IT and cyber insurance

A man in a suit typing at a laptop that has smoke coming out of it

Most businesses rely on IT. Problems with your computer system can cause serious disruption or even business failure

Repairing or replacing equipment that's been stolen or damaged is only part of the problem. Recovering lost data can be difficult or impossible. If personal data is compromised, you could face regulatory action and a public relations disaster as well.

Along with traditional risks like theft and accidental damage, you need to protect yourself against online threats such as viruses and cyber attacks. Good security and the right insurance can help minimise the likelihood of a disaster.

Basic IT insurance

Cover for computer equipment may be included as part of your premises insurance. It's up to you to ask yourself whether this provides adequate cover, or whether you need to consider additional protection.

  • Does your insurance include accidental damage and breakdown as well as theft, fire, flood and so on?
  • Does the policy include mobile equipment such as laptops, smart phones and tablets? Are they covered outside the workplace, for example while travelling or if employees work from home?
  • Are employees allowed to use their own personal devices for work, and if so who would be responsible for any loss or damage?
  • Do you have business interruption insurance to cover the consequential loss while you're unable to trade as normal? Does this include losses caused by problems such as the failure of your internet service provider?

Additional cyber insurance

Basic premises and contents insurance is unlikely to cover all the risks to your computer systems and the losses you could face. You may need to look for more specialist insurance to make sure you're covered for:

  • problems caused by viruses and cyber attacks such as hacking;
  • the full costs of reinstating any data you might lose.

You may also need to think about the harm you might cause to other people's computer systems and data. For example, you might face legal action if you accidentally infect a client's computer with a virus. If your business provides IT services, you may want to consider professional indemnity insurance that covers these kinds of risk.

Specialist cyber insurance policies can provide:

  • help dealing with a cyber attack, including investigating the problem, telling customers and regulators, and following up the possible consequences (for example, if customers' credit card details are at risk);
  • the costs of repair or replacement if your website, software or data is damaged by a cyber attack;
  • help with any regulatory investigation you face and the costs of any fine imposed on you (for example, for failing to live up to your data protection responsibilities);
  • cover for other IT-related risks, such as if someone claims that you're misusing their intellectual property.

Reducing IT and cyber risks

Good security helps reduce the likelihood of a problem and can cut your insurance premiums. Any insurance policy is likely to specify a minimum level of security that you must have. These typically include:

  • physical security for your premises, such as locks and alarm systems;
  • security requirements if portable equipment is left in vehicles;
  • IT security such as a firewall, antivirus software, regular software updates and sensible password procedures.

Regular maintenance helps protect equipment against breakdown. A good backup procedure is essential, with copies of data stored safely away from the computer system.

Finally, it is worth remembering that no security or insurance can provide complete protection. At best, an incident is likely to be disruptive and aggravating. You can help minimise the potential consequences by working out a contingency plan in advance, so that you know what to do if the worst happens.

What does the * mean?

If a link has a * this means it is an affiliate link. To find out more, see our FAQs.