Cyber insurance vs. cyber warranties: What’s the difference?

Cyber insurance vs. cyber warranties

Cyber insurance is one of the fastest-growing industries on the planet. Even relatively conservative estimates predict the industry will be worth close to $85 billion by 2030. However, the cyber insurance industry has had its challenges, most notably rising premiums and a growing threat landscape, leading to other products popping up alongside it.

One such product is cyber warranties. But what is a cyber warranty? And how does it differ from cyber insurance? 

What is a cyber warranty? 

We’ll keep this brief, as you can read a more detailed explanation of what a cyber warranty is here. But, in simple terms, a cyber warranty is a guarantee from a vendor that they will cover customers’ costs in the event of a breach, provided a set of criteria is met.

Typically, cyber warranties come in two forms:

1) A vendor guarantees that their product or service will remain secure against cyber threats. If a breach occurs due to a vulnerability in the vendor’s product, they must cover costs related to investigation, notification and recovery.

For customers, this provides a guarantee that the provider takes security seriously and regularly reviews and patches their software. Meanwhile, for the vendor, it acts as a way to differentiate themselves from competitors and gain customers’ trust.

2) A vendor guarantees against a set of cybersecurity controls or practices. To illustrate, let’s say a vendor decided to do this using the Cyber Essentials controls. Provided the purchaser of the warranty can prove that all five controls were in place at the time of the breach, the vendor would be required to cover the costs associated with recovering from the attack. 

This approach has the advantage of encouraging customers to be proactive in adopting security best practices, as well as offering them protection from threats.

Considering cyber insurance but unsure where to start? Download our guide to cyber insurance for everything you need to know.

How does cyber insurance differ vs. cyber warranties?

After reading this far, you may well be wondering what the difference between warranties and insurance is. After all, both shield organisations from the costs associated with a successful cyber attack. So why does the cybersecurity sector have space for both?

Despite the similarities, once you delve a little deeper, it becomes clear that cyber insurance and cyber warranties have a few key differences:

  • Cyber insurance typically offers more comprehensive protection while warranties cover a limited set of risks
  • Insurance offers the option of both first and third-party coverage (the claims of someone other than the policyholder). Warranties are limited to first-party incidents only
  • Insurance is a financially regulated product whereas warranties fall under consumer protection laws

  • Insurance policies can, in some cases, be customised with optional covers whereas warranties tend to be more standardised

  • Obtaining insurance is often subject to a detailed application process in order for the underwriter to fully assess the risk, warranties often have a far simpler process which requires agreeing to the product or service terms and conditions 

Is the best approach to use both?

Given the differences between them, is the most comprehensive approach to risk management to take out both a cyber warranty and cyber insurance?

In short, yes. But let’s dig a little further into why. 

Cyber warranties have several perfect use cases, for example: 

  • You’ve just purchased a cybersecurity tool or software and the vendor offers a warranty alongside it
  • You want to cover a limited set of cyber risks that are either tied to a specific product or set of controls
  • You’re considering cyber insurance but want some protection in the meantime. In this case, the second type of warranty mentioned above is perfectly suited

However, cyber warranties’ use cases aren’t endless. And, this is where cyber insurance steps in. For comprehensive cover, customisation and a wider range of recovery services attached, cyber insurance is the best bet. 

But that’s not to say the two don’t work well in concert. Here are just a few examples of scenarios where it’s beneficial to use both: 

  • You want to cover against a specific set of cyber risks (for example those associated with a product) but still want general protection
  • You’re using warrantied software or products but need a higher coverage limit than the warranty allows for
  • You want to use a warranty to cover you against some basic risks and insurance for the more complex ones

These are just a few examples of how warranties and insurance can work well together, we could list plenty more. In fact, it’s plausible some combination of the two could become the norm for most businesses in the next few years.

Forward-thinking insurance providers are beginning to offer bundled cyber insurance and warranty solutions tailored to SMBs. With the number of threats to small businesses only growing, it’s increasingly likely this will become the standard in cyber risk transfer as the decade progresses.

Confused about cyber insurance? Check out our guide for everything you need to know.

Cyber insurance trends 2023

What is a cyber warranty?

What is a cyber warranty

Cyber insurance is fast becoming a necessity for modern business. In the last 12 months alone, 39% of UK businesses identified a cyberattack. And, as cyberattacks increase in number, the need for small businesses to access reasonably priced cover is only going to grow starker.

However, cyber insurance is not without its problems. As the number of businesses being breached continues to grow, the industry is struggling to keep premiums at a level that’s affordable for smaller businesses. In turn, this is pushing traditional ‘standalone’ cyber insurance (without monitoring or extra protection) out of reach financially for many SMEs. 

But cyber insurance isn’t the only game in town. Some software providers and cybersecurity companies are beginning to offer a complementary option – cyber warranties. Let’s dive into the what, the why and the how.

What is a cyber warranty and how does it work? 

A cyber warranty is a relatively simple concept. Essentially, a cybersecurity company or software developer guarantees that they will pay out if their customers suffer a breach. 

The conditions of the warranty can vary. For example, it could be that the customer has to prove they were using the company’s product when they were breached. Or, alternatively, some providers will expect the customer to adhere to a set of security standards – say the five basic controls that make up Cyber Essentials certification.

Again, the losses the warranty will cover vary from provider to provider but it’s typically a fixed amount, for example, £1m. 

This is useful to SMEs for two key reasons. First, and most obviously, if something goes wrong and your business gets breached, you’ll get some money to cover the damages. Second, it should theoretically provide vendors with a huge incentive to ensure their products are totally watertight.

However, it’s not just SMEs who benefit. A cyber warranty can also give managed service providers a cost-effective method of remediating breaches for clients. Most providers allow any company doing remediation work to bill for it to the warranty, covering the costs.

Want to protect your business but unsure where to start? Check out our free guide to cyber insurance.

Why are cyber warranties needed? 

Cyber warranties come with a number of benefits, both for small businesses and the cybersecurity sector. As we’ve mentioned, they provide any business offering one with a gigantic incentive to produce very secure products – which can only be good for users and the sector as a whole.

Alongside this, they give customers an extra layer of protection they otherwise wouldn’t have, simply for buying software or a cybersecurity tool. What’s more, some cyber warranties ‘fill in the gaps’ in instances that insurers won’t always pay out for. For example, when a breach occurs due to a failure in a vendor’s product.

Is a cyber warranty an alternative to insurance? 

While cyber warranties can function well with cyber insurance as a complementary product, they aren’t an outright alternative. This is down to some of the limitations cyber warranties have.

A cyber warranty will only cover you in the conditions outlined by the vendor. For example, the warranty might not cover ransomware or business email compromise attacks. This isn’t necessarily a big problem, after all, even cyber insurance coverage is limited. However, this could leave you exposed if you don’t have alternative coverage, such as insurance. 

In short, the safest approach is to view cyber warranties as a useful safeguard that works in tandem with traditional cyber insurance.

Confused about whether cyber insurance is right for your business? Check out our new guide, covering all the basics you need to make an informed decision.

Cyber insurance trends 2023

What are the benefits of cyber insurance?

benefits of cyber insurance

With cyberattacks rife and rising all the time, cybersecurity is essential, but so too is cyber insurance. Although many businesses have been slow to adopt such cover, the world is beginning to wake up to the substantial benefits of cyber insurance for safeguarding an organisation. Here we look at the significant advantages it offers.

Why choose cyber insurance?

Businesses are increasingly at risk of falling foul of cyber-related incidents. Recent data shows that global cyberattacks increased by 38% in 2022, compared to 2021.  And the UK saw a massive 77% rise. The fact is, cybersecurity is never 100% effective.

Should the worst happen, having cyber insurance could be the difference in ensuring your business gets up and running again quickly. Some 60% of small businesses close within six months of suffering a cyberattack. So having some sort of back-up plan is crucial.

But why do you specifically need cyber insurance, rather than just standard business insurance? Well, cyber insurance is a specialist product that protects you from cyber risks and those related to IT infrastructure. The fundamental benefit of cyber insurance is that it covers risks that aren’t generally included in standard commercial liability policies, which tend to just cover costs related to technical issues, such as corrupted hard drives and lost devices.

Managing a cyber incident, such as a data breach or ransomware attack, requires detailed technical knowledge, which specialist cyber insurance can offer. Cyber insurance policies provide you with the means to implement incident response measures, such as legal assistance, public relations support and forensic investigation. 

As well as minimising any business disruption and supplying financial protection during an incident, a big benefit of cyber insurance is that it could help with any legal and regulatory actions after an incident. Although it won’t solve all your cybersecurity challenges or prevent a cyberattack from happening, cyber insurance can help your organisation get back on its feet.

Want to protect your business but unsure where to start? Check out our free guide to cyber insurance.

What could your cyber insurance cover?

As with other types of insurance, the benefits your cyber insurance includes will depend on the cover you choose. Opting for first-party cover will protect you against the direct results of a cyberattack. Alternatively, third-party cover is more comprehensive and will include the indirect consequences of a cyberattack. This provides protection for managed service providers (MSPs) that supply professional services to other companies. It’s key to covering your liability should a cyberattack on you lead to losses from a partner or customer.

Online threats are multiplying all the time, and cyber insurance will cover you for a wide variety of these risks, such as data privacy breaches, phishing attacks, distributed denial of service (DDoS) attacks, and malware, including the dreaded ransomware attack. 

Depending on the exact policy you choose, it should cover:

  • Loss of business income 
  • Legal action and fines, like GDPR charges
  • Ransom costs, if your data is held hostage
  • PR support to regain damaged trust
  • Possible repair costs 
  • Data breach measures, such as investigative proceedings

Access to expert advice and support

A key benefit of cyber insurance is that it gives you access to expert advice and support. Expertise on threat management is an important part of cyber insurance, and some insurers supply businesses with threat monitoring and management services. For example, according to the UK government’s Cyber Security Breaches Survey 2022, one organisation said that their insurance enabled them to monitor the dark web and flag if any of their accounts were being sold there.

Access to expertise on breach recovery was also named in the survey as a key reason organisations take out an insurance policy. This benefit can help companies ensure business continuity after a disruptive breach. Some policies also include access to expert forensic analysis of what caused the breach. This is important to help a business rectify the problem and implement preventative measures to make sure it doesn’t happen again.

Enhanced cybersecurity

Another valuable benefit is that a cyber insurance policy can help you build a strong cybersecurity framework. Insurers will require you to have a good level of security to be eligible for a policy. They usually carry out a risk assessment as part of the underwriting process to ensure your business isn’t a high risk. This can involve just completing a straightforward questionnaire or may go as far as involving an in-depth analysis of your security. However, like other kinds of insurance, your premium will decrease if you are judged to be a lower risk.

The eligibility criteria for cyber insurance cover can act as a framework to ensure good cyber hygiene. But, a simple way to boost your level of cybersecurity is to gain Cyber Essentials certification. Some insurers will offer discounts on insurance premiums if you have this, and simply by being certified, you can reduce your cyber risk by 98.5%. Cyber Essentials is a UK government-backed scheme covering everything your business should do to protect against cyberattacks, demonstrating that you take cybersecurity seriously.

Peace of mind

A big benefit of cyber insurance, which shouldn’t be overlooked, is that it provides considerable peace of mind. You can have all the strong cybersecurity possible to protect your business. However, with the ever-evolving threat landscape, you can’t be 100% sure you won’t still suffer from a cyberattack. With cyber insurance, you have the final safety net in place to ensure that you won’t have to worry about recovery costs if the worst happens and disaster strikes.

While cyber insurance doesn’t prevent an attack, it’s designed to stop a bad situation from getting worse. So, if you’re concerned about a cyberattack destroying your business, cyber insurance gives you complete peace of mind. You will have an extra layer of protection in addition to your cybersecurity, to cushion the blow.

Cyber insurance trends 2023

5 cyber insurance challenges for small businesses

cyber insurance challenges

Small business, smaller risk of a cyberattack? Not quite.

Small businesses are still susceptible to cybersecurity threats. Whether your business consists of a single person or a number of employees, you must be protected. 

One in five small firms say they’ve experienced a cyberattack at one point. And many don’t think they have the finances or time to set up security precautions – or in some cases – don’t realise the need to. But it doesn’t have to be this way. 

There are a few simple steps you can take to remain protected. And they could make you eligible for all-important cyber insurance cover.

Why do you need cyber insurance?

Many sophisticated cyber threats exist today. Phishing, malware, ransomware, hacking; the list could go on. Having cyber insurance in your business will help you recover faster if an incident occurs. If your business deals with sensitive customer data, does a lot of business over the internet or doesn’t have coverage from any external cybersecurity providers, cyber insurance is worth investigating.

Cyber insurance includes coverage for damage or loss of information from IT systems and networks. This includes both first-party and third-party risks, depending on your insurance plan.

  • First-party risks: This includes anything that could impact your business assets. For example, a cyber-attack on your software or theft of digital assets.
  • Third-party risks: This covers the assets of others, like your customers. For example, security and privacy breaches of customer data.

For a small business, cybersecurity insurance is pivotal for protecting you in worst-case scenarios. So, how can a small business obtain cybersecurity insurance?

Not sure where to start with cyber insurance? Check out our guide for everything you need to know.

How to overcome cyber insurance challenges as a small business

Just like any other type of insurance, you need to meet your providers’ criteria. 

Every cybersecurity insurance provider will have its own process, but the typical route to qualify will range from a simple questionnaire to a detailed analysis of your cybersecurity environment by your insurer.

Meeting basic cybersecurity standards will make your small business significantly more likely to qualify. 

Here’s what you can do:

1. Keep software up-to-date and protected

Keeping your software equipped with antivirus protection is a surefire way of avoiding basic cybersecurity threats. And ensuring that all your programs are regularly patched keeps your systems in line with your manufacturer’s latest cybersecurity updates. 

By taking these basic measures, insurers will see your business as more trustworthy.

2. Protect your network with a firewall

A firewall is a network security system that monitors and controls your network traffic. Its parameters are based on predetermined security rules across incoming and outgoing traffic. It creates an effective barrier between your network, and anything considered an ‘untrusted’ network – an opportune place for cybersecurity threats to creep in. 

By implementing one, insurers can recognise that you’ve reduced the chance of a cybersecurity threat occurring.

3. Implement regular security checks

Not every small business owner is expected to understand the ins and outs of cybersecurity. Instead, smart cybersecurity software can help you manage regular security checks and provide monitoring, 24/7. 

The best software can also act as an educational tool – providing greater awareness about cybersecurity training opportunities, policies you can implement, and giving your people more control of their own cybersecurity. This shows insurers that you’re taking a proactive approach to cybersecurity.

4. Regularly back up your data

Insurers want you to minimise the risk of data loss as it’s costly and impacts your reputation. 

Make sure your data is backed up using external media or a secure cloud service. Consider that you need to manage and store first-party and third-party data in different ways. 

5. Manage user access rights and permissions

User access rights are an important part of staying secure. You want to make sure only the right people have access to sensitive data, without impacting anyone’s ability to do their actual job. 

In a business, enforcing a ‘least privilege access’ policy is a common way of managing access rights. This is a policy that only allows users to have the minimum level of access or permissions needed to perform their jobs, and nothing more. It restricts access rights to only users, accounts, and processes that require certain types of data.

This creates a safer environment for your data and it helps to protect employees from causing accidental or harmful actions, thus reducing risks for insurers. 

Improve your cyber hygiene to get cyber insurance

‘Cyber hygiene’ is the steps your business can take to protect itself from cyberattacks, like the list above. 

It’s like the practice of washing your hands – but for cybersecurity. Cyber insurance providers look for businesses with good cyber hygiene practices in place, as you’re less likely to be impacted by cyber threats. 

Alongside the list above, a cybersecurity certification is also a great method of overcoming cyber insurance challenges and improving your cyber hygiene. It can provide all the protection you need, and more, and is created by the UK government – making it ideal for small businesses looking for industry-standard protection.

Cyber insurance trends 2023

How Much Does Cyber Insurance Cost?

The cost of cyber insurance can vary considerably depending on several factors. For example, the size of your business, the sector it’s in and the sensitivity of the data you deal with. However, in the current cyber threat landscape, the cost to your business of not having any cyber insurance in place could be catastrophic. So, let’s take a closer look at the cost of cyber insurance, what it covers, and what may impact your premiums.

What is cyber insurance and why do you need it?

Just as you insure your car against damage and loss, cyber insurance is a contract between you and an insurer whereby they agree to pay you for any losses you incur related to your IT infrastructure or data management. It’s a relatively new kid on the block in the world of insurance, only thought to have originated in 1997

However, with the rapid rise of the Internet, cyber insurance has become increasingly popular. Few businesses can now hope to succeed without some online presence. And, you need to do all you can to protect yourself from cyberattacks and the damage these can do to your company.

The bottom line is that cyber threats have skyrocketed in the last few years, with the rise in hybrid and remote working increasing the vulnerability to attacks of many businesses. In fact, recent research shows that in 2021 there were 50% more cyberattacks per week on corporate networks than in 2020.

If your company is a small or medium-sized business, you could be forgiven for thinking that you’re relatively safe from such threats. After all, media reports typically focus on attacks on large organisations, but this isn’t the case. Threats such as ransomware attacks can affect any company.

For example, the 2021 Verizon Data Breach Investigations Report revealed that 61% of all small and medium-sized businesses had reported at least one cyberattack in the previous year. What’s more, 43% of all data breaches involve small and medium-sized businesses. 

According to Hiscox, a small business is hacked in the UK every 19 seconds. And cyber breaches cost the average small business £25,700 in basic ‘clear up’ costs each year. Although there are cybersecurity best practices you can adopt to decrease the likelihood of a successful attack, there’s no such thing as complete protection. So, the next best thing is to purchase cyber insurance to help mitigate the risks and possible effects of a cyberattack.

Want to protect your business but unsure where to start? Check out our free guide to cyber insurance.

What’s the cost of cyber insurance?

There are two main costs when you take out cyber insurance:

  • Your insurance premium: This is the basic cost of your insurance protection, payable monthly or yearly
  • Your insurance excess: This is the lump sum that you pay if you make a claim. If you choose a small excess, this will usually make your insurance premium more expensive

As with all insurance, the cost of cyber insurance to your business depends on various factors:

  • The size of your business: This can be a strong influencing factor on the cost of cyber insurance. The more staff you have, the higher the risk of you falling foul of phishing and social engineering attacks. A company with a large annual turnover is normally more expensive to insure than a smaller business
  • Your business sector: Certain industries are more vulnerable to cyberattacks than others. For example, a finance organisation or charity may be at higher risk than a restaurant
  • The strength of your cybersecurity: If the cybersecurity measures you have in place are robust, you may be rewarded with lower insurance premiums. It, therefore, pays to employ strong security protocols and educate your staff on cyber risks
  • The amount and sensitivity of the data you deal with: If your business has a small customer base, or doesn’t hold a lot of sensitive data, you may pay less for your cyber insurance. For instance, a healthcare facility that stores lots of

    highly sensitive personal information will usually pay more than a hairdresser
  • The level of cover you choose: If you opt for a basic policy, providing limited protection, it’s likely to be less expensive than a more comprehensive policy

Picking the right type of cover

Cyber insurance falls into two main types. And it’s important to choose the right one for your business. 

  • First-party cover: This protects your company against the direct results of a cyberattack
  • Third-party cover: This includes the indirect consequences of a cyberattack. It also provides protection for businesses that offer professional services to other businesses. For example, if you’re being sued by another company for errors you’ve made which have resulted in damages

First-party insurance is usually less expensive than a third-party policy.  However, it doesn’t provide as much protection. Not all businesses need third-party protection, but organisations that are mostly technology-based will probably need to consider it.

What cover do you get for the cost?

Cyber insurance will cover you for a range of cyber risks, including:

  • Malware, including ransomware attacks
  • Denial-of-service attacks
  • Social engineering attacks, including phishing
  • Data privacy breaches

Although it’s difficult to estimate exactly what your cyber insurance costs might be (every business is different), it should cover you for:

  • Loss of income
  • Repair costs and damage control
  • Fines and legal action, such as GDPR violation charges
  • Ransom costs, if someone holds your data hostage
  • Public relations support, to regain damaged trust
  • Data breach measures, including investigative proceedings and customer support

Is the cost worth it for small businesses?

Despite the benefits of having cyber insurance, it’s still underused. The DCMS’ Cyber Security Breaches Survey 2022 found that only 43% of businesses have a cyber insurance policy. For many businesses, this is down to cost. Prices rose in the UK by 102% in the first quarter of 2022 alone.

So, is it worth it?

At the end of the day, an insurance policy won’t protect you from a cyberattack happening. Only strong cybersecurity can do this. But, given the speed and sophistication of cyberattacks, being hit as a small business isn’t a question of if it will happen, but when.

So, cyber insurance can be invaluable, as it will help to put you back into the state you were in before an attack took place. Your insurer can also provide skills and expertise, such as ransomware negotiation, PR cover, and data recovery skills that you might not have in-house.

The cyber insurance market is changing

Protecting your business on a budget can certainly be tricky, but new products are now disrupting the insurance space and offering more cost-effective solutions. Cyber insurance is evolving and CyberSmart is at the forefront of this revolution. 

The traditional, standalone cyber insurance model, without protection or monitoring, is fast becoming obsolete and driving substantial premium increases. Providing insurance before managing the risk is fundamentally flawed, leading to suboptimal outcomes for the insurer and the insured. However, CyberSmart takes a more holistic view of risk, not just looking at technology, but also at processes and people to reduce the level of cyber risk as a whole. 

With CyberSmart Active Protect, you can proactively manage risk 24/7. It identifies risks and provides simple, jargon-free instructions for fixing vulnerabilities. Our user-friendly platform ensures everyone in your business is working safely, with visibility of every device in your organisation.

In addition, we also offer £25k worth of enhanced cyber insurance for free with Cyber Essentials certification completed. So you can minimise your risk of cyberattacks, gain peace of mind, and cover yourself with affordable insurance, in case the worst should happen.

If you’re considering cyber insurance or just curious as to what it’s all about, check out our guide, Cyber Insurance Trends 2023. It’s a great introduction to the industry and you can download it, for free, here.

Cyber insurance trends 2023

What can the UK learn from the US cyber insurance market?

Cyber insurance

Why is the US streets ahead of the UK when it comes to businesses adopting cyber insurance? And what can we learn from our American cousins? 

Why is cyber insurance important? 

To illustrate why cyber insurance is important, let’s compare it to a business insurance policy. It’s widely accepted that any organisation operating without business insurance is at best foolhardy and at worst crazy. There are so many potential things that could go wrong. 

You could be the victim of fraud, a workplace accident could lead to legal action against you, or an electrical fire could turn your hardware into a husk of melted plastic. The possibilities are endless and any one of them could seriously damage or even end your business.

It’s vital for your business’s health (and a good night’s sleep) to know you’re covered should the worst happen. 

The same is true of cyber insurance. We’re unused to thinking of it in the same way as business cover, but cyber insurance is becoming increasingly necessary. Up to 88% of UK companies have suffered breaches in the last 12 months, according to Carbon Black. Meanwhile, Hiscox reports that a UK SME is successfully hacked every 19 seconds. 

Up to 88% of UK companies have suffered breaches in the last 12 months.

All this means that UK SMEs are experiencing double the number of cyber risks that they did in 2018 with the average cost of a breach also quadrupling. There’s a clear case for widespread cyber insurance adoption,  so how are UK businesses doing? 

What does the cyber insurance market look like in the UK?

Given the risks we’ve just outlined, you might think that British businesses are clamouring for cyber cover. But, unfortunately, cyber insurance adoption is relatively low in the UK. 

There are a couple of reasons for this. The first is a simple case of awareness. As we mentioned earlier, getting business insurance is considered common sense by most organisations. However, awareness of the need for cyber insurance lags some way behind. We simply aren’t used to considering it as an everyday business cost. After all, if you’re lucky enough to have never been successfully attacked, why would you?

The second reason is the cost. A Deloitte survey, looking at 504 middle-market commercial insurance buyers, found that 41% of businesses claimed insurance costs were too high. And 33% of organisations reported ‘dissatisfaction with the service.

41% of UK businesses claim insurance costs are too high.

However, it’s not all bad news. 41% of businesses still purchased cyber insurance after conducting a risk assessment. What’s more, a further  41% were prompted to buy a standalone insurance product by attacks on other industries. 

Why is the US ahead?

There’s an old adage that ‘everything’s bigger in America’. It’s usually said sarcastically by embittered Europeans, but when it comes to cyber insurance it’s true.  

Despite net premiums being low for an insurance market ($1.94b in 2018), the US market is growing fast. 40% of US businesses purchased cyber coverage in 2018, with a further 40% buying for the first time in 2019. During the same period, the average US cyber claim size shot up to around $181k for an SME and over $5.5m for a large business. 

So why is the US market more advanced than what we’re currently seeing in the UK?

It’s partly because the US is at the forefront of the fight against cybercrime. The US currently leads the world in data breaches with an average breach cost of $8.64 million and is the second most attacked country on earth after Germany. So for companies based in the US, cyber threats are seen as part and parcel of business. 

The average cost of a data breach in the US is $8.64 million.

However, it’s also down to public perceptions of cybercrime. Many of the most high-profile cyberattacks have been on large American companies such as Twitter, Microsoft and Marriott, meaning cybercrime is given loud and regular media coverage. This makes the threat appear much more immediate than elsewhere.

What can the UK learn from the US?

Before we delve into what the UK can learn, it’s important to note that the US market has its limitations. As recently as 2017, 75% of SMEs in the US didn’t have cyber insurance, meaning adoption hasn’t always been as widespread as figures suggest. And there’s still some mistrust of the industry.  For evidence, look no further than US Pharma Giant, Merck which found itself at the centre of a media storm after being denied a payout following a breach. 

But for the time being, at least, the US remains ahead of the UK market. So what can we learn? 

Close the expectation gap

First, UK insurers need to close the expectation gap between service and consumer within the industry. Many small businesses view themselves as not ‘valuable enough’ to be attacked. And insurers need to do more to convince SMEs that they’re being threatened because they’re ‘vulnerable rather than valuable’. 

Update the industry model 

One of the biggest barriers to greater adoption of cyber insurance is the perception among SMEs that it’s expensive. 

The current cyber insurance model was created in the early 2000s, aimed at multinationals and large tech firms on the west coast of America. The world has changed a lot since then. In an age where even the smallest businesses are online, a new approach is needed. Insurance professionals need a better understanding of the financial limitations of their market and a pricing structure to suit.

Make it easier to address cybersecurity concerns 

Perhaps the greatest difference between the US and the UK market is how proactive US insurers are. In the UK, we tend to focus on educating businesses on the importance of cybersecurity rather than helping them to get cyber secure.

Cybersecurity can be confusing and for a small business owner, the prospect of going it alone can be daunting. So more needs to be done to guide businesses along the path to better cyber hygiene. For example, recommending all clients get Cyber Essentials certified is a great start. 

What does the future hold? 

Although the UK is currently behind the US, things are unlikely to stay that way for long. The US market is slowing. Meanwhile, many insurance brokers in the City of London are targeting cyber insurance as a key area for growth post-covid. 

So are we about to enter a future where cyber insurance becomes as commonplace as business or contents insurance? That depends on insurers adapting the current, dated model in favour of an approach that supports SMEs. 

Looking to improve your cybersecurity but not sure where to begin? Start 2021 the right way, by getting certified in Cyber Essentials, the UK government scheme that covers all the basics of cyber hygiene.

CTA button.