Why now might be the time to get cyber insurance

Ransomware attacks are getting worse and for some businesses, the fallout might be irreparable, unless steps are taken to insure your organisation.

Data breach continues to see exponential growth worldwide, putting businesses at risk of suffering financial, reputational, and operational damages. It then raises the question: “Aside from developing a robust cybersecurity policy, how else can I protect my business from cyberattacks?”. 

 

For many organisations – big and small – this issue couldn’t be more timely. In its State of Cybersecurity Resilience 2021, Accenture, a professional and consulting company specialising in information technology (IT), reported a 31% increase in the number of cyberattacks in 2021 to 270 from 206 in 2020. The survey covers 4,744 global respondents. 

 

Cyberattacks are “unauthorised access of data, applications, services, networks or devices”. The most common cyber incidents involve ransomware, where cybercriminals hold data hostage in exchange for money. 

 

According to Deloitte, a professional and financial advisory company, one of the factors that contributed to the recent spike in cyberattacks may be the shift in remote working, as a result of the COVID-19 pandemic.

 

“Working from home does not guarantee the same level of cybersecurity as an office environment. When using a personal computer or laptop to access corporate files and data (even with the security of an MDM [mobile device management] solution), users are more exposed to cyberattacks,” Deloitte explained. “For example, employees may not run an antivirus or anti-malware scan regularly, if at all. A home working environment does not have sophisticated enterprise prevention and detection measures. Additionally, home Wi-Fi networks are much easier to attack.” 

 

Cyber insurance: why it matters

 

If a cyberattack is successful, an organisation could take a huge financial hit. In the United Kingdom, this could be an average of GBP 4,200 (OMR 1,897), according to an official government report. For medium and large businesses, the estimated cost is around GBP 19,400. 

 

Global technology company IBM estimates that the cost of cyberattack has increased by 13% from 2020 to 2022, and customers are paying the price. According to the report, 60% of studied organisations raised the prices of their products and services due to the breach, inflicting additional burden to consumers at a time when the cost of goods are already high due to inflation and supply chain issues. 

 

A breach could also have far-reaching consequences, including theft of data, business disruption, loss of customers, and loss of investor confidence. 

 

This is where cyber insurance come into play. It is worth pointing out, however, that cyber insurance does not prevent a cyberattack from happening. What it does is help your business get back on its feet following an attack. For SMEs, this kind of support is critical. 

 

In Oman, cyber insurance is also known as cyber liability insurance. Most cyber insurance policies provide first- and third-party coverages. 

 

For first-party coverage (the business), the policy will cover the cost of recovering lost data, restoring computer systems, investigating the cybercrime’s origin, loss of income resulting from business disruption or shutdown, crisis management. Cyber insurance could also provide you access to experts who can help mitigate further risks from the cyberattack. 

 

For third-party coverage, cyber liability insurance will cover the cost of claims against you as a result of the attack. This could be in the form of legal defence fees, the cost of notifying customers, and monitoring of your customers’ stolen details.

 

What to look for in a cyber insurance policy

 

When shopping around for a cyber insurance policy, here are a few things to keep in mind:

 

1. Get someone who speak the cybersecurity jargon on board – Identify people in your organisation who can help translate the technical information contained in the cyber insurance policy. This may be your chief information officer, or if you don’t have one, it’s best to seek the help of a cybersecurity consultant. Having someone who understands the technical terminologies and processes will be crucial in helping you make an informed decision. 

 

1. Third-party coverage – This is vital as the cost of compensations could seriously hurt your business’ ability to recover from the cyberattack. Find out the extent of third-party coverage the provider can give and if this is appropriate for your organisation. 

 

1. Coverage for common and emerging types of cyber threats – Cyber threats are constantly evolving so it’s important to ensure that in the event a new threat emerges and attacks you, your policy will cover you for damages.

 

1. Value-added services – The post-cyberattack response is critical because it will minimise the fallout and improve your organisation’s cybersecurity resilience. Check what services the provider can offer as part of the cyber liability insurance. This may be access to technical experts who can train your team, and guide you in reducing your company’s cybersecurity risks.