It’s easy to assume that cyber-attacks only happen to large, high-revenue corporations, but that’s not the case. If you’re a sole trader or SME, you’re likely to be even more at risk because of this misconception. In other words, if you think you’re safe then your defences are probably down.
Phil Thorpe, Director at S-Tech Insurance Services, says, “a lot of small businesses don’t appreciate the extent of the data they’re holding. For example, if you’re a tradesperson carrying out work at people’s houses, they’ll probably communicate with you by email at some point, and their invoice payments will likely be made electronically, by BACS.”
“Cyber criminals have become much more focused and effective. They’re very good at impersonating others. They’ll copy email signatures, see how you sign off messages and they’ll pretend to be you, communicating with your colleagues, customers and clients and attempting to extract money from them. They often target businesses who rely on website and email trading, depositing malware in systems that will lay there for some time gathering all the information they need. Then comes the ransom, and rather than a few hundred pounds, it’ll probably be a few hundred thousand.”
System repair costs may also be involved. And, if personal and/or corporate data is breached, then recovery expenses and liability claims would soon follow.
What is cyber insurance?
Cyber insurance policies offer financial protection, covering ransom costs, data breach expenses, third-party liability claims and loss of income due to business interruption. They also provide policyholders with incident response services, such as PR and reputation management.
It’s important to consult a specialist insurance broker when choosing your policy. Unlike traditional policies like car insurance, there’s quite a big disparity between cyber insurance policies.
“Very few businesses would know what to do if they got shut down by some malware,” Phil points out. “The key thing about cyber insurance is that it reacts on day one and handles everything for you. You can hand all of the management of the security breach over to your insurance company. They’ll work to free up your system, negotiate with the ransom demand, manage PR and deal with the Information Commissioner’s Office (ICO) if personal data is compromised.
“If a business can get all of that right, then it’ll come out with its reputation pretty much intact – maybe even enhanced, because those on the outside will see it effectively managed a risk that everybody these days is exposed to. Plus, if the situation is dealt with quickly and efficiently then costs and losses can be minimised.”
Size doesn’t matter
No matter how many people you employ, nor how many offices you occupy – no business is safe from cyber crime. If you use a computer system to run your business – for invoicing, banking, communication, ordering, selling or any other application – you could be targeted.
Many small business owners don’t realise just how much data they have. Even without consciously collecting it, it’s still being stored and used every day.
Outsourcing is no excuse
If you outsource your data to a third-party data processor, it doesn’t get you off the hook. The processor will have some responsibility for it, but the buck stops with you as the data controller. Even if the fault lies with the processor in the event of a data breach, you will still be held responsible and could lose business due to reputational damage, as well as facing liability claims from third parties.
Robust IT security is not enough
A lot of businesses think IT security is the only protection they need, but it really only defends against known threats and doesn’t anticipate the ingenuity of a cyber criminal.
Furthermore, it won’t protect a business from its own people and human error. “Few companies will be policing employee behaviour sufficiently enough to counter the risk of them being duped by fraudsters or exposing the business to cyber attack,” says Phil. “It’s a real challenge, especially for companies with more than one site.”
It’s one of the fastest-developing risks in the world
Cyber crime now costs the world almost $600 billion, or 0.8% of global GDP, with ransomware being the fastest-growing tool. Cyber criminals know how much we now rely on technology for trade and communication, so they go straight for the jugular of a business – the IT.
“I think one of the reasons cyber crime is growing is that it’s so easy to commit,” says Phil. “It’s much harder to break into physical premises. And what do you steal these days? What’s valuable? People no longer want office equipment and things like that – they want money and confidential information. It’s much easier and more lucrative to attack electronically.”
No other form of business insurance will save you
While your existing business insurance policies may offer some assistance, with third-party liability claims for example, they simply won’t provide the breadth and depth of cover you’d require in the event of a cyber-attack.
After all, a cyber-attack is a very specific situation. There won’t be a physical event like a fire or theft, and you won’t necessarily have been negligent in a traditional sense. But you have a strict liability under GDPR legislation, and it can still have ramifications for countless other parties. That’s why it requires a tailored insurance product with rapid first-response services, which could be less expensive than you think.