In the wake of digitisation across the workplace and hefty consequences for cyber-mistakes under the General Data Protection Regulation (GDPR), it may seem like common sense to bolster your organisation with proper cyber-security measures, such as cyber-insurance. Yet, recent government research revealed that less than 10 per cent of businesses possess a specific cyber-security insurance policy. Don’t be fooled by the myths surrounding cyber-insurance—separate fact from fiction and find out why you need this type of cover.
- Risk is a reality—Often, organisations justify their lack of cyber-insurance with the belief that their specific business isn’t at risk for a breach. However, no organisation is immune to the threat of a cyber-attack. In fact, 43 per cent of businesses suffered a cyber-security breach last year, according to a recent survey from the Department for Digital, Culture, Media & Sport. If your company stores data of any kind, disaster can happen. Whether your organisation is a large firm or SME, equip yourself with cover.
- IT can’t fix everything—Although having a knowledgeable IT department is certainly a smart move in terms of strengthened cyber-security, do not make the mistake of assuming IT employees are a replacement for proper cyber-insurance. After all, research shows the most common factor in UK cyber-breaches is human error. If your company relies on cloud computing or allows employees to use their personal devices for work, you are exposed to risks beyond the IT department’s reach.
- Cover is worth the cost—More than anything, organisations may debate whether cyber-insurance is worth the cost. In reality, cyber-insurance provides solutions for a variety of cyber-risks, such as network security liability, business interruption, physical asset damage and reputational damage. And—above all—having peace of mind about your cyber-security is certainly better than the dangerous alternative: a constant fear of digital disaster.
Use This Survey to Benchmark Your Annual Cyber-performance Against Your Peers
- Holding data on customers or donors electronically
- Allowing employees to use their personal devices for work
- Permitting cloud computing
There are consequences—Of those that experienced a data breach in the past year, 37 per cent of businesses reported suffering negative impacts, including:
- Temporary loss of access to files or networks
- Software or systems corrupted or damaged
- Website or online services being taken down or slowed
It can happen again—Unfortunately, just because your organisation endures a data breach doesn’t mean you are safe from another disaster. The survey found 17 per cent of businesses that suffered from a data breach in the past year averaged one each month, while 9 per cent of businesses experienced several each day.
Organisations need cover—Despite the threat of data breaches, UK organisations’ cyber-security measures are subpar. In fact, only 9 per cent of businesses reported having a specific cyber-security insurance policy in place. The top reasons for organisations not purchasing cover included:
- Organisations don’t feel they are at risk (41 per cent)
- Organisations lack awareness of available policies (22 per cent)
- Preparation is lacking—Only 27 per cent of businesses have a formal cyber-security policy or policies (down from 33 per cent last year). In addition, only 28 per cent of businesses document their cyber-security risks in business continuity plans, internal audits or risk registers, and only 13 per cent reported having a formal cyber-security incident management process in place.