CommercialFebruary 9, 2023

Why dropping your cyber insurance is a bad idea

As businesses are forced to make cuts and scale back their spending in light of the cost of living crisis, it seems that cyber insurance is one of the most common products where they choose to drop their cover. This choice may be made by businesses who do not see cyber cover as urgent or immediately necessary, but with ever-evolving cyber threats and the potential for disaster in the wake of such an attack on your business, this is a highly risky expense to cut.

Is your business at risk from a cyber attack?

In most small and medium sized businesses, responsibility for data control under the Data Protection Act lies with the owner of the business. The loss of personal or customer data can bring significant financial loss and/or prosecution. Any attacks could also significantly impair the company’s ability to operate. Therefore if your business:

  • * holds sensitive customer details such as names and addresses and banking details
  • * is heavily reliant on computer systems to conduct its business
  • * has a website
  • * is subject to a payment card industry (PCI) merchant services agreement


then it could be vulnerable to a data breach or loss of vital business service.

In a 2022 UK government survey, 39% of UK businesses identified a cyber attack within the previous 12 months, with 83% of these attacks being phishing attempts. As it is easier to identify a cyber attack if there is a high level of cyber protection in place, it is possible that there were many more businesses with lower levels of security who did not realise their information had been stolen.

For many businesses, a cyber attack can cause a huge amount of financial damage due to offline websites and stolen information, while also negatively affecting the business’s reputation. Without a cyber liability policy in place, businesses will have to tackle these problems alone, without the legal advice or compensation that would come with a comprehensive cyber policy. Businesses can be risking huge financial losses or even bankruptcy in the wake of such attacks, even before considering claims from customers or clients who have had their information exposed or lost business.

Cyber warnings since the Ukrainian invasion

Since Russia invaded Ukraine in 2022, the National Cyber Security Centre has continued to send out warnings to UK organisations regarding making sure that cyber and digital defences are in place and are reliable should any sudden cyber-attacks happen.

While the NCSC is not aware of any current specific threats to the UK, it should be made clear that there is a pattern to cyber-attacks happening when there have been other historical crises  such as COVID-19 and this could just be the latest in a list of international consequences.

What is covered by a cyber liability policy?

  • * Practical support in the event of a data breach
  • * Compensation for loss of income
  • * Payment of the costs associated with regulatory investigations
  • * Reimbursement for the costs of repair, restoration or replacement
  • * Defence costs and damage awards if you mistakenly infringe someone’s copyright
  • * Forensic Investigation costs
  • * Legal advice
  • * Notifying customers or regulators
  • * Support service – offering expert help and guidance
  • * Damage to reputation
  • * Claims for damages made against the business
  • * Civil Penalties levied by regulators
  • * Inadvertently libelling a third party in an email or other electronic communication methods
  • * Reinstatement of data
  • * Credit monitoring to affected customers
  • * Compensation costs
  • * Actively work with the business to minimise losses


Ensure that your business has cyber cover in place

While your business may never be targeted by cyber criminals, it’s impossible to predict the future, and the risk – and potential fallout – is just too big to ignore.

  • While cyber insurance may not seem like an urgent or immediately necessary cost, it can save your business a lot of trouble and money in the event of an attack, and the legal advice, compensation for loss of income, and reimbursement for repair costs may be the very things that keeps your business afloat in the aftermath.