Understanding Cyber Insurance
Cyber insurance has gained traction with SME’s in recent years compared to 10 or 15 years ago. Small businesses did not need or didn’t feel the need for cyber insurance back in the ’90s. Systems were not as technical back then and not as many businesses were familiar with cloud technologies.
So, cyber as the name indicates is to do with technology and the whole world of the Internet-of-things. People are transacting commerce and other business online and there is a risk associated with doing business electronically. The question arose that if something went wrong in the digital space, what could you do or how could you protect your business, your staff, and your reputation. It is a startling reality that cyber-crime is more prevalent now than car theft. Cyber-crime is big money for the clever cybercriminal and one preventative measure is cyber insurance.
Cyber insurance is not a necessity for all businesses, having cyber insurance is a voluntary decision that a business takes. However, it is a risk that all companies have to be aware of. These businesses also have to make decisions about how they want to manage that risk. Risk management affects every business and every industry, from the Agri sector, professional services, medical, construction to the retail and leisure sector. Cyber-crime has unfortunately become so prevalent that there has been a number of specialist niche Insurers, IT, and legal firms that have entered the Irish market and they are in demand. There is a need in the market and that need is being met by specialist insurance companies. There are probably six or seven companies in the Irish market providing cyber insurance products at the moment.
There are certain categories of businesses that we would recommend cyber insurance to. It depends on the nature of the business and the daily activities of the business such as moving money electronically between banks to customers or suppliers, storing sensitive customer data, etc. That data is very sensitive information, and you have a responsibility as the business owner to protect that information on behalf of your customer and suppliers.
We see that a lot of businesses have not thought about cyber insurance, especially SMEs and micro-enterprises. They have not considered it because they have not considered how it would directly affect and impact them. Let’s take an example of a small retail outlet, they will have most likely insured their business against fire because it’s a threat to their business that they can visualize and they see it as a genuine risk. They appreciate the need for protection against fire to their business. They know that their bricks-and-mortar business could not operate if the business burnt down. They have most likely not considered cyber insurance because they have not assessed the risk and are probably not aware of the risks associated with their business operating in the digital world.
The challenge for SME’s is awareness of the risks associated with customer data and the storage of sensitive information. We have seen companies get attacked regardless of their size. Recent examples include a legal firm, an environmental firm, a construction company, and a retail group. The cost to each business was a significant amount and the ramifications of not having cyber insurance would have been catastrophic. Having cyber insurance will not remove the risk of a cyber-attack but it will reduce the risk and exposure to your business.
Cyber is unfortunately a key risk for all businesses as digitalisation and the security of information is an absolute necessity as part of every business’s strategy. Businesses do not realize their exposure, take for example an online booking system, an email platform, a spreadsheet of customer information. The financial and legal ramifications of a data breach are very serious and very real.
The number of targeted cyber-attacks have doubled in Ireland since 2019 and continues to grow at an alarming rate. Successful attacks on businesses can have a serious impact with a high percentage experiencing loss of IT services because of such a breach, suffering financial loss, or reporting a loss of operational services. Data breaches, leaks, and data losses can incur massive regulatory fines, suppliers or clients suing, reputational damage including bad media coverage culminating in an overall negative effect on the stockholder’s confidence and profits.
My advice to any business out there is to talk to your broker or Insurer and see if cyber insurance is suitable for your business and let them help you secure the cover you need.