According to the Cyber Readiness Report 2017*, 45% of UK businesses have no plans to take out cyber insurance and think that a cyber insurance policy is not relevant for them.
With new legislation such as GDPR being drafted by the European Union and other governments, businesses need to start taking the issue of cyber security more seriously. The big effect the new EU directive will have on businesses is that any major service provider or operator of essential services must notify the authorities when they suffer a cyber-attack that results in the loss of data. The directive also aims to put pressure on companies and organisations to make their cyber security robust enough to resist a cyber-attack. Failure to do so could result in hefty fines.
With a majority of small businesses foregoing cyber insurance the costs of potential fines for a data breach could be devastating. The reputational loss alone would be significant as it would be for larger organisations.
Cyber is no different to other threats
Cyber-crime is a daily occurrence and it is imperative that companies adopt a pragmatic approach to cyber insurance from their executive team.
Businesses insure against fire, theft and other criminal activity. Cyber security is no different and a data-breach can be just as, or more damaging to a business’s finances and reputation than more conventional risks.
As stated in the PGI 2016 Cyber Security Survey; “Boards must demand more effective solutions from insurers that cover notification costs, growing regulatory costs, and costs associated with recovering systems after a cyber breach, even if reputational costs are more difficult to define and cover.”
Cybercrime is growing with the digital economy, and in order to keep pace governments and regulatory bodies are increasing obligations upon businesses. The issue of cyber insurance will continue to grow in importance in this emerging market.
*report made by Hiscox