Ultimately, businesses have no legal obligation to take out cyber insurance, however for any business which uses digital technologies and handles personal data, cyber insurance comes highly recommended.
In some limited and specific instances, your business interruption cover may include a level of cyber cover, however you shouldn’t just assume that this is the case – if uncertain, you should contact your insurer or broker to ensure you have adequate cover to suit your business needs.
Since cyber threats are so varied, it’s always best to take out a cyber insurance policy that covers a range of eventualities, should the worst happen you need to ensure your business is adequately covered as the costs associated with a cyber incident, as we have discussed earlier, can be astronomical.
When taking out cyber insurance, there’s a number of questions that you should ask to ensure that your cover is adequate, indeed, working with a qualified insurance broker is the best way to go about this as brokers have the intricate knowledge needed to ensure the right questions get answered and that the best possible cover can be provided.
Some of the questions you should consider include:
- What data, systems and devices need to be covered?
Do I need any specific software? i.e. anti-virus, encryption, etc.
Will I need to keep my systems and mobile devices updated?
What prerequisites must the business consider? i.e. password protection, specific allocation of items, etc.
What types of cyber incident could the business be impacted by?
What types of cyber incident are covered by the policy?
Does the policy cover claims by third-parties?
Are the limits of the policy appropriate to that business?
Does the insurer provide any immediate services in the event of a cyber incident?
Does the insurer provide any additional, after incident support?
What measures need to be in place to make a claim?
When taking out a cyber insurance policy it’s important that you remain in close contact with your insurer or broker, this is because the digital landscape is forever evolving and new risks regularly present themselves. Good communication can ensure that your business has the correct and most up to date cover. For example, if your business switched to using a new service to host personal information, the insurer would need notification of this to ensure the policy remains valid, or that any necessary changes can be made in order to accommodate the new service.
Above all, the protection of data is paramount and whilst businesses are moving their data storage to electronic devices it is making protecting it much more difficult. The cyber-scape is a complex place, it’s ever changing and there are so many factors to consider when securing data that the chance of something detrimental happening is higher than ever before.