The cost of cyber insurance can vary considerably depending on several factors. For example, the size of your business, the sector it’s in and the sensitivity of the data you deal with. However, in the current cyber threat landscape, the cost to your business of not having any cyber insurance in place could be catastrophic. So, let’s take a closer look at the cost of cyber insurance, what it covers, and what may impact your premiums.
What is cyber insurance and why do you need it?
Just as you insure your car against damage and loss, cyber insurance is a contract between you and an insurer whereby they agree to pay you for any losses you incur related to your IT infrastructure or data management. It’s a relatively new kid on the block in the world of insurance, only thought to have originated in 1997.
However, with the rapid rise of the Internet, cyber insurance has become increasingly popular. Few businesses can now hope to succeed without some online presence. And, you need to do all you can to protect yourself from cyberattacks and the damage these can do to your company.
The bottom line is that cyber threats have skyrocketed in the last few years, with the rise in hybrid and remote working increasing the vulnerability to attacks of many businesses. In fact, recent research shows that in 2021 there were 50% more cyberattacks per week on corporate networks than in 2020.
If your company is a small or medium-sized business, you could be forgiven for thinking that you’re relatively safe from such threats. After all, media reports typically focus on attacks on large organisations, but this isn’t the case. Threats such as ransomware attacks can affect any company.
For example, the 2021 Verizon Data Breach Investigations Report revealed that 61% of all small and medium-sized businesses had reported at least one cyberattack in the previous year. What’s more, 43% of all data breaches involve small and medium-sized businesses.
According to Hiscox, a small business is hacked in the UK every 19 seconds. And cyber breaches cost the average small business £25,700 in basic ‘clear up’ costs each year. Although there are cybersecurity best practices you can adopt to decrease the likelihood of a successful attack, there’s no such thing as complete protection. So, the next best thing is to purchase cyber insurance to help mitigate the risks and possible effects of a cyberattack.
Want to protect your business but unsure where to start? Check out our free guide to cyber insurance.
What’s the cost of cyber insurance?
There are two main costs when you take out cyber insurance:
- Your insurance premium: This is the basic cost of your insurance protection, payable monthly or yearly
- Your insurance excess: This is the lump sum that you pay if you make a claim. If you choose a small excess, this will usually make your insurance premium more expensive
As with all insurance, the cost of cyber insurance to your business depends on various factors:
- The size of your business: This can be a strong influencing factor on the cost of cyber insurance. The more staff you have, the higher the risk of you falling foul of phishing and social engineering attacks. A company with a large annual turnover is normally more expensive to insure than a smaller business
- Your business sector: Certain industries are more vulnerable to cyberattacks than others. For example, a finance organisation or charity may be at higher risk than a restaurant
- The strength of your cybersecurity: If the cybersecurity measures you have in place are robust, you may be rewarded with lower insurance premiums. It, therefore, pays to employ strong security protocols and educate your staff on cyber risks
- The amount and sensitivity of the data you deal with: If your business has a small customer base, or doesn’t hold a lot of sensitive data, you may pay less for your cyber insurance. For instance, a healthcare facility that stores lots of
highly sensitive personal information will usually pay more than a hairdresser - The level of cover you choose: If you opt for a basic policy, providing limited protection, it’s likely to be less expensive than a more comprehensive policy
Picking the right type of cover
Cyber insurance falls into two main types. And it’s important to choose the right one for your business.
- First-party cover: This protects your company against the direct results of a cyberattack
- Third-party cover: This includes the indirect consequences of a cyberattack. It also provides protection for businesses that offer professional services to other businesses. For example, if you’re being sued by another company for errors you’ve made which have resulted in damages
First-party insurance is usually less expensive than a third-party policy. However, it doesn’t provide as much protection. Not all businesses need third-party protection, but organisations that are mostly technology-based will probably need to consider it.
What cover do you get for the cost?
Cyber insurance will cover you for a range of cyber risks, including:
- Malware, including ransomware attacks
- Denial-of-service attacks
- Social engineering attacks, including phishing
- Data privacy breaches
Although it’s difficult to estimate exactly what your cyber insurance costs might be (every business is different), it should cover you for:
- Loss of income
- Repair costs and damage control
- Fines and legal action, such as GDPR violation charges
- Ransom costs, if someone holds your data hostage
- Public relations support, to regain damaged trust
- Data breach measures, including investigative proceedings and customer support
Is the cost worth it for small businesses?
Despite the benefits of having cyber insurance, it’s still underused. The DCMS’ Cyber Security Breaches Survey 2022 found that only 43% of businesses have a cyber insurance policy. For many businesses, this is down to cost. Prices rose in the UK by 102% in the first quarter of 2022 alone.
So, is it worth it?
At the end of the day, an insurance policy won’t protect you from a cyberattack happening. Only strong cybersecurity can do this. But, given the speed and sophistication of cyberattacks, being hit as a small business isn’t a question of if it will happen, but when.
So, cyber insurance can be invaluable, as it will help to put you back into the state you were in before an attack took place. Your insurer can also provide skills and expertise, such as ransomware negotiation, PR cover, and data recovery skills that you might not have in-house.
The cyber insurance market is changing
Protecting your business on a budget can certainly be tricky, but new products are now disrupting the insurance space and offering more cost-effective solutions. Cyber insurance is evolving and CyberSmart is at the forefront of this revolution.
The traditional, standalone cyber insurance model, without protection or monitoring, is fast becoming obsolete and driving substantial premium increases. Providing insurance before managing the risk is fundamentally flawed, leading to suboptimal outcomes for the insurer and the insured. However, CyberSmart takes a more holistic view of risk, not just looking at technology, but also at processes and people to reduce the level of cyber risk as a whole.
With CyberSmart Active Protect, you can proactively manage risk 24/7. It identifies risks and provides simple, jargon-free instructions for fixing vulnerabilities. Our user-friendly platform ensures everyone in your business is working safely, with visibility of every device in your organisation.
In addition, we also offer £25k worth of enhanced cyber insurance for free with Cyber Essentials certification completed. So you can minimise your risk of cyberattacks, gain peace of mind, and cover yourself with affordable insurance, in case the worst should happen.
If you’re considering cyber insurance or just curious as to what it’s all about, check out our guide, Cyber Insurance Trends 2023. It’s a great introduction to the industry and you can download it, for free, here.