Now, IT expert Andrew James tells the BCC that cyber insurance is every bit as vital as a motor policy.
“It’s a big risk to drive a car without motor insurance,” says Andrew, who is head of business development at IT support firm Mintivo. “And it’s just as big a risk to run a business without cyber insurance. Many companies are cutting their spend, but that’s a very short-sighted approach. Businesses constantly underestimate the risk of cyber-crime – if you can afford insurance, you should have it.”
Getting your business back on track after a cyber-attack can be costly and time-consuming, but insurance gives a vital layer of protection. It can help with recovery costs after an incident, as well as mitigating the damaging impact of business interruption. In the event of a data breach, the right policy can help with legal costs too.
“If a company suffers a data breach, it could be at risk of legal action from affected clients,” says Andrew. “Bigger companies have deeper pockets and might be able to fight this, but costs could put a small company out of business. Of course, all this is also a time-consuming distraction from what the business is meant to be doing, which is growing.”
Despite this, research suggests many businesses are cutting their insurance spend. According to a survey from GlobalData, almost 30% of SMBs cancelled their policies in 2021, as a result of cost cutting. Alarmingly, 38% of these businesses mistakenly believe it’s unlikely they’ll be targeted in an attack.
If you’re in any doubt about cyber threats, take a look at the landscape. In 2023, we’ve seen attacks on Royal Mail, WH Smith and JD Sports dominate the headlines. Cybercrime is often seen a problem that only affects large companies, but 96% of all cyber-attacks are directed at SMEs.
“Many smaller businesses definitely underestimate the risk of cyber-crime,” explains Andrew. “It’s often viewed as an afterthought, or time and budget is devoted to other priorities, like investing in sales and marketing, because they create tangible benefits to the growth of the organisation.”
Of course, cyber insurance alone isn’t enough to protect your business. While a policy will mitigate the fallout from a cyber-attack, it must be teamed with robust cyber defences too. Without an effective strategy, obtaining a policy can be difficult.
“Ultimately, it’s not just about having the insurance in place,” says Andrew. “It’s a two-fold strategy. Every firm needs insurance and cyber-security controls. As the risk of cyber-crime increases, claims are going through the roof, and it’s becoming more challenging for some firms to secure cover. Insurers are becoming increasingly specific about the controls and mechanisms you need to have in place before they’ll insure you. Unfortunately, premiums are increasing too.”
Whether you’re looking to secure insurance, strengthen your cybersecurity strategy or both, there are fundamental steps every business should take to ensure it is prepared for cyber-attack. Here, Antonio Vasconcelos, EMEA Field CISO Director at cybersecurity specialist SentinelOne, gives five tips for significantly improving your cybersecurity stance. You can read his SME cyber survival guide here.