Cyber insurance should be as commonplace as motor insurance

It’s no surprise to hear that cyber attacks are on the increase, affecting literally all types of business, regardless of size, but it may come as a surprise to learn that small businesses should be viewing cyber insurance on a par with motor or employers’ liability insurance.

We’ve all heard about the large-scale cyber attacks, such as the data breach at British Airways in August 2018, in which around 380,000 transactions were infiltrated, giving hackers access to customers’ personal and financial details. Or the attack on the Marriott Hotel group in September 2018, compromising the data of up to 500 million guests.

But what is not so well known is the level and frequency of cyber attack affecting small businesses across the country. According to a survey by the Federation of Small Businesses, the UK’s 5.4 million small businesses are collectively attacked more than seven million times a year. In the years 2014 and 2015, this cost the UK economy over £5.26 billion.

Small Businesses targeted on a daily basis
With plenty of evidence to show that small businesses are being targeted and attacked every day, it’s perhaps surprising to learn that complacency is a problem and the ‘it won’t happen to me’ attitude is still prevalent. A recent Cyber Readiness report found 78% of UK firms surveyed had major shortcomings in their cyber security readiness, with 45% of all business hit by cyber attack at least once in the last 12 months, and 27% of those SMEs. 

The fact is that cyber crime is a real and growing threat. All too easily, passwords and usernames can be stolen, systems hacked and malicious software or viruses downloaded via a rogue email message.

The recent case of an optician highlights how easily this can happen. An employee clicked on a link supposedly giving details of a speeding offence but in reality it triggered an email from Russia advising Cryptolocker had infected all the company’s business systems, and demanding a Bitcoin ransom for the decryption key. There was no alternative but to pay.

Although the majority of information was reinstated, the optician was unable to trade for a couple of days and spent weeks getting the business back up to speed. Fortunately, they had taken out cyber business interruption insurance, covering them against losses during this time.
One in four companies experienced a breach
In cases of cyber attach, recovery and reinstatement can be a problem. The Small Business Reputation and Cyber Risk Report, launched in February 2016 by the Government’s Cyber Streetwise campaign and KPMG, revealed that one in four companies surveyed who had experienced a breach had been unable to grow in line with previous expectations and nearly a third took over six months to get back on track.

There’s also the problem of reputational damage. The same report revealed that 83% of consumers surveyed expressed concern about which businesses had access to their data and whether it was safe, and over half said that a cyber breach would discourage them from using a business in the future.

With breaches inevitable and GDPR legislation inflicting heavy penalties on those companies unable to secure their clients’ personal data, it’s never been more important to set up a cyber attack plan. J Bennett & Son recommends taking out cyber and data risk insurance to protect your business, providing cover for such areas as cyber extortion, breach costs, cyber business interruption, hacker damage and crisis containment.

The key is to determine the level of cover that suits your business, based on the latest information and your exposure to cyber attack.

If you would like to chat about the sorts of level of cover your businesses might need call us on 01494 450 450 or email us at insure@jbennett.co.uk today.