data.

Phishing – A corrupted link, usually found in an email, and when clicked can cause a computer to crash or trick users into giving away passwords or sensitive information.

The Insurance Times reported that 60% of SME businesses in the UK experienced a cyber breach last year, with the average attack costing around £75,000 in damage to the business. However, only 98% of UK companies are currently trading without any form of cyber insurance, leaving them vulnerable to attacks.

What cyber insurance is available?

Cyber insurance can be a valuable tool for mitigating losses from data security breaches. For UK companies, there is cyber insurance cover ranging from £100,000 up to £5m and even more depending on the size of the company. The cover available includes legal fees, loss of income, hacker damage, extortion costs, loss of third party data, PR and business interruption compensation.

Generally cyber risks fall into first party and third party risks.  Insurance products exist to cover either or both of these types of risk.

First-party insurance covers your business’s own assets. This may include:

• Loss or damage to digital assets such as data or software programmes
• Business interruption from network downtime
• Cyber exhortation where third parties threaten to damage or release data if money is not paid to them
• Customer notification expenses when there is a legal or regulatory requirement to notify them of a security or privacy breach
• Reputational damage arising from a breach of data that results in loss of intellectual property or customers
• Theft of money or digital assets through theft of equipment or electronic theft

Third-party insurance covers the assets of others, typically your customers. This may include:

• Security and privacy breaches, and the investigation, defence costs and civil damages associated with them
• Multi-media liability, to cover investigation, defence costs and civil damages arising from defamation, breach of privacy or negligence in publication in electronic or print media
• Loss of third party data, including payment of compensation to customers for denial of access, and failure of software or systems

You may also enjoy:

Three years after a major security breach at Tumblr:’65m passwords and emails for sale’

10 cheapest cars to insure

Revealed: Why insurance deals packaged through bank accounts might leave you on a limb