Cyber insurance: Why it’s vital for business


Now, IT expert Andrew James tells the BCC that cyber insurance is every bit as vital as a motor policy.

“It’s a big risk to drive a car without motor insurance,” says Andrew, who is head of business development at IT support firm Mintivo. “And it’s just as big a risk to run a business without cyber insurance. Many companies are cutting their spend, but that’s a very short-sighted approach. Businesses constantly underestimate the risk of cyber-crime – if you can afford insurance, you should have it.”

Getting your business back on track after a cyber-attack can be costly and time-consuming, but insurance gives a vital layer of protection. It can help with recovery costs after an incident, as well as mitigating the damaging impact of business interruption. In the event of a data breach, the right policy can help with legal costs too.

“If a company suffers a data breach, it could be at risk of legal action from affected clients,” says Andrew. “Bigger companies have deeper pockets and might be able to fight this, but costs could put a small company out of business. Of course, all this is also a time-consuming distraction from what the business is meant to be doing, which is growing.”

Despite this, research suggests many businesses are cutting their insurance spend. According to a survey from GlobalData, almost 30% of SMBs cancelled their policies in 2021, as a result of cost cutting. Alarmingly, 38% of these businesses mistakenly believe it’s unlikely they’ll be targeted in an attack.

If you’re in any doubt about cyber threats, take a look at the landscape. In 2023, we’ve seen attacks on Royal Mail, WH Smith and JD Sports dominate the headlines. Cybercrime is often seen a problem that only affects large companies, but 96% of all cyber-attacks are directed at SMEs.

“Many smaller businesses definitely underestimate the risk of cyber-crime,” explains Andrew. “It’s often viewed as an afterthought, or time and budget is devoted to other priorities, like investing in sales and marketing, because they create tangible benefits to the growth of the organisation.”

Of course, cyber insurance alone isn’t enough to protect your business. While a policy will mitigate the fallout from a cyber-attack, it must be teamed with robust cyber defences too. Without an effective strategy, obtaining a policy can be difficult.

“Ultimately, it’s not just about having the insurance in place,” says Andrew. “It’s a two-fold strategy. Every firm needs insurance and cyber-security controls. As the risk of cyber-crime increases, claims are going through the roof, and it’s becoming more challenging for some firms to secure cover. Insurers are becoming increasingly specific about the controls and mechanisms you need to have in place before they’ll insure you. Unfortunately, premiums are increasing too.”

Whether you’re looking to secure insurance, strengthen your cybersecurity strategy or both, there are fundamental steps every business should take to ensure it is prepared for cyber-attack. Here, Antonio Vasconcelos, EMEA Field CISO Director at cybersecurity specialist SentinelOne, gives five tips for significantly improving your cybersecurity stance. You can read his SME cyber survival guide here.

  • Conducting regular security assessments can help identify vulnerabilities in systems and networks that attackers could exploit.
  • Implementing robust security controls such as network and cloud security, endpoint security software, user identity protection, and encryption can help protect systems and data.
  • Educating employees about the importance of cybersecurity and how to identify and report potential threats can be a critical line of defence against attacks.
  • Establishing incident response protocols can help minimise the damage caused by a cyberattack and get systems and operations back up and running as quickly as possible.
  • Performing forensic incident response simulations can help prepare an organisation for the aftermath of a cyberattack, and these findings can provide valuable insight into how to navigate the legal and technical challenges that often arise after a breach.

Would you like advice on developing a cyber strategy for your business? The Business Cyber Centre can help, with a free 30-minute consultation. Book here.


At the end of November, the UK government introduced their new, updated Product Security and Telecommunications Infrastructure Bill (PTSI).
Cyber Essentials is a government-backed, industry-supported scheme to help organisations protect themselves against common online threats!
A guide to start by taking cybersecurity seriously.
Paddy Bradley MBE talks about his responsibility in ensuring that the Business Cyber Centre (BCC) is a success.