Cyber Liability Insurance for small to medium enterprises

To insure, or not to insure? Cyber Liability Insurance, that is the question.

Cyber-attacks are becoming increasingly more sophisticated and organisations are struggling to stay ahead of the latest threats to their business operations.

Malicious attackers are persistent in seeking out vulnerabilities in the IT environments of small to medium enterprises, as they pursue the ultimate prize of exploiting both personal and financial information.

Organisations are very aware of the reality of cyber-attacks resulting in data breaches, yet there appears to be a significant gap in the perceived risk of these attacks and the actual procedures in place to mitigate them. Organisations can be limited by not having appropriate security resources, sufficient funding or buy-in from key stakeholders to address the reality of becoming the next victim of a cyber-attack. It is this gap that insurance providers were able to capitalise on and offer organisations cyber liability insurance.

The market for cyber liability insurance is still relativity new, yet is rapidly gaining momentum across the globe. Allianz’s Cyber Risk Guide estimates that just 10% of organisations currently purchase cyber liability insurance but expect that the global cyber insurance market will grow to be worth over $20 billion by 2025. The increase in insurance uptake appears to trend parallel with the continuous development of new privacy and data protection legislation around the world.

Cyber liability insurance seeks to cover small business from the financial burdens that arise as a result of cyber security incidents, such as data breaches. The extent of coverage is varied and customisable to the needs of almost any organisation. Dependent upon the risks to the organisation, they may wish to pursue protection from theft or corruption of their data, a loss of income, incident management, ransomware attacks, data breach notification costs, damage to reputation and protection from third-party liability.

Cyber liability insurance for small to medium enterprises Before issuing a quote, Cyber Liability Insurance providers may request information such as:

The cover limit required
The location of the organisation
Annual revenue
Number of employees
If any cyber insurance claims have been made in the past
If any relevant PCI DSS obligations are being met
If your organisation is compliant with the Privacy Act 1988
What existing security controls/data protection mechanisms are in place

It is critical to understand exactly what is covered in the Cyber Liability Insurance Policy and ensure appropriate business insurance is in place to protect your business from a cyber breach.

Like most insurance policies, making a claim after a cyber incident has occurred can be troublesome if you are not aware of what your coverage entails. In some cases, the policy can potentially be deemed void if you do not adhere to the relevant terms and conditions, or have appropriate security controls/data protection mechanisms in place. While no organisation wishes to ever have to make a Cyber Liability Insurance claim, to minimise business interruption in the event of a breach it is essential that they are familiar with the provisions within the policy and ensure any conditions or endorsements are known and in effect, where applicable.

Thinking about if cyber insurance is right for you?

Please get in touch with your nearest RSM office or directly contact the Darren Booth - National Head of Security and Privacy Risk Services.