Cyber threats are continually evolving with attacks becoming more frequent, sophisticated and targeted. Four in ten businesses reported a cyber-attack or breach in the latest UK government survey, with the average cost of cyber-attacks in the last 12 months being £4,200. *
Cyber insurance exists to help businesses large and small recover the financial costs of data breaches. However, the price of your cyber insurance policy depends on a few factors, such as the industry you operate in, your annual turnover, risk level, the type of data held and the amount of cyber security you have in place. Like other types of insurance, your premium will decrease if you are perceived as less of a risk.
In this article, we explore the appropriate measures that are designed to bolster data protection.
What is cyber insurance?
Cyber Insurance (also referred to as cyber risk or cyber liability insurance) is a form of cover designed to protect your business from threats in the digital age, such as data breaches or cyber hacks, provide financial protection during an incident and help with any legal actions after the incident.
What does cyber insurance cover?
There are two types of cyber insurance. Depending on the type of business you have, you can take out one or both:
First-party insurance covers your business’s own assets such as lost money, data, software, intellectual property or customers to cybercrime.
Third-party insurance, also known as cyber liability insurance, covers the assets of others, for example, your customers. Hackers may steal customer information, damage their data, block their accounts or tamper with their websites.
How can cyber insurance premiums be lowered?
The main way to reduce your cyber premiums is by improving your business’s cyber security solutions. By implementing the following strategies, your cyber security strategy will reflect the cyber security characteristics insurers look for when evaluating a business’s risk profile.
1. Become Cyber Essentials certified
Some insurers offer discounts to insurance premiums if businesses have recognised security defences in place, such as the Cyber Essentials or Cyber Essentials Plus certification and can prove their commitment to cybersecurity. Both are government schemes which are available to organisations of all sizes and help businesses protect themselves against a range of common cyber-attacks.
The Cyber Essentials certification also qualifies some businesses for up to £25,000 in free cyber security insurance.
It is reported that 6% of businesses have the Cyber Essentials certification and only 1% have the Cyber Essentials Plus. * The cyber security certification aims to reduce an organisations’ risk of attack from internet-borne threats by around 80%.
If you’re wanting to step up the security protection of your business to avoid the impacts of serious cyber-attacks, we strongly recommend these certifications. As a fully trained and licensed Certification Body, we can help you implement and achieve the Cyber Essentials and Cyber Essentials PLUS certifications. Find out more.
2. Implement Multi-Factor Authentication (MFA)
MFA is a security authentication method requiring two or more steps to successfully access an account or device. Typically, these elements are knowledge, inherence and possession. Generally, users must provide a password and verify access by inputting a code sent to another device. MFA protects businesses by adding a layer of security that can block 99.9% of attacks stemming from compromised accounts.
3. Implement cybersecurity awareness training for staff
Everyday employees are the frontline of your defences and represent the biggest possible attack vector. Cybercriminals are much more likely to target those who lack security knowledge than IT professionals who will recognise a phishing attempt.
If employees don’t practise basic cyber security hygiene, they could compromise your business by falling for a phishing attack or downloading malicious software. This is even more apparent in the new hybrid working era where people are detached from workplace norms and become less vigilant.
Cyber security awareness is critical so that your employees understand the risks, know how to spot threats and take the right actions accordingly.
4. Keeping devices and software up to date
Device manufacturers and app developers will usually release software updates regularly. These updates will often contain new features, fixes for bugs and performance improvements. They will often also contain security patches and new security features, both of which it’s important to install.
Patches matter because they fix flaws in products that attackers can use to compromise your devices. New security features make it harder for attackers to successfully compromise your devices.
It is reported that 16% of businesses still have older versions of Windows installed, because of this they may be more vulnerable to cyber security breaches. *
5. Use of a Managed Security Service Provider (MSSP)
A MSSP is a third-party provider of managed cyber security services designed to reduce risk and protect against security breaches, whilst managing compliance with regulatory standards.
MSSPs work closely with industry-leading information security and business continuity partners to make sure that they provide the most advanced solutions available.
As a full-service MSSP, we provide advanced detection, incident response and recovery against the newest security threats – helping you safeguard your systems, data and people. Find out more.
Only 43% of businesses have purchased cyber liability insurance. * If you’re a business that typically deals with sensitive customer data, does a lot of business over the internet, and doesn’t have cover from other external cybersecurity providers, cyber insurance is worth investigating.
*Cyber Security Breaches Survey 2022
