Expert Q&A – Cyber insurance Expert Q&A – Cyber insurance

Today, almost no businesses are able to operate without some form of online presence. Even typically ‘offline’ businesses like hairdressers often now rely on Software as a Service (SaaS) booking systems and Electronic Point Of Sale (EPOS) software – such as a contactless card reader – in order to trade.

These systems are becoming increasingly critical to businesses’ ability to succeed, so when it comes to protecting revenue, covering these systems is just as important as maintaining coverage for physical parts of a business (e.g. stock, contents, buildings)

As a class of insurance, cyber is still relatively young. Despite being available in some form or another for over a decade, for years it remained out of reach for the majority of companies due to high costs and slow underwriting processes. However, access to cyber cover, and the scope of coverage available, has transformed rapidly in a short space of time.

Cyber began to make its way to the forefront from around 2016 onwards, with the number of cyber insurance policies growing rapidly around the world. This is largely being spurred on by a global awakening to the threats cyber perils pose, as well as reduced barriers to access.

Unsurprisingly, cyber insurance is most popular with industries that rely heavily on the internet to carry out their business.

By shifting from a bricks-and-mortar footprint to a digital one, retail businesses have largely led the charge in purchasing cyber cover given how critical cyber perils are to day-to-day operations.

The healthcare sector is also a major buyer of cyber cover, though largely due to data privacy concerns rather than worries about business interruption.

Extortion remains overwhelmingly the largest claim type within cyber insurance. Over the last two years we’ve seen the emergence of things such as ‘Quadruple Ransomware’ which involves criminals targeting victims with four simultaneous forms of extortion.

Breach of data, regulatory investigation costs, e-crime, social engineering attacks and other threats also remain very much present in 2023.

Superscript’s cyber insurance product offers considerably more than just financial coverage which helps it stand out in an increasingly crowded market.

In my opinion, chief amongst these is access to the industry-leading Beazley Breach Response service in the event of a cyber attack. This service can help a business confront the damage done by a cyber attack head on, including access to the expertise of legal ransomware negotiators and a team who can help businesses quickly fulfil their legal obligations to inform affected customers.

A major misconception is that people view themselves as being too small or insignificant to be the victim of a cyber attack. In reality, the data overwhelmingly points to small and medium-sized business (SME) attacks growing at a considerably faster rate than larger entities.

Cyber attacks are not always the stereotypical ‘hacker’ attacks where a human operator specifically targets your business. Many businesses are caught up in non-specific attacks such as so-called ‘Zero Day Vulnerabilities’ in commonly used software where thousands of businesses are hit simultaneously and indiscriminately, regardless of their size.

At present, there aren’t any mandatory legal requirements for cyber insurance. However, it is increasingly becoming a contractual requirement for firms to have cyber cover in place in order to do business with other parties.

This is largely as a result of a business needing to be able to indemnify the other contracting party in the event of a data breach or leak when processing their data.

Historically this was covered under the professional indemnity section of a policy as it was viewed as forming part of their contractual responsibilities. As such, contractual professional indemnity limits increased as legislation such as GDPR was introduced which put a greater onus on data security and privacy.

In recent years however, as cyber perils are being removed from professional indemnity policies, we are seeing more and more contractual requirements to carry cyber insurance.

The part of cyber insurance which people tend to overlook in the SME sphere is the access to a wealth of experience and expertise that it provides you as a customer.

Let’s use the example of a physical act of theft at an uninsured warehouse. Most people would be well aware of what to do in such an event. They would consider increasing security, contact the police and contact contractors to repair any damage from the break-in.

However, dealing with a threat actor in an uninsured cyber scenario is substantially more complicated. In addition to any costs you’d incur from the event itself, you would then have to hire specialists to even begin to tackle the longer-term implications of the event.

Superscript supports business owners of many different kinds find the right covers to help ensure you're protected against risk, including those associated with the growing threat of cyber attacks. Learn more about our cyber insurance product.