Cyber insurance: Can it save your business?

Six ways cyber insurance can help mitigate the risk of cyberattack

This is a contributed piece by Sarah Adams, cyber risk expert at PolicyBee


Take all the time you want preparing for a cyberattack.

Go right ahead and spend money on IT security experts. By all means educate staff about the dangers of cybercrime. Absolutely do run stress tests and build cyber crisis-management plans.

After all, fail to prepare = prepare to fail, right?

Well yes. But are you sure that’s enough? Is any business safe these days, really?

Even a cursory glance at the news says possibly not. Just how big do organisations have to be before they’re immune? WPP big? TalkTalk big? NHS big?

Apparently not.

The uncomfortable truth is every organisation – regardless of size, type, location and industry – is a target for unscrupulous cyber criminals. Accept that and you’re halfway there

It’s all very well moving heaven and earth trying to stay safe, but the increasing frequency of successful attacks on seemingly impenetrable defences (ironically, even the UK government’s Cyber Essentials website has fallen victim) tells us that might never be enough. What if your antivirus misses an update? What if an absent-minded employee clicks a link in that convincing-but-fake phishing email?

There’s an element to successfully overcoming cybercrime that no one’s talking about. And it’s not what to do before an attack. It’s what you have to do after.

You can spend time and money pulling up the drawbridge but, if that’s not enough, you’ll need to spend much more of both these things getting back on your feet. Again, a quick look at the news tells you all you need to know about the damaging, debilitating, inconvenient, distressing and business-crippling effects of cybercrime.

So you need to prepare for that too.


Six ways cyber insurance helps

Problem is, that’s a whole new set of unknowns. You’ll have questions about how long it takes to recover, how much help you’ll need, where to go for that help, how much everything costs, what happens to your business in the meantime, what the consequences are for your clients ... and so on.

These are all questions cyber insurance answers.

Here’s how:

Finding out what’s wrong

Identifying the problem and working out what has to happen next are essential first steps to post-attack recovery. You’ll need expensive, specialist IT help to do this but that’s OK because your cyber insurance pays the bill.

Dealing with the bad guys

Ransomware seems to be many cyber criminals’ weapon of choice. Even though there are ways round it, and cyber security experts’ advice is almost always ‘don’t pay up’, you can’t sit back and do nothing. Thankfully your cyber insurance brings in a consultant to manage the situation and, if there’s really no other option, pays the ransom too.

Fixing what’s broken

Hardware, software, websites and almost anything IT-related is expensive. Cyber insurance pays to repair, restore or replace systems, data and websites damaged by a hack.

Meeting your legal obligations

You’ll need to report a data breach to the ICO. You’ll also need to tell your customers and suppliers, and fend off the likely (or inevitable) confidentiality claims against you. All these things need a solicitor’s touch – your policy provides and pays for this essential expertise.

Keeping your business going

The longer you’re digitally hamstrung, the more it’ll cost you. If business as usual isn’t possible, cyber insurance covers the income gap between what you should earn and what you actually do.

Protecting your reputation

No such thing as bad publicity? Easy to say when it’s not your company name in the headlines. Cyber insurance pays for a PR specialist to placate irate customers and keep your good name intact.


All in all, pretty useful stuff. But before you rush out and buy the first cyber insurance policy you see, a word of warning.

Not all cyber insurance is the same. Different policies can cover different things and it pays to do a little homework. If you’re not sure what to look out for, ask a specialist broker to de-code the policy wordings and tell you what’s what.

You don’t want to end up with something that won’t actually help when you need it.