Will Cyber Insurance solve all your security problems?
In today’s age of digital transformation, cyber security threats have become a major concern for businesses. With an alarming number of cyber-attacks and data breaches, many companies have been turning to cyber insurance to protect themselves financially in the event of an attack. However, whilst cyber insurance can help businesses get back on their feet should a cyber-attack occur, it will not solve any security concerns a business may have nor prevent a data breach. And, as always with insurance of any kind, the question is whether it will pay out at all?
The cost of cyber insurance can vary depending on the size and type of business, as well as the level of coverage. But it can be a big investment, particularly for larger companies. Before investing in cyber insurance, it is worth taking time to figure out what financial impact a cyber-attack could have on your business and how you would be covered with your insurance. Some insurance policies do not cover some common cyber-attack incidents such as money lost through business email compromise fraud or a new type of cyber-attack that does not already exist on your insurance. Insurance companies are also putting in place a very high bar – some would say impossibly high – to meet the requirements of cyber insurance. Indeed, we are seeing more and more examples of insurance companies failing to pay out in the instance of cyber-attack on the basis that the customer hadn’t met some of the (often obscure) requirements.
Cyber insurance does have a role to play. But our advice is that rather than relying solely on cyber insurance, businesses should of course put in place a comprehensive cyber security strategy and continue to invest in it to protect themselves from attack as best they can in the first place.
Having certified cyber security in place not only helps to prevent cyber-attacks but reassures customers that you are working to secure your IT against this and could attract new business with the promise of having this in place. This would ideally include both preventative measures and incident response plans. It is important to invest in cyber security infrastructure such as firewalls, intrusion detection systems and incident response software. Immutable back-ups are also key to storing data and mitigating against ransomware attacks as once saved, data cannot be changed, overwritten or deleted. A company should carry out several cyber security protocols which could include reviewing email security, setting up a multi – factor authentication, protecting virtual meetings and creating a private cloud management software. In some instances, organisations working in sensitive areas will invest in the services of a SOC (security operations centre) to monitor their IT on an ongoing basis to pick up any potential attacks at a very early stage.
Hackers also rely on human error and if a company has not brought their employees up to speed on cyber security, it is only a matter of time before they regret this decision. Investing in training and education for employees on how to identify and prevent cyber-attacks is crucial. With the rise of remote and hybrid working of course providing an increased risk of data-breach, cyber security training for employees has become more important than ever.
There is no doubt about it, cyber attackers will continue proliferating the digital world. Attacks will become more frequent and more sophisticated. Whilst cyber insurance can provide some level of financial protection for businesses, it should not be viewed as a substitute for investing in robust cyber security measures including cyber security infrastructure, employee education and incident response plans. By investing in robust cyber security measures, businesses can not only reduce their risk of a cyber incident but also save money long-term by avoiding costly incidents in the first place.