Cyber insurance and why you should have it

More and more businesses are falling victim to cybercrime - risking the loss of important personal data and resulting in breaches of GDPR laws. Here we explain what cyber insurance is and why it's a good idea to have as a business.

What is cyber insurance?

In addition to calling it cyber insurance, you can call it indemnity or risk insurance - well, inside cybersecurity. In other words, it's a security measure that helps companies cover financial losses related to cyber attacks and data breaches.

It is beneficial to have cyber insurance in case you fall victim to a data leak or ransomware attack, as these are the types of cybercrime that hackers frequently carry out. In addition, the cost of data breaches becomes even more expensive because it conserns personal data and personal data security.

Insurance companies offering cyber insurance mostly look at a company's cyber security and the security measures the company has in place to improve their security. In addition, the coverage of the insurance will be determined by the company's cybersecurity. In extreme cases, if a company has poor or no cyber security, insurers will refuse to offer cyber insurance to the company, as lack of cyber security increases the risk of the company becoming a victim of cyber attacks.

Some insurers also offer consultations and tools to help companies improve their cybersecurity - these include preventive tools to help identify hackers and the methods they use in an attack.

Why should you have cyber insurance?

There has been a significant increase in cyber attacks on businesses in recent years, costing them up to millions of euros. As cybercrime increases, businesses should also prioritise better cyber hygiene in the workplace.

Cyber insurance covers hacker attacks such as phishing, data breaches, social engineering, ransomware and accidental installation of malware. So insurance will cover some of the costs if a company suffers a cyber attack. It is typically with a financial agenda that hackers break into companies' software, so having insurance is also essential if you want to minimise financial loss.

It is important to point out that cyber insurance does not prevent cyber-attacks, but covers the financial losses you may suffer as a victim of a hacker attack. So insurance reduces the financial damage to the business.

What cyber insurance will typically cover

Below is an overview of what cyber insurance will typically cover:

• Data leaks
• Ransomware attacks
• Social engineering or phishing attacks
• DDoS attacks
• Network outages leading to data loss
• Hardware and software replacement
• Legal bills
• PR costs
• Cyber-technical analyses and their costs
• Customer compensation if their personal data has been leaked

It should be noted that there are also areas that cyber insurance will not cover. This would typically be if the company does not have adequate cyber security, insider attacks seeking financial gain, cyber attacks that have occurred before the insurance has taken effect, environmental conditions such as floods, power failures or similar that destroy data.

There are many different security cases, such as the above-mentioned, that insurance does not cover, so it is a good idea to check with the insurance company what cases the insurance does and does not cover.

The most common types of cyber insurance

Generally speaking, there are two different types of cyber insurance:

First party insurance is the type of insurance that covers all incidents and losses related to them.

Third party liability covers the losses incurred and caused by third parties in a cyber incident.

In addition, indirect cyber insurance should be mentioned as it covers incidents which are extreme and unlikely cases of cyber attacks. These are incidents that arise from non-cyber incidents but end up in a cyber context - or vice versa.

An example might be if a hacker infiltrates a company's software and hacks into a common area irrigation system, turns on the sprinklers and then an employee falls and injures themselves to the extent that compensation is required because of an occupational injury.

Who needs cyber insurance?

All businesses who are online should consider cyber insurance. Businesses use email as a form of communication and are therefore exposed to hackers - hackers often use tricks, such as social engineering, to penetrate businesses' data. In addition, businesses that use cloud storage can also, if not properly cybersecured, be exposed to hacker attacks.

You can also weigh up the cost of insurance, versus the cost of a hacker attack - here, a hacker attack will typically be more expensive for a business than insurance. You may, as a smaller business, think that cyber insurance is not necessary. Here we disagree - whether you are a larger or smaller business, it is a good idea to get insurance. It can be just as costly for a smaller business in a ransomware attack as it can for a larger business. Hackers will often go after smaller businesses because they know they prioritize finances over cybersecurity.

Therefore, the call here is for you to look into possible cyber insurance as it is a good investment in the long run - hackers are getting better and faster at carrying out attacks, so they see both larger and smaller businesses as possible victims.