The Covid-19 pandemic has forced many SMEs to work remotely, but this comes with a larger cyber risk exposure for businesses

With cyber attacks increasing and evolving over lockdown, Aviva is predicting a surge in cyber insurance demand for SMEs post-pandemic, as it sees sales for this demographic begin to increase.

As the pandemic forced businesses to work remotely and digitally, cyber attacks have increased – 46% of UK businesses have reported a cyber breach or attack in the last year, but only one in three SMEs have the relevant cover in place for these events, according to the Department for Digital, Culture, Media and Sport’s Cyber Security Breaches Survey 2020, published last March.

Last month, Aviva launched its new comprehensive cyber insurance proposition on Fast Trade, the insurer’s proprietary trading platform powered by Acturis. The product is designed to cater to the increasing threat of digital crime for SMEs.

Speaking exclusively to Insurance Times, Neil Arklie, head of cyber insurance at Aviva, said that although the product is still relatively new in the UK retail market, he believes it will follow trends in the US, where there has been a large growth in SMEs.

Due to the pandemic and social distancing measures, businesses have been forced to embrace digital methods of working, but that equates to larger exposures, Arklie pointed out. 

He said: “Cyber insurance has quickly moved from an add-on to an absolute must-have to protect businesses against an attack and to ensure they have fast access to expert specialists if a breach does occur, so they can return to normal as quickly as possible.

”Cyber attacks can take many forms and can have a devastating effect on a business. Aviva’s cyber insurance allows SMEs to continue to operate with confidence and offers jargon-free policy wording, ensuring clarity on coverage.

“Aviva are seeing increased sales. Also, this is still perceived [as a] ‘luxury purchase’ and as we start exiting the uncertain economic times post-Covid, we expect the sales to increase at a faster rate.”

Aviva’s recent Risk Insights Report found that cyber is the fifth largest risk British businesses face.

Risk management

When asked what businesses should consider in a cyber policy, Arklie said that for SME customers, incident response and forensics are essential. But for larger corporate customers, legal crisis management and forensics should be a top priority.

He added: “Pre-breach services were seen as a ‘nice to have’ but post-breach services were absolutely key.

”As cyber risks grow, the pre-breach risk management services will become more important. Aviva has focused on making sure these areas are best in class in our cyber proposition.”

Aviva’s policy wording also covers the Internet of Things and cryptocurrencies as it is designed to evolve with new exposures.

One such example is cryptojacking, a form of hacking.

Aviva supports its underwriters, customers and brokers with these discussions using its Cyber Playbook, which is a guide to cyber insurance for brokers. It also hosts webinars and holds training courses on its e-learning solution, Aviva Development Zone.

‘Golden hour’ 

Speaking about cyber claims regarding network security, Arklie said the first three days of response are key – this is termed the “golden hour” and requires coordinated support. One example of this is the recent CNA Hardy ransomware attack. 

This type of claim is “very disabling” for businesses, as often experts are needed to take control and get the client up and running again.

For example, on a privacy liability claim, what went wrong would need to be looked into as well as managing the regulatory reporting and legal issues.

“The resultant legal issues could be for a longer period, along with quantifying the client’s loss of income,” Arklie said.

Post-pandemic, Arklie believes the way forward is “good cyber hygiene across all devices that are connected to the company’s network”.

This is especially the case since many employees have switching to home working, or a more hybrid model of combined home and office working, as the UK emerges from lockdown.

Aviva works with various cyber security specialists to provide cyber hygiene. This includes CyberSmart, which uses a compliance software platform to ensure businesses meet cyber security standards and has an app to continually monitor devices.

The insurer also works with Kaspersky, which provides computer security products for home users, as well as Bob’s Business, a cyber security training company.

Aviva’s cyber insurance covers a range of first party, third party and reputation management costs, as well as risk management support, experts from third party specialists and rapid response.

It is for businesses with turnovers of up to £250m and its indemnity limits range from £25,000 to £5m, with low excesses and competitive rates.