It’s a sad reality that Australian businesses of all sizes are susceptible to cybercrime, not just large organisations. Did you know that over 55% of small businesses have experienced a data breach and nearly that many again have experienced multiple breaches?
Cybercrime costs Australian businesses a staggering $1 billion annually, yet it remains one of the least insured policy areas, despite being a smart precaution for any size business.
We explain cyber security insurance, what it covers, and provide some guidelines to help you determine whether it’s worth it and how to potentially minimise the cost of a policy.
What Is Cyber Security Insurance?
Cyber Insurance provides cover for financial loss and expenses that businesses may suffer as a result of a cybercrime event, including cyber-attacks from malware or other invasive software, cyber extortion and social engineering.
Examples include a data breach involving the theft of sensitive customer information, credit card fraud, or business systems being corrupted by a virus.
Insurance Coverage
What Is Typically Covered
- Investigation costs
- Extortion costs
- Business interruption costs (loss of profit and operational expenses)
- Breach notification costs
- Data recovery and system damage
- Fine and penalties
- Media Liability
- Crisis management costs
Additional coverage may also be available such as:
- Contingent Business Interruption
- Social Engineering and Funds Transfer Fraud
- Payment Card Data Security Liability
What Isn’t Covered
Cyber insurance policies generally do not cover:
- Potential future lost profit
- The cost to improve internal technology / equipment
- Property damage
- Loss of value due to theft of intellectual property
- Software and security upgrade costs after a cyber event
- Prior known circumstances (before the policy commenced).
The Cost of Cyber Insurance
The cost of cyber insurance depends on a number of factors that vary from business to business. It’s important to understand the factors which may affect your rate so you can better control your costs and still obtain appropriate coverage.
Data Access
Your cyber security premiums will be influenced by who can access your data and systems. Third party IT partners such as cloud providers may be deemed a greater risk than only having internal IT staff accessing data. And limiting access to only the necessary employees, customers and partners can help minimise risk and the policy cost.
Coverage Limits and Needs
Like most insurance policies, your cyber insurance cost will increase if you increase your coverage limits. For instance, a $2 million policy will cost you more in premiums than a $50,000 policy.
Network Security
The risk of cyber threats like computer attacks, data compromise and extortion increase if you store sensitive data on unsecured networks. If you can demonstrate that you implement effective cyber security such as maintaining antivirus software, professional network firewalls and password management, it may lower your cost.
Industry
Professions such as medical practices, IT companies and accounting firms that collect and store large amounts of sensitive data, typically pay more for cyber insurance. This is simply because it costs more to recover from a cyber incident that involves large amounts of sensitive data.
Do I Really Need Cyber Security Insurance?
As a rule of thumb, a business that meets any of the following criteria would benefit from cyber insurance:
- Businesses that use email
- Any business that trades via an online platform or website
- Any business that deals with customer data
- Businesses who rely on EFTPOS machines
- Businesses who rely on IT systems to conduct their business
In short, any business that electronically stores or processes any form of sensitive information or data needs cyber security insurance – which means most businesses in this day and age!
How to Select the Right Cover
Cyber insurance policy cover can range from hundreds to millions of dollars, depending on the risks, type of business and likely cost of an attack. To help determine the right cover for your business, start by asking:
- What is the likely business impact if my website or business is taken offline for days or even weeks?
- Could my business survive if we experience significant losses due to a customer data breach?
- Could my business survive the reputation and brand damage?
You should then consider:
- The type of risks your business is exposed to
- The likely cost to manage and recover from an attack
- The nature and amount of customer data you store
- The current security arrangements in place to protect this data
- The quality of the cover your suppliers and cloud hosting providers have in place to protect your data.
Step One: Review your current security policy and processes
Before purchasing cyber security insurance for your business, ensure you have effective cyber security procedures and systems in place, to help reduce the cost of cover.
An experienced IT company like Surety IT can conduct an IT Health Check to review your current IT and provide recommendations for improvement. We can also work closely with you to develop your business Cyber Security Strategy and implement effective security systems and processes to minimise the risk of cybercrime.
If your business experiences a cyber crime event, Surety IT can support you through our best-practice backup and recovery process so your business critical information and intellectual property is restored quickly. We can also work closely with you to identify security vulnerabilities and implement best-practice cyber security technology and procedures.
