cyber security

Does your business need cyber Insurance?

Imagine for a second that your business premises are broken into and your assets are stolen or damaged. What would you do?

One of the first calls you are likely to make is to your insurance company. But what if it’s not your physical property that’s taken the hit; what if it’s your data?

With businesses being nine times more likely to suffer a cyberattack than a break-in and SMEs collectively subjected to almost 10,000 attacks a day, many organisations are rightly taking steps to bolster their IT systems and employee training.

As well as cybersecurity and helping SMEs ensure their systems are robust and secure, one thing we are increasingly being asked about at Dragon IS, is whether businesses should also be investing in cyber insurance.

Here, we take a closer look at what this type of insurance covers and why it’s something every business should consider.


What is cyber insurance?

Sometimes referred to as ‘cyber and data risks insurance’ or ‘cyber liability insurance’, cyber insurance covers businesses against losses resulting from a cyber attack. It is a market that is growing rapidly and expected to expand hugely in the coming years.

Such policies are basically there to protect an organisation in the event of a malicious and harmful breach of its IT systems.


Who is cyber insurance for?

If you’re a small business handling a limited amount of data, you may be asking yourself “do I really need cyber insurance?” but the reality is cyber attackers are opportunists and it’s not just large organisations who are under threat. Small businesses are a target and can also be seen as a ‘way in’ to large organisations.

Two thirds of small businesses have already been a victim of cybercrime, meaning that nowadays it is more of a case of ‘when’ than ‘if’. Having a cyber insurance policy ensures that if the worse should happen, your business has the financial support it needs to handle the fallout.


When should I take out cyber insurance?

As with all types of business insurance, cyber insurance should ideally be put into effect as soon as you begin trading. While it’s not a legal requirement of companies operating in the UK, the rise in cyber criminals targeting business enterprises underlines the need to protect your intellectual property.

If your business does any of the following, you are at risk and could benefit from having cyber insurance:

  • Stores customer data on file, including names and email addresses
  • Holds employee records
  • Has an electronic log of its suppliers
  • Uses a computer
  • Takes or makes electronic payments
  • Operates a website (even non-transactional)


What does cyber insurance cover?

Cyber insurance will vary from policy to policy but will typically cover your business against any cybercrime that breaches your IT systems and puts the integrity of your business at risk. It may also cover financial losses or outgoings your business sustains, as a direct result of the attack.

Most cyber insurances will offer protection against the following:


Present or future cyber threats

Cyber attacks or IT breaches can take a number of forms, from viruses that infect one or more of your computers, to ransomware that can lock you out of important files. Cyber insurance protects you against these present-day threats and any new forms of attack cyber criminals unleash in the future.


GDPR breaches

Stealing sensitive data businesses hold is a common goal for cyber criminals. If your business was to suffer a data breach that put customers at risk you could be fined for GDPR non-compliance and even face legal action. Cyber insurance covers the financial ramifications associated with this nature of attack.


Business disruption

In the wake of a cyber attack, your business may have to temporarily cease trading or suffer damage to its reputational that in turn negatively impacts on sales performance. Cyber insurance can help you manage your financial outgoings and offer compensation against loss of earnings.



If you’ve had no choice but to pay a cyber criminal a ransom to regain access to your IT systems – something which a quick search on Google reveals is increasingly common – cyber insurance can step in to help you recoup the costs and cover any fees you may have paid to a third party negotiator.


How to protect your business from cyber attack

While having a solid cyber insurance policy in place will be beneficial in the event of a successful attack, you should also do everything in your power to reduce the risk of one happening in the first place, and to mitigate the potential damage caused.

An insurer will expect you to demonstrate IT best practice too and that reasonable measures were in place to safeguard your business.

While larger organisations may be able to splash the cash on a dedicated in-house IT team, smaller companies with limited resources still have options. One cost-effective solution is to outsource to a specialist IT managed services provided, who can help ensure your systems are robust and secure.

At Dragon IS we specialise in supporting small and medium sized businesses, giving our customers complete peace of mind that their systems are protected, but also efficient and able to evolve with the changing needs of the growing business.


To book a free GDPR & Cyber Security Review with a member of our team, please click here.
You may also be interested in: Cyber security: 10 top tips for small businesses.