What you need to know about cyber insurance

Cyber Insurance

While many businesses seem to have a level of comfort when it comes to cyber- attacks, the reality is that in Ireland, cybercrime is at double global levels, with 61% of businesses reporting a cyber-attack in 2018.

From loss of connectivity and the impact of downtime on a business to identity theft and fraud, cyber-attacks can have devastating consequences on business operations and reputation.

Unfortunately many people only think about cyber insurance when it is too late.

One local business was defrauded several thousands of pounds when they paid an invoice to who they thought was a regular supplier.

Another local service provider was locked out of its computer system by a cyber attacker who demanded money in exchange for access to their data.

It’s not just the loss of money or impact of downtime that now affects a business under cyber-attack either.

Since the introduction of the General Data Protection Legislation (GDPR) in May 2018, businesses now must comply with strict standards for protecting the data they hold such as a customer’s name, address and information about the service provided to them.

Businesses that experience a cyber-attack that are found not to have complied with GDPR face heavy fines and even the potential for prosecution.

With all this in mind, cyber-cover is no longer an added-extra; it is a must. However it is important to keep in mind the following when considering cyber-cover for your business.

  1. Your risk profile
  2. Four out of 10 Irish companies don’t undertake risk assessments that can help prevent cyber fraud. If you are one of them, there is probably little point in taking out cyber insurance. As part of your insurance contract you need to address your insurer’s basic cyber security requirements. If you fail to do that, then your cover might be compromised.

  3. Retroactive dates
  4. Some policies might stipulate a retroactive date which excludes coverage for cyberattacks that occurred before the date you took out your policy. However, given it takes on average 265 days to identify a cyber-attack, you could have unknowingly fallen victim before you took out your policy. We only offer cyber policies that do not include a retroactive date for your peace-of-mind.

  5. Cover for crime
  6. Insurers will also place conditions on cover for cyber-crime, such as fraud related to funds transfers. It is important to understand your policy wording and what your insurer expects, such as two methods of confirmation for banking and transactions. Failing to adhere to your policy conditions can result in your cover being denied.

  7. Contract liability
  8. In some cases, a business might be the delegated authority to issue contracts or services on behalf of another provider. If the business experiences a cyber-attack that compromises the provider’s system or operations, contractual liability might exist. It is important to remember that cyber-crime has the potential to affect many more businesses than just your own, so be sure to check whether your cyber insurance will cover contract liability if you come under attack.

It is hard to quantify the loss a business experiences from a cyber-attack; while financially the attack can have serious consequences, the interruption to operations, the loss of trust and potential for data security related prosecutions can be devastating to a business.

With this in mind, the cost to cover your business in the event of a cyber-attack is comparatively very small.

Cyber insurance premiums depend on your level of cover. The average small firm with turnover of €500 – 600K can achieve moderate coverage from €250 per annum.

To find out more about cyber insurance and how it can help protect your business, get in touch with the team at Sheridan Insurances today on (049) 438 0020 or email us at info@sheridaninsurances.com.