Many or all of the products and brands we promote and feature including our ‘Partner Spotlights’ are from our partners who compensate us. However, this does not influence our editorial opinion found in articles, reviews and our ‘Best’ tables. Our opinion is our own. Read more on our methodology here.
Table of Contents
You know better than anyone that your business is your livelihood, which is why you’d never leave your tools unattended or go home for the night without locking up your business premises. But do you go to the same lengths to secure your business in cyberspace?
A data breach or a hack could prove just as expensive for your business as a break-in or a fire at your physical premises, with the average UK business losing £1,205 to cyber crime last year. For medium and large businesses, the typical cost of digital misdeeds soars to over £10,000.
You really don’t need to be running a big business to be targeted by cyber criminals. In fact, the government’s 2024 Cyber Security Breaches Survey found that half of all businesses in the UK had fallen victim to a cyber breach or attack in the previous year.
With cyber crime on the rise – and with ever more business activity taking place online – it’s more important than ever to shore up your cyber defences and get your business the protection it deserves. Cyber insurance should be a key piece in that puzzle.
Cyber insurance, combined with a robust cyber security regime, can help protect your business from online threats, such as phishing and ransomware attacks. Read on to find out how cyber insurance could offer cover for your business (and peace of mind for you).
» MORE: Compare Business Insurance
What is cyber insurance?
Cyber insurance is a type of business insurance policy that can help protect your business against the financial consequences of data breaches and cyber crime.
Your business cyber insurance could cover breaches, security failures and illegal threats, as well as cyber attacks.
And if the worst should happen, cyber insurance can kick in to cover the financial and reputational costs associated with these digital disasters.
You should know, however, that it’s your responsibility to keep your business secure in cyber space. Even the best cyber insurance policy is no replacement for robust online defences.
Think of it in the same way as home insurance: just because you have cover in place, that doesn’t mean you should start leaving the door unlocked when you go out.
However, cyber insurance is there to keep your business going in the event that your defences are breached and your business finds itself with a bill to set things right.
» MORE: Cyber attacks: everything you need to know
What does cyber insurance cover?
Cyber insurance could cover financial losses, damage to your business’s reputation or equipment, and compensation for third parties in the event of a data breach or cyber attack.
The Association of British Insurers (ABI) splits cyber risks into two categories: first party and third party.
First party risks affect the business directly, including business interruption, loss of business data, and reputational damage. Third party risks include the loss of customer details, compensation owed to customers due to a cyber attack, and legal costs associated with defending yourself against claims of a security breach.
To put it another way: first party cover is for damages and losses suffered directly by your business, while third party cover can pick up the bill in the event of a claim due to losses borne by a third party, like one of your customers.
For example, if you trade exclusively online and your business was hacked, your trading could be interrupted for a period of time. First party cyber insurance could cover the income you missed out on while unable to trade.
On the other hand, if your business was the victim of a cyber attack and hackers managed to retrieve your customers’ personal details, third party cyber insurance could cover the cost of contacting affected customers and paying out compensation – as well as legal costs, if applicable.
Some insurance policies may cover either first or third party risks, while others will cover both. It’s worth checking any potential policy with your insurer to make sure your business has adequate cover.
» MORE: What is business interruption insurance?
Who needs cyber insurance?
Cyber threats are ever-present in today’s society. If your business is exposed to a hack or a data breach, you could suffer loss of income and reputational damage – as well as damage to your software or hardware. You may even have to stop trading temporarily while you get your business back on track.
Almost all businesses are involved in the digital world in one way or another. Maybe you have an app-based business bank account or you offer consumers the ability to order and pay for goods online. Or perhaps you have a website where users can create their own accounts, so you need to store customers’ personal data digitally.
In any case, you’ll need to safeguard your business against cyber attacks and data breaches. If you use the internet or any IT systems as part of your business, you may need cyber insurance to protect against these threats.
Business interruption insurance or professional indemnity insurance may cover you in some specific (and quite rare) cases, like if you lose customer data through your own negligence, but you should also look at taking out a specific cyber insurance policy to ensure you’re adequately covered against cyber threats.
In short, if your business sends, uses or stores electronic data, it could be a good idea to take out cyber insurance. The same goes for businesses which use online payments.
» MORE: Do I need business insurance?
How much does cyber insurance cost?
Cyber insurance, like many business insurance policies, can be tailored to fit the needs of your business. The cost of cover can also differ between providers, so it is worth comparing quotes from different insurers to find a policy that best suits your needs.
You can opt for a higher or lower level of cover depending on the size and scale of your business.
If your business would be more financially exposed in the event of a cyber attack or breach – for example, if your business stores large amounts of personal or particularly sensitive customer data – you may need a higher level of cover, which can come with increased premiums. The industry in which your business operates will also play a role in determining the cost of your cover.
Some insurers may offer discounted premiums to businesses that demonstrate good cyber security practices. For example, ensuring staff are trained in cyber security or showing that you have robust cyber defences.
You may be able to get cyber insurance as part of a bigger business insurance package, though some insurers will offer it as a standalone policy.
» MORE: Is your Business Underinsured?
Common cyber crimes
Common cyber threats include:
- Phishing – emails that look genuine but try to trick you into downloading malware or giving away sensitive information, such as your bank details
- Malware – short for ‘malicious software’ such as viruses that can damage your device or extract data from your computer
- Ransomware – software that blocks access to your device until you pay a sum of money (the ‘ransom’)
How can I protect my business from cyber crime?
Whether you have cyber insurance in place or not, your business should still maintain good security practices. Security doesn’t just mean locking your physical offices each night – you need to protect your digital environment too.
You can run a risk assessment to find the weak points in your business’s cyber defence structure. Some companies also offer to simulate an attack on your IT systems to see how well protected they are.
Training your staff – and assessing how cyber-secure your business is – will make it easier to recognise cyber security threats and get into good digital security habits.
For example, the government-backed Cyber Essentials scheme is designed to help businesses of any size learn how to protect themselves from cyber threats.
You can download the assessment questionnaire for free and can then get a recognised certification once a qualified assessor has carried out a technical audit. Certification, which lasts for 12 months, ranges in price from £320 to £600, depending on the size of your organisation.
Image source: Getty Images
DIVE EVEN DEEPER
Home Business Insurance Explained
Construction Insurance
by Henry Williams