Do I need cyber insurance?

5 min read | Published 09/07/2024

Dealing with the consequences of online crime is difficult and expensive, but cyber insurance can ease the financial pain.

Share this guide
twitter-logo
Casually dressed businessman looking at laptop while holding a pad and pen.
Cyber insurance isn’t just for online businesses. Hackers can strike even if you only use social media or email.

Cyberattacks are on the rise. Last year, we saw record numbers of reported incidents of cybercrime. According to one source, incidents were up by 72% compared to the mid-pandemic peak of 2021.

Criminals are ramping up the number of attacks they carry out by using AI tools to make their attempts appear more convincing. Fortunately, cyber insurance can help to protect your business if hackers target you.

Our expert panel reviews all content. Learn more about our editorial standards and how we operate

What is cyber insurance?

Cyber insurance – also known as cyber security, data, or cyber liability insurance – helps you get back on your feet after a cyberattack. 

It’s a difficult time. There’s a lot to do and potentially a lot to spend. The best cyber and data policies help cover the knock-on effects of a wide range of digital incidents. They also help recoup financial losses that you or your customers suffer as a direct result of an attack.

Compare business insurance

Does my business need cyber insurance?

Though it's not a legal requirement, it's worth considering. Legally, your business doesn’t need any insurance except employers’ liability cover. And, that's only if you have staff members. Logically, though, there's many areas of your business that might benefit from the protection of additional insurance. Why? Well, without the right business insurance in place, you could end up out of pocket if the worst happens. For example, a cyber attack.

Cyber insurance isn’t just for online-first businesses. Most businesses use some kind of digital technology, whether it’s social media, online point-of-sale systems or even something as simple as email. Hackers can attack any of these, and the chance of a cyber attack has never been greater.

So, if you’re concerned about the impact of common cyber risks, adding cyber insurance to your business insurance portfolio may be a good idea.

Read more: Do I need business insurance?

What are common cyber risks?

Online criminals don’t discriminate. They attack any target and use all kinds of means to do so.

Here are the main avenues of cyberattack:

  • Social engineering. Although the idea of cybercrime might make you think of hackers with screens full of complex code, the reality is much more mundane. Most attackers use social engineering tricks to get hold of your passwords and data. The primary method is ‘phishing’. This involves hackers sending fake emails that look like the real deal. They usually ask you to enter your details into a form, which is then sent to the hacker.

  • Malware. Malware including viruses, keystroke loggers (a software that records every key you press) and other criminal software can cause havoc when hackers use it directly. But it can also sit on your system quietly, leaking information without anyone knowing until it’s too late. 

  • Ransomware. This is a special type of malware. Criminals use it to lock down computer systems, rendering the data useless until the victim pays a hefty ransom. Sometimes hackers may also threaten to share your data with competitors or the public if you don’t pay up.

The impact of any cyberattack can be devastating. It could result in:

  • Large fines from the government or trade bodies

  • Loss of income or an inability to trade

  • Public scandal, particularly if the data leaks

  • Legal action from affected parties

What does cyber insurance cover?

As with car insurance, insurers tend to split cyber and data insurance into first and third-party coverage. The first party coverage is your business, and can help with:

  • Recovering lost data and systems: If a breach has caused you to lose access to critical data, you may be able to get help getting it back. The same is true if hackers take down or lock your computer systems. It’s important to note that cyber insurance doesn’t guarantee that you can save your data, but it can help give you the means you to try.

  • Cybercrime investigation: Sometimes what’s happened isn’t obvious. You need to find the holes in your defences to stop future incidents. If you need to pay a third party to investigate, insurance can help – or your insurer may be able to offer support of its own.

  • Extortion from hackers: Some attacks, like those using ransomware, involve hackers locking your data and demanding payment to release it. Cyber insurance policies exist that can help pay these ransoms.

  • Reputational damage: A cyberattack can be embarrassing, but some cyber insurance policies can pay towards services to help rebuild your reputation.

  • Business interruption: When cyberattacks bring down systems, you might be unable to carry on your business as usual. If this means you lose money, cyber policies can cover your expenses for a short time while you get back on your feet.

  • Crime-related costs: If your business has been attacked from within, maybe by an employee committing digital fraud, cyber insurance could help pay any fines or fees.

If a cyberattack leads to a claim against your business, third-party cyber insurance can help with:

  • Financial protection: If a cyberattack at your business harms a customer, client or another business, some policies can cover the resulting costs. These might include legal fees or the cost of notifying affected parties. 

  • Liability: Your business can be held liable if a cyberattack against you damages a third party. The right cyber insurance might help pay your legal fees and make settlements. This can be useful if your public liability insurance doesn’t cover cyberattacks.

  • Regulatory compliance: A data breach can lead to your business falling foul of data protection laws. That means a hefty fine – something which insurance might be able to help with.

  • Indirect risk: If a breach happens within your supply chain or at one of your vendors, third-party cyber insurance can protect your business.

What is proactive cyber insurance?

Proactive cyber insurance can help businesses lower their risk by defending against cyberattacks before they happen. This makes sense – the fewer successful attacks, the less the insurer needs to pay out. 

As it's quite a new concept, there isn’t a set standard. In general, though, proactive policies may supply your business with things like:

  • Expert guidance from cybersecurity professionals

  • Software and hardware tools to help with cyber defence or spotting threats

  • Risk assessments and templates to help highlight common cyber risks

Bear in mind that cyber insurance isn’t a security solution by itself. While you might be offered help with digital hygiene as part of a policy, you’re still expected to prevent attacks by your own means. If you don’t, you could invalidate your cover.   

Does professional indemnity insurance cover cyber insurance?

Professional indemnity insurance can include cyber protection.

But, not all policies do. Cyber cover can sometimes fall outside what you can claim for on a standard professional indemnity policy. So, check the policy wording to be sure.

It's also worth considering whether cyber insurance could offer your business a valuable layer of extra cover. If hackers attack you and you can’t provide a service that clients rely on, ensuring you have cover against damages could prove worthwhile.

About Alex Ryde

Alex joined in 2019, bringing his expertise to a range of roles working in both the Analytics and Commercial teams. More recently he has stepped across to focus on Product, where he’s been focusing on scaling up the teams’ SME offering.

View Alex Ryde's full biography here or visit the confused.com press room for our latest news.