Cyber insurance – ignore the myths and get cover

When it comes to cyber insurance, we find many organisations feel that they don’t need it, or that it isn’t applicable to them. Unfortunately, they’re usually incorrect. And if a business opts not to be insured as a result of a falsely held view, their risk of suffering financial loss from a cyber attack increases — often along with associated, and costly, business interruption.

The Clear Group doesn’t want that to happen. That’s why the team has put together this list addressing 10 of the most common myths about cyber insurance — so clients can be sure to avoid them when considering cover for their organisations.

• Myth 1: If you invest enough in IT security, cyber insurance is unnecessary. People often hold the false view that if you invest enough in IT security, cyber insurance is unnecessary. The truth is no matter how much a company invests in IT security, they will never be 100% secure, because cyber attacks are always developing, growing more sophisticated and varying in nature.
• Myth 2: If your IT is outsourced, you don’t have exposure. Even if this is the case, the chances are you’re still liable — and it would be a risky gamble to assume you’ll be successful in claiming back damages from a third-party.
• Myth 3: If you use a third-party cloud provider, the risk is with them. If the cloud service provider suffers an attack and goes down, meaning you cannot operate, it is your business that will suffer first-party business interruption — and the additional costs incurred in attempting to continue trading. It can prove extremely difficult to recoup these losses from your IT provider.
• Myth 4: If you don’t collect sensitive data, you don’t need cover. If your business relies on computers in any way to operate, whether for business-critical activities or simply to bank, there’s a very real cyber threat. Plus, your sensitive data does not need to be exposed for your business to feel an impact — merely being unable to access key systems will put your businesses at risk of financial loss.
• Myth 5: Cyber attacks only affect large companies. While blockbuster data breaches against household names tend to make the news more, attacks against smaller organisations are also frequent. Consider that in the Verizon Data Breach Investigations Report, 58% of victims were categorised as small businesses.

• Myth 6: Cyber attacks only impact certain types of businesses, like financial companies. Criminals do not discriminate; making victims of everyone from building contractors to beauticians. A cyber criminal will likely diversify their attack to target all different types of businesses, increasing their odds of successfully extracting money.
• Myth 7: Cyber cover is already covered by other lines of insurance. While some overlaps do exist (as they do with all lines of insurance), traditional insurance policies lack the depth and breadth of standalone cyber cover, and won’t come with experienced cyber claims and incident response capabilities.
• Myth 8: Business insurance covers cyber risk. This isn’t true — your standard business insurances will not provide the comprehensive protection you need against a cyber-attack.
• Myth 9: The bank has a duty to reimburse theft of funds. If you were negligent in allowing access to a fraudster, the bank does not have a duty to reimburse you. Similarly, if you or an employee were duped into wiring funds to a fraudster, the bank is not at fault and again has no duty to reimburse you.
• Myth 10: A cyber policy only protects against hacking attacks. Whilst hacking attacks are one of the biggest sources of claims, issues often occur as a result of simple human error. For example, an employee may send an email to the wrong address, leave a sensitive device on a train, or make an error when configuring a system. That’s why your cyber policy won’t just cover against hackers, it will encompass the above too.

If you need further support, The Clear Group has a team of cyber specialists ready to help.