Thought About Cyber Insurance?

Here we take a look at cyber security, why you may decide you need it, how much it costs, and where to get it.

What Is Cyber Insurance? 

Cyber insurance is a type of insurance policy designed to protect businesses and individuals from internet-based risks, and more generally from risks relating to IT infrastructure and activities. It provides coverage for financial losses that result from cyber incidents such as data breaches, network damage, and cyber extortion. For example, businesses may face costs resulting from data/security breaches, media content liability (e.g. intellectual property infringement), GDPR defence costs or paying GDPR fines, credit/debit card breaches, data breach response services, data breach notification, legal fees, system repairs, and more.

Why Would Your Business Need Cyber Insurance? 

Just as we need to ensure our most valuable and valued physical-world possessions are protected (e.g. our homes and cars), we now live in a digital age where people and businesses now rely heavily on technology and online platforms to operate efficiently. However, this dependence makes businesses vulnerable to a range of cyber-threats, including data-breaches, ransomware attacks, and hacking incidents. Even a single cyber-attack can result in substantial financial losses, legal liabilities, and reputational damage. Cyber insurance, therefore, provides a safety net, so that businesses can recover financially and operationally from these incidents. By covering costs such as data-breach notification, legal fees, and system repairs, cyber insurance helps mitigate the financial burden of cyber-attacks.

Risk Management Too 

Cyber insurance can also play a crucial role in risk management. For example, it encourages businesses to assess their cyber vulnerabilities and implement robust security measures.

Insurers often require policyholders to adhere to specific security protocols, which enhances overall cybersecurity standards. This proactive approach not only reduces the likelihood of an attack but also ensures businesses are better prepared to respond effectively if one occurs. Therefore, having cyber insurance is not just about financial protection, but it’s also about fostering a culture of cybersecurity within the organisation.

Not Forgetting Regulatory Compliance 

In addition to financial and security benefits, cyber insurance is essential for regulatory compliance. Many industries are subject to strict data protection regulations, such as the General Data Protection Regulation (GDPR) in Europe and non-compliance can, of course, result in hefty fines and legal consequences.

Cyber insurance policies, therefore, often include support for regulatory compliance, helping businesses navigate complex legal requirements and avoid penalties. By providing resources for legal counsel and regulatory guidance, cyber insurance ensures that businesses can meet their obligations and maintain trust with customers and stakeholders.

What Kind Of Things Does It Cover?

As mentioned above, broadly speaking, cyber insurance aims to provide financial cover for things like data breaches, network damage, and cyber extortion. Cyber insurance for UK businesses actually provides comprehensive coverage for various cyber-related incidents. Here are some examples of what it typically covers:

Data Breach Response 

– Notification Costs: Covering the expenses of notifying customers and affected individuals after a data breach.

– Credit Monitoring Services: Providing credit monitoring to those whose personal information has been compromised.

Business Interruption 

– Loss of Income: Reimbursement for lost revenue due to a cyber-attack that disrupts normal business operations.

– Extra Expenses: Covering additional costs incurred to keep the business running while dealing with the cyber incident.

Cyber Extortion 

– Ransom Payments: Payments made to cybercriminals to regain access to data or systems.

– Negotiation Costs: Expenses related to negotiating with extortionists and managing ransom demands.

Legal Fees and Defence Costs 

– Third-Party Claims: Legal expenses arising from lawsuits due to a data breach or security failure.

– Regulatory Fines and Penalties: Coverage for fines and penalties imposed by regulators for data protection breaches, such as those related to GDPR.

Crisis Management 

– Public Relations: Costs associated with managing and repairing the company’s reputation after a cyber incident.

– Forensic Investigation: Expenses for investigating the cause and extent of the cyber-attack.

Network Security Liability

– Liability Claims: Coverage for claims arising from failure to protect data, resulting in data theft or corruption.

– Defence Costs: Legal defence costs for claims related to network security breaches.

Media Liability

– Defamation and Infringement: Coverage for claims of libel, slander, copyright infringement, or defamation resulting from digital content.

Technology and Data Recovery 

– Data Restoration: Costs of restoring and recovering lost or corrupted data.

– System Repair: Expenses for repairing or replacing damaged hardware and software

You may be thinking after looking at this list that there are many more costs than you may have thought associated with dealing with the results of a data breach, cyber-attack, or serious and disruptive network issue. These costs, plus the high levels of ever-more sophisticated cyber-crime, may be the arguments behind many businesses now having cyber insurance.

What Proportion of Businesses Now Have Cyber Insurance? 

Considering the large potential costs of dealing with a serious cyber / network incident (as shown above) it may be a surprise to know that the proportion of businesses with cyber insurance in the UK is still relatively modest. For example, the latest data shows that only 43 per cent (UK Home Office 2024) of UK businesses have a cyber insurance policy in place and within this group, a small fraction, around 5 per cent (Insurance Business UK), have specialised cyber insurance policies tailored to their specific needs. Most companies rely on broader policies that include some form of cyber risk coverage as part of their overall insurance package.

This may be particularly surprising given that according to the Cyber Security Breaches Survey 2024 by the Department for Science, Innovation and Technology (DSIT):

– 32 per cent of businesses and 24 per cent of charities experienced a cyber security breach or attack in the past 12 months.

– Among larger businesses, the figures are higher, with 45 per cent of medium businesses and 58 per cent of large businesses have reported cyber-crimes.

– The average short-term direct cost for businesses dealing with a cyber incident was £1,650, which increases to £6,490 for medium and large companies.

– Long-term direct costs, which include expenses incurred after the initial breach, averaged £782 for all businesses but reached £6,010 for larger firms.

Who Provides It? 

Several examples of the well-known insurers in the UK market that offer cyber security insurance include:

– AXA provides comprehensive cyber insurance that covers a range of cyber risks, including data breaches, business interruption, and cyber extortion.

– Aviva offers cyber insurance policies that can be tailored to businesses of all sizes. Their coverage includes protection against data breaches, cyber extortion, and business interruption caused by cyber incidents, and there is access to a 24/7 cyber incident helpline and expert support.

– Hiscox provides coverage which includes costs associated with data breaches, cyber extortion, and third-party liability, and it offers risk management tools and resources to help businesses improve their cyber security posture.

– Zurich’s offers cyber insurance policies covering a wide range of cyber risks, including data breaches, network security failures, and cyber extortion. Zurich also provides access to a global network of cyber experts and offers pre-breach services to help businesses mitigate their cyber risks.

There are, of course, many other companies that offer cyber insurance. For example, even Amazon now offers it with AWS Cyber Insurance Competency Partners, and through a partnership with Superscript is offering cyber insurance to small and medium-sized businesses in the UK. For example, Amazon Business Prime users can access it product by logging in to Superscript using their Amazon account.

How Much Does It Cost?

Obviously, the price of cyber insurance varies according to factors like the size of the business, the level of coverage, and the industry. However, as a very general guide:

– Small businesses in the UK may expect to pay around £115 per month for cyber insurance / £1,380 annually (Insureon), which can fluctuate depending on the specific risks associated with the business and the amount of sensitive data handled.

– Medium-sized businesses may see premiums ranging from £1,500 to £5,000 per year, with the variation being due to the higher risk and more significant potential losses associated with larger volumes of data and more complex IT systems.

– For large businesses, cyber insurance costs can range from £10,000 to £50,000 annually and can include higher coverage limits and broader protection against various cyber threats (reflecting the greater complexity and risk involved).

What Does This Mean For Your Business? 

The rising tide of cyber threats highlights the urgent necessity for businesses to not just strengthen their cyber security measures, but also to consider adopting comprehensive cyber insurance policies. Cyber-attacks are not only becoming more frequent but also increasingly sophisticated, posing severe risks to financial stability and operational continuity. For businesses, this means that traditional security measures alone may no longer be sufficient. Cyber insurance provides a critical safety net, offering financial protection against the costs associated with data breaches, business interruptions, and other cyber incidents.

Investing in cyber insurance can significantly mitigate the financial and operational impacts of cyber-attacks. Policies typically cover a range of expenses, from data breach notifications and legal fees to system repairs and business interruption losses. This ensures that businesses can recover more swiftly and maintain their operations with minimal disruption. Also, cyber insurance often includes access to expert support and resources, helping businesses to manage incidents more effectively and reduce the risk of recurrence.

In addition to financial protection, it’s important to remember that cyber insurance also plays a crucial role in regulatory compliance. For example, many industries are subject to stringent data protection regulations, such as the GDPR in Europe, and non-compliance can result in hefty fines and legal consequences. Cyber insurance policies frequently offer support for navigating these complex legal requirements, helping businesses to avoid penalties and maintain trust with customers and stakeholders.

For businesses evaluating their need for cyber insurance, it’s important to consider the broader benefits. Beyond immediate financial coverage, having a cyber insurance policy can drive improvements in overall cyber security practice. For example, insurers often require policyholders to implement robust security protocols, fostering a culture of proactive risk management within the organisation. This not only reduces the likelihood of successful cyber-attacks but also ensures that businesses are better prepared to respond effectively when incidents do occur.

Given the substantial costs associated with cyber incidents, the investment in cyber insurance becomes a strategic decision. Whether you are a small business, medium-sized or a large corporation, the protection and peace of mind offered by cyber insurance can be invaluable.

The evolving landscape of cyber threats, therefore, appears to necessitate a multifaceted approach to cyber security and you may decide, for all the reasons mentioned above, that cyber insurance should be a cornerstone of this strategy for your business.

Security Stop Press : Insurance Industry and Security Coalition To Tackle Ransomware

Three major UK insurance associations have united in a coalition with GCHQ’s National Cyber Security Centre (NCSC) to help reduce ransom payments made by victims of cybercrime.

The Unprecedented cross-sector coalition is comprised of the NCSC and the Association of British Insurers (ABI), British Insurance Brokers’ Association (BIBA) and the International Underwriting Association (IUA).

With Ransomware being the biggest day-to-day cyber security threat to UK organisations, the coalition, working closely with the NCSC, has developed a set of guidelines and a frameworks for a broad range of stakeholders including insurance providers, businesses, and cyber security professionals, aimed at reducing the frequency and impact of ransomware attacks.

NCSC CEO Felicity Oswald said: “It’s really encouraging to see all corners of the insurance industry unite to support victim organisations with guidance that will help them to better understand their options and reduce harm and disruption to their businesses.”

Tech News : AI Job Risks – Finance & Insurance

Analysis by the Department for Education’s Unit for Future Skills to try and quantify the impact of AI on the UK jobs market found the finance and insurance sector was more exposed than any other.

The Analysis 

“The impact of AI on UK jobs and training” report published online by the government highlights the results of a study that used US methodology to look at the abilities needed to perform different job roles, and the extent to which these can be aided by a selection of 10 common AI applications.

These applications are:

  1. Abstract Strategy Games: The ability to play abstract games involving sometimes complex strategy and reasoning ability, such as chess, go, or checkers, at a high level.
  2. Real-time Video Games: The ability to play a variety of real-time video games of increasing complexity at a high level.
  3. Image Recognition: The determination of what objects are present in a still image.
  4. Visual Question Answering: The recognition of events, relationships, and context from a still image.
  5. Image Generation: The creation of complex images.
  6. Reading Comprehension: The ability to answer simple reasoning questions based on an understanding of text.
  7. Language Modelling: The ability to model, predict, or mimic human language.
  8. Translation: The translation of words or text from one language into another.
  9. Speech Recognition: The recognition of spoken language into text.
  10. Instrumental Track Recognition: The recognition of instrumental musical tracks.

These AI applications were selected based on their relevance and the progress in technology from 2010 onwards, as recorded by the Electronic Frontier Foundation (EFF). They represent fundamental applications of AI that are likely to have implications for the workforce and cover the most likely and most common uses of AI.

The study also focuses on which occupations, sectors and areas within the UK labour market are expected to be most impacted by AI and large language models, and how this could impact workers in different UK geographic areas.

The Findings 

The key findings of the study show that:

– Professional occupations are more exposed to AI, especially those associated with more clerical work and across finance, law, and business management roles.

– The industries least exposed to AI and to LLMs across industries are accommodation and food services, motor trades, agriculture, forestry, and fishing, transport and storage and construction.

– The finance and insurance sector is more exposed to AI than any other sector.

– The occupations most exposed to all AI applications are management consultants and business analysts.

– The occupations most exposed to large language modelling are telephone salespersons, followed by solicitors and psychologists.

– Workers in London and the South East have the highest exposure to AI (five times as exposed as the North-East of England), reflecting the greater concentration of professional occupations in those areas.

These findings led to some press reports that AI’s incursion into our working lives would most affect ‘city highflyers.’

Qualifications and Training

The study also exposes the qualifications and training routes that most commonly lead to these highly impacted jobs, concluding that:

– Employees with more advanced qualifications are typically in jobs more exposed to AI, e.g. those with a level 6 qualification (equivalent to a degree).

– Employees with qualifications in accounting and finance through Further Education or apprenticeships, and economics and mathematics through Higher Education are typically in jobs more exposed to AI.

Other Studies 

Other studies highlighting levels of exposure to AI (AI taking jobs) include:

– A Pew Research Centre Study (2022) which found that 19 per cent of US workers were in jobs highly exposed to AI, where key activities might be replaced or assisted by AI.

– A Goldman Sachs Report (2023) suggesting that AI could replace the equivalent of 300 million full-time jobs globally. It indicates that about a quarter of work tasks in the US and Europe could be replaced by AI, impacting two-thirds of jobs in these regions to some degree.

IMF  

A recent (October 2023) paper also highlights the dual nature of AI in advanced economies – AI’s potential as either a complement or a substitute for labour. The paper also highlights the important point that women and highly educated workers face greater occupational exposure to AI.

It’s worth noting that the Goldman Sachs Report (shown above) also highlighted this dual effect of AI, showing that AI also has the potential to create new jobs and boost productivity, potentially increasing the total annual value of goods and services produced globally by 7 per cent.

What Does This Mean For Your Business? 

As highlighted in the report for this study (and as supported by the findings of other studies), 10-30 per cent of jobs are automatable with fast-evolving AI putting many of those jobs at risk. This government study confirms largely what many people may have expected – that those in more clerical work and across finance, law, and business management roles (where generative AI’s outputs are particularly effective) are most at risk from AI diminishing their value as workers. There are, of course, many other areas (some highlighted by this report) where generative AI is clearly able to replace or reproduce/copy human efforts to an acceptable degree, e.g. from customer service roles to creative work (artists). Some people may find that it’s disconcerting that jobs/professions which have taken years of study and have a specialist element and high social value (e.g. solicitors and psychologists) are shown in the report to be suddenly and significantly at risk from what are, basically, algorithms.

The report’s findings also makes what seems to be quite a logical conclusion that since there’s a greater concentration of professional occupations in London and the South East, it’s more likely to be negatively affected by AI.

The report of the study also makes the valid point about the dual nature of AI’s effects, i.e., that in addition to threatening many jobs, AI also has the potential to increase productivity and create new high value jobs in the UK economy. However, the main focus of this and other studies may appear to confirm the fears of many, that fast-advancing AI is likely to have a profound and widespread effect on the UK economy and society, and not necessarily in a good way for many peoples’ jobs, skills, and value.

As highlighted in the report, the UK education system and employers will now need to adapt to ensure that individuals in the workforce have the skills they need to make the most of the potential benefits advances in AI will bring. As individual workers, many may now want to look at the ways they can maximise their value and be in a position where they can use and orchestrate what are essentially tools more effectively than others, and in a way that adds value to themselves and their own positions, and/or in a way that creates new opportunities.