Reliance on silent cyber protection in policies may not cover firms against attacks — Travelers

’Do we really need standalone cyber insurance?’ It’s a question owners of small and medium-size enterprises (SMEs) may ask brokers and insurers as they weigh up priorities in a difficult economy. As clients assess the evolving threats they face, they should be aware of some common myths.

Myth 1: Only large organisations are targets of cyber crime

Threat actors seek easy targets, regardless of the organisation’s size. While updated protections and insurance won’t guarantee that a firm will avoid cyber attacks, these measures do present barriers that may encourage a threat actor to attack a different target.

Myth 2: We have state-of-the-art systems

Even if a business has top tier security, an employee can still fall for a phishing scheme in a moment of distraction, providing a gateway to sensitive client details.

Myth 3: We outsource our data and IT

Under the General Data Protection Regulation (GDPR), even if a business outsources its data, it must keep that information confidential and is liable if it is breached.

If a company’s third party vendor experienced a ransomware attack, for example, the company would still have to contact impacted clients and manage other fallout.

Myth 4: We’ve never had an issue

Businesses that have never experienced a cyber attack are becoming rare.

So far this year, 39% of UK companies have reported cyber security breaches and nearly one-third said they have been attacked at least once a week. Moreover, the actual figure is likely to be much higher because smaller businesses tend not to report cyber attacks.

Myth 5: We are already covered for cyber events in another policy

It’s true that an insurance policy designed to cover other aspects of a business might be used to pay a cyber claim.

However, when a business relies on this type of silent cyber cover – referring to the potential cyber protections contained within a traditional insurance policy - it does not explicitly know what may or may not be covered in the event of a cyber claim.

A dedicated cyber policy provides fit for purpose protection, such as post-breach support that is often needed to help an insured get back on track with minimal interruption and damage to its reputation.

Myth 6: We can handle the cost of a breach. Besides, cyber cover is too expensive

Cyber cover provides not only financial protection, but also a range of post-breach services that are designed to protect a company’s reputation and ability to trade.

For a business that has cyber cover with Travelers, a cyber breach triggers an immediate incident response, including 24-hour access to specialists ranging from IT forensics, data restoration, credit monitoring and PR.

The client will be guided through the steps it must take to communicate with customers, the Information Commissioner’s Office and other stakeholders. This support is critical for SMEs as they are unlikely to have that resource internally or be able to acquire it within the necessary time frame.

Once businesses appreciate the risk of not having standalone cyber cover, the decision to purchase it makes sense.

That said, while most policies are robust, their lack of standardisation makes it important to scrutinise their restrictions. In an environment of evolving cyber threats, cyber cover is an investment in the continuity and longevity of a business. Brokers can help their clients to ensure policies provide the bespoke protection they need.