What Is Cyber Insurance?

You probably don’t need another reminder about the increasing incidences of cyber crime – more than enough headlines and stories of organisations (and even entire countries) suffering major cyber attacks emerge almost every month. So, it should come as no surprise that small businesses are now also a lucrative target for cyber criminals. The reasons for this? There are many, but one of the biggest reasons is that unsuspecting small businesses often do not have sophisticated cyber security software, making them a relatively ‘easy target’.

Cyber insurance is therefore an important consideration for small businesses operating in today’s digital world. It may not be something that would immediately have come to mind when deciding how to best protect your business but increasing reliance on digital infrastructure to run a business has highlighted the significance of this cover more than ever before.

So let’s take a look at how Cyber Insurance works, and how it can help your business in the event you fall victim to a cyber attack.
 

What is cyber insurance?

Cyber Insurance is designed to cover certain financial losses your business incurs as a result of a cyber incident. While more important for companies with digital presences, any business with computers connected to the Internet is vulnerable to cyber risks such as malware/viruses, denial of service attacks and data/privacy breaches. For example, you might have a website where clients can purchase from you, or where you store client data. Such digital presence carries with it a risk of being targeted by cyber criminals, and cyber insurance is designed to help protect against the repercussions of falling victim to cyber crime. A cyber incident can take many forms – such as malware, business email compromise and phishing. All of these have varying consequences, such as identity theft, financial theft and privacy breaches.
 

Why does your small business need cyber insurance?

Although the importance of cyber insurance has become more and more prominent, research indicates that 1 in 5 small business owners still do not take cyber risks seriously. The consequences of cyber crime can be just as severe as (if not more than) an event such as theft, or a fire. If you use the internet to perform your service, or as part of your overall business operation, then suffering a cyber incident could have significant financial and reputational implications for your business.
 
Cyber Incidents continue to occur in high quantities, the fourth quarter of 2022 alone saw 2,200 reported cyber incidents in New Zealand. Research indicates that just over 40% of businesses in NZ have experienced at least one cyber incident in their time trading. Even if you have top-notch security technology in place, hackers are becoming more and more sophisticated everyday in their efforts to bypass security infrastructure, so the likelihood of suffering a cyber incident is ever-present. While antivirus and other security tech is important to have in place, they are not the silver bullet.

What’s more, 90% of cyber security breaches occur as a result human error, such as an employee accidentally opening an attachment containing malware, so you can see why ticking all the boxes with antivirus software might not be enough.
 
 

What does Cyber Insurance cover?

A claim under cyber insurance may cover a number of costs, liabilities and losses associated with the cyber incident in question.

Firstly, if you suffer an attack, it’s likely you and your business will incur your own costs as a result of the event. For example, costs to obtain advice and support; costs to identify the source and scope of the attack; restore your systems; recover your data and notify victims of privacy breaches. All of these are known as ‘first party losses’, and include costs to get your business back up and running. Remember though, not all costs are covered under cyber insurance; for example, salary costs for employees, damage to property other than computer hardware, internet or utility outages and uninsurable fines.
 
With technology now having an ever increasing role in business, cyber insurance also provides interruption cover for loss of profits when a cyber event impacts your businesses ability to operate at usual capacity.

If your business experiences a cyber attack, it may also cause financial loss to third parties you deal with, such as clients and/or suppliers. For example, if you transmit a computer virus to a third party or disclose confidential information, that third party may suffer their own losses. Cyber Insurance can help to cover your liability for these costs as well. This is called ‘third party liability’, and the losses incurred from this can be substantial.

Following a cyber attack, it can be tricky to work out what your next steps should be to minimise damage, so another important feature under Cyber Insurance is access to an incident response specialist. An incident manager’s role is to help coordinate the steps your business needs to take to recover from the cyber incident.

This can include:

  • a forensic investigation of your computer systems

  • obtaining legal advice

  • responding to regulators if needed (for example if there has been a privacy breach)

  • public relations support to help minimise reputational damage

  • costs to secure your computer systems against a future cyber attack

 

How much does cyber insurance cost?

Just like any other insurance policy, the cost of cyber insurance depends on a number of factors. The usual factors that are taken into account all still apply, such as the size of your business, revenue, your employees, and the industry you operate in.

When calculating your premium for Cyber Insurance, there are some additional factors considered, such as potential downtime following an attack, types of data stored, likelihood of human error, cyber security sophistication and reliance on automation, systems or data.
 

How can cyber insurance mitigate risk?

When it comes to mitigating cyber risk, cyber insurance is just one piece of the puzzle. Due to the complex and ever evolving digital landscape businesses operate in today, protecting your business from cyber crime has multiple aspects. These include technical elements such as having appropriate security protections in place; employee factors like ongoing training and awareness; as well as the need to constantly stay up to date with latest cyber security developments and legislation.

However, despite taking every preventative step, it is still possible for businesses to suffer cyber attacks, due to unavoidable circumstances, and this is where Cyber Insurance plays an important role. A cyber attack can be costly – the losses incurred from suffering one could mean that you’d have to go into debt to cover the cost of getting your business back up and running, or even shut your doors completely. Cyber Insurance mitigates risk by helping to pay the cost for your business to recover from an attack.
 
CERT NZ is a great service to utilise – they provide numerous resources for New Zealand businesses to help in their journey to strong cyber resilience, including handy guides like Top 11 Cyber Security Tips for your Business.
 

What's the difference between cyber risk insurance and cyber liability insurance?

This may vary between different insurers and brokers in the terminology and wording they use to describe their products. For some providers it may mean the same thing, whereas with others there may be a difference in cover. Generally though, Cyber Risk Insurance is broader cover, and usually includes both First Party Coverage and Third Party Liability. Cyber Liability Insurance on the other hand might not have the First Party Coverage included, and only cover your liability to third parties as a result of a cyber incident. It is therefore important when taking out Cyber Insurance to ask your broker about the coverage included in the policy so you can be sure you’re making the right decision based on your business’s needs.
 
 
Say hello to an Aon Cyber Insurance specialist today and find out how we can support you on your cyber risk journey.

Contact | Duncan Morrison | duncan.morrison@aon.com

This website contains general information only and does not take into account your individual needs or financial situation. It is important to note that limits, excesses, terms and conditions and exclusions apply to the products and services outlined on this website. Please refer to the relevant policy documents for details of cover, the provision of which is subject to the insurer’s underwriting criteria that apply at the time. Please contact us if you have any questions.