Expert Q&A – Cyber insurance
With Harry Dibben, Lead Underwriter and cyber specialist.
What do businesses need to know about cyber insurance?
With businesses of all kinds finding their digital footprint growing, the risks associated with cyber attacks and data breaches are increasing each year. Whichever sector your business operates in, there are a diverse range of cyber risks that you could be exposed to.
We sat down with our in-house expert, Lead Underwriter Harry Dibben, to answer the key questions about cybersecurity and risk and help you understand all you need to know about the protection provided by a Superscript cyber insurance policy.
Whether you're a new business owner, or a more experienced decision-maker finding your current insurance provider is struggling to offer the kind of protection your need, find out how we help businesses and learn more about Superscript's cyber insurance.
Why should a business consider purchasing cyber cover?
Today, almost no businesses are able to operate without some form of online presence. Even typically ‘offline’ businesses like hairdressers often now rely on Software as a Service (SaaS) booking systems and Electronic Point Of Sale (EPOS) software – such as a contactless card reader – in order to trade.
These systems are becoming increasingly critical to businesses’ ability to succeed, so when it comes to protecting revenue, covering these systems is just as important as maintaining coverage for physical parts of a business (e.g. stock, contents, buildings)
How has the market for cyber insurance changed in the last few years?
As a class of insurance, cyber is still relatively young. Despite being available in some form or another for over a decade, for years it remained out of reach for the majority of companies due to high costs and slow underwriting processes. However, access to cyber cover, and the scope of coverage available, has transformed rapidly in a short space of time.
Cyber began to make its way to the forefront from around 2016 onwards, with the number of cyber insurance policies growing rapidly around the world. This is largely being spurred on by a global awakening to the threats cyber perils pose, as well as reduced barriers to access.
What type of business is cyber insurance most popular with, and why?
Unsurprisingly, cyber insurance is most popular with industries that rely heavily on the internet to carry out their business.
By shifting from a bricks-and-mortar footprint to a digital one, retail businesses have largely led the charge in purchasing cyber cover given how critical cyber perils are to day-to-day operations.
The healthcare sector is also a major buyer of cyber cover, though largely due to data privacy concerns rather than worries about business interruption.
What are the major claims trends within cyber insurance?
Extortion remains overwhelmingly the largest claim type within cyber insurance. Over the last two years we’ve seen the emergence of things such as ‘Quadruple Ransomware’ which involves criminals targeting victims with four simultaneous forms of extortion.
Breach of data, regulatory investigation costs, e-crime, social engineering attacks and other threats also remain very much present in 2023.
What makes our cyber cover different to other products on the market?
Superscript’s cyber insurance product offers considerably more than just financial coverage which helps it stand out in an increasingly crowded market.
In my opinion, chief amongst these is access to the industry-leading Beazley Breach Response service in the event of a cyber attack. This service can help a business confront the damage done by a cyber attack head on, including access to the expertise of legal ransomware negotiators and a team who can help businesses quickly fulfil their legal obligations to inform affected customers.
People tend to conflate ‘cyber’ with ‘data’ which is a very dated approach. In fact, some markets still refer to cyber cover as ‘data breach’ insurance, which doesn’t help things. The scope of coverage provided by a cyber policy is far wider reaching.
Harry Dibben, Lead Underwriter
What is a common misconception about cyber insurance?
A major misconception is that people view themselves as being too small or insignificant to be the victim of a cyber attack. In reality, the data overwhelmingly points to small and medium-sized business (SME) attacks growing at a considerably faster rate than larger entities.
Cyber attacks are not always the stereotypical ‘hacker’ attacks where a human operator specifically targets your business. Many businesses are caught up in non-specific attacks such as so-called ‘Zero Day Vulnerabilities’ in commonly used software where thousands of businesses are hit simultaneously and indiscriminately, regardless of their size.
Are there any scenarios in which a business would have to have cyber cover in place?
At present, there aren’t any mandatory legal requirements for cyber insurance. However, it is increasingly becoming a contractual requirement for firms to have cyber cover in place in order to do business with other parties.
This is largely as a result of a business needing to be able to indemnify the other contracting party in the event of a data breach or leak when processing their data.
Historically this was covered under the professional indemnity section of a policy as it was viewed as forming part of their contractual responsibilities. As such, contractual professional indemnity limits increased as legislation such as GDPR was introduced which put a greater onus on data security and privacy.
In recent years however, as cyber perils are being removed from professional indemnity policies, we are seeing more and more contractual requirements to carry cyber insurance.
Is there anything else people should know about cyber insurance?
The part of cyber insurance which people tend to overlook in the SME sphere is the access to a wealth of experience and expertise that it provides you as a customer.
Let’s use the example of a physical act of theft at an uninsured warehouse. Most people would be well aware of what to do in such an event. They would consider increasing security, contact the police and contact contractors to repair any damage from the break-in.
However, dealing with a threat actor in an uninsured cyber scenario is substantially more complicated. In addition to any costs you’d incur from the event itself, you would then have to hire specialists to even begin to tackle the longer-term implications of the event.
Superscript supports business owners of many different kinds find the right covers to help ensure you're protected against risk, including those associated with the growing threat of cyber attacks. Learn more about our cyber insurance product.
This content has been created for general information purposes and should not be taken as formal advice. Please always refer to your policy documents for full details around exclusions, terms and limits of your customised cover. Read our guide to understanding your policy documents.
- 6 Sep 20234 minute read
The Securities and Exchange Commission (SEC) recently announced sweeping changes to cybersecurity reporting that will have a profound impact. Are you prepared?