Most businesses rely on technology of some kind. Problems with computer systems can cause serious disruption or even business failure. Yet relatively few businesses have proper protection in place, which is offered by cyber insurance.
Business contents insurance may provide peace of mind when it comes to repairing or replacing equipment, but it doesn’t do anything for data that’s been compromised. Recovering lost data can be difficult or impossible. If personal data is compromised, you could face regulatory action and a public relations disaster as well.
Along with traditional risks like theft and accidental damage, you need to protect yourself against online threats such as viruses and cyber attacks. Good security and the right insurance can help minimise the likelihood of a disaster.
Basic IT insurance
Cover for computer equipment may be included as part of your premises insurance. It's up to you to ask yourself whether this provides adequate cover, or whether you need to consider additional protection.
- Does your insurance include accidental damage and breakdown as well as theft, fire, flood and so on?
- Does the policy include mobile equipment such as laptops, smartphones and tablets? Are they covered outside the workplace, for example while travelling or if employees work from home?
- Are employees allowed to use their own personal devices for work, and if so who would be responsible for any loss or damage?
- Do you have business interruption insurance to cover the consequential loss while you're unable to trade as normal?
Basic premises and contents insurance is unlikely to cover all the risks to your computer systems and the losses you could face. You may need to look for specialist cyber insurance to make sure you're covered for:
- problems caused by viruses and cyber attacks such as hacking;
- the full costs of reinstating any data you might lose.
Also think about the harm you might cause to other people's computer systems and data. For example, you might face legal action if you accidentally infect a client's computer system with a virus. If your business provides IT services, you may want to consider professional indemnity insurance that covers these kinds of risk.
Specialist cyber insurance policies can provide:
- help dealing with a cyber attack, including investigating the problem, telling customers and regulators, and following up the possible consequences (for example, if customers' credit card details are at risk);
- the costs of repair or replacement if your website, software or data is damaged by a cyber attack;
- help with any regulatory investigation you face and the costs of any fine imposed on you (for example, for failing to live up to your data protection responsibilities under GDPR rules);
- cover for ransomware and extortion-based software that can encrypt your data. The hackers then will demand a ransom in order to restore your data.
Reducing IT and cyber risks
Good security helps reduce the likelihood of a problem and can cut your insurance premiums. Any insurance policy is likely to specify a minimum level of security that you must have. These typically include:
- physical security for your premises, such as locks and alarm systems;
- security requirements if portable equipment is left in vehicles;
- IT security such as a firewall, antivirus software, regular software updates and sensible password procedures;
- regular back-up of the data.
Regular maintenance helps protect equipment against breakdown. A good backup procedure is essential, with copies of data stored safely away from the computer system.
Finally, it is worth remembering that no security or insurance can provide complete protection. At best, an incident is likely to be disruptive and aggravating. You can help minimise the potential consequences by working out a contingency plan in advance, so that you know what to do if the worst happens.