By: Bertus Visser, Chief Executive of Distribution at PSG Insure
Gone are the days where cybersecurity was a minor concern, or one limited to big businesses. More so than ever, cybercriminals are looking for easy prey, and the target could be anyone.
A cybersecurity breach is a common occurrence that can lead to business interruption, loss of data, time-consuming recovery, expensive legal issues, among others. It’s essential that your clients be made more aware of the potential risks out there, and what can be done to manage them. Here are some top considerations.
Every business is at risk
SMEs and smaller commercial clients are as much at risk as bigger clients. SMEs will have their own niche clientele, which could be appealing personal information to pursue. As data is so valuable, criminals will try any means necessary to get hold of it. An employee thoughtlessly clicking on a link they shouldn’t, can be one easy access point, or a disgruntled employee can be a big risk to leaking sensitive information. No matter what the size or scope of a business, appropriate cyber protection needs to be in place.
The required combination
A cyber insurance policy, together with robust cybersecurity preventative controls like anti-virus software, is a combination all businesses should subscribe to. In fact, most underwriters of cyber insurance will sub-limit coverage and insist that the insured has backups of their data and proper security in place. Far too many businesses rely on free anti-virus software and infrequent back-ups, but one can no longer afford to be careless.
While cyber insurance will differ between providers, it’s worth noting that the SME sector may have set or fixed bouquets of cover available. Many underwriters work with cybersecurity specialists and will often pass security risk improvement information onto the insured. The limits will vary depending on the nature of the risk, and as cyber policies are a blend of first- and third-party insurance coverage, it’s essential to truly understand what your clients need (and what you are offering them). A cyber policy could extend to cover a data breach, restoration, cyber extortion and ransomware, confidentiality and privacy, network security and media liability. Crucially, business interruption cover needs to be considered, which is its own section within cyber cover.
Cyber cover clarity is key
Advisers need to understand their clients’ businesses to grasp how big of a breach exposure really exists, should cyber-crime lead to business interruption.
It’s important to understand the cyber exposure versus professional exposure that a client faces, such as one working in the IT sector. Cyber policies generally cover a hack of the insured’s systems. Where the business has been negligent in rendering their technology services, that’s generally professional indemnity coverage related instead.
The premiums for business interruption cover within a cyber product are generally much cheaper than business interruption cover premiums on assets. While a tough economy makes any upselling a challenge, getting your clients to see the severity of cyber risk is essential. Without proper cover, they could be in for serious losses.
You must understand what your client does, and what their real risks are to advise on the products best suited to them.
Top cyber tips
- Businesses storing a lot of customer and employee info should have third party liability cover in place, including regulatory defence, fines and penalties.
- Businesses dependent on web/online traffic and e-commerce need to invest in business interruption coverage under cyber.
- Companies that operate manufacturing plants that are connected to the internet, should also consider business interruption under cyber.
All businesses are potential targets for ransomware and extortion so that element of cover is a must have for anyone; just some will require even more robust cover, depending on their risks. At least annually, a cyber policy needs to be reviewed. Keep in mind that if your client’s business is growing, their cyber risk may evolve too.