As Cyber threats continue to evolve, cyberattacks on businesses are becoming more frequent, sophisticated and targeted. Earlier in the year, the *UK Cyber Security Breaches Survey 2024 identified that half (50%) of businesses reported to have experienced some form of cyberattack or breach in the last 12 months. Each single most disruptive breach cost each business, an average of approximately £1,205.
With attacks increasing year on year, more businesses are now opting for Cyber insurance to protect themselves against financial losses in the event of a data breach or cyberattack. However, the price of your cyber insurance policy depends on a few factors, such as the industry you operate in, your annual turnover, risk level, the type of data held and the amount of cyber security you have in place. Like other types of insurance, your premium will decrease if you are perceived as less of a risk.
In this article, we explore the appropriate measures that are designed to bolster data protection.
What is cyber insurance?
Cyber Insurance, also known as cyber risk or cyber liability insurance, provides coverage to safeguard businesses from digital threats like data breaches and cyber hacks. While cyber insurance doesn’t solve all your security issues or prevent cyberattacks on your business, it provides financial protection during incidents and aids with legal actions afterward.
What does cyber insurance cover?
There are two types of cyber insurance. Depending on the type of business you have, you can take out one or both:
First-party insurance covers your business’s own assets such as lost money, data, software, intellectual property or customers to cybercrime.
Third-party insurance, also known as cyber liability insurance, covers the assets of others, for example, your customers. Hackers may steal customer information, damage their data, block their accounts or tamper with their websites.
All insurance providers are different and therefore, it’s important to understand what the policy covers and what the limits of the policy are.
How can cyber insurance premiums be lowered?
The primary method for reducing your cyber insurance premiums is by enhancing your business’s cybersecurity posture. By implementing the following strategies, your cybersecurity approach will align with the bare minimum requirements that insurers consider when assessing a business’s risk profile.
1. Become Cyber Essentials certified
Some insurers offer discounts to insurance premiums if businesses have recognised security defences in place, such as the Cyber Essentials or Cyber Essentials Plus certification and can prove their commitment to cybersecurity. Both are government schemes which are available to organisations of all sizes and help businesses protect themselves against a range of common cyber-attacks.
The Cyber Essentials certification also qualifies some businesses for up to £25,000 in free cyber security insurance.
It is reported that 3% of businesses adhere to cyber essentials. Among large businesses, this rises to 28% for Cyber Essentials and 15% for Cyber Essentials Plus.* The cyber security certification aims to reduce an organisations’ risk of attack from internet-borne threats by around 80%, however, many businesses are still not taking advantage of the benefits.
If you’re wanting to step up the security protection of your business to avoid the impacts of serious cyber-attacks, we strongly recommend these certifications. As a fully trained and licensed Certification Body, we can help you implement and achieve the Cyber Essentials and Cyber Essentials PLUS certifications.
2. Implement Endpoint Detection and Response (EDR)
Endpoint Detection and Response (EDR) supersedes antivirus solutions as it provides advanced, real-time monitoring and threat response for end-user devices. Not only can EDR make your devices less vulnerable to an attack, but it can also provide evidence that you are taking the appropriate measure to prevent an attack.
3. Implement Multi-Factor Authentication (MFA)
MFA is a security authentication method requiring two or more steps to successfully access an account or device. Typically, these elements are knowledge, inherence and possession. Generally, users must provide a password and verify access by inputting a code sent to another device. MFA protects businesses by adding a layer of security that can block 99.9% of attacks stemming from compromised accounts. MFA should be implemented for email and for remote access to adhere to the bare minimum cyber insurance requirements
4. Implement cybersecurity awareness training for staff
Everyday employees are the frontline of your defences and represent the biggest possible attack vector. Cybercriminals are much more likely to target those who lack security knowledge than IT professionals who will recognise a phishing attempt.
If employees don’t practise basic cyber security hygiene, they could compromise your business by falling for a phishing attack or downloading malicious software. This is even more apparent in the new hybrid working era where people are detached from workplace norms and become less vigilant.
Cyber security awareness is critical so that your employees understand the risks, know how to spot threats and take the right actions accordingly.
5. Keep devices and software up to date
Device manufacturers and app developers will usually release software updates regularly. These updates will often contain new features, fixes for bugs and performance improvements. They will often also contain security patches and new security features, both of which it’s important to install.
Patches matter because they fix flaws in products that attackers can use to compromise your devices. New security features make it harder for attackers to successfully compromise your devices.
Windows 10 still remains the most popular Windows desktop worldwide, with over 60% market share. It’s important to note that Windows 10 is approaching end-of-life, which can leave business exposed to even more cyber threats
6. Use of a Managed Security Service Provider (MSSP)
A MSSP ( managed security services provider) offers third-party managed cybersecurity services to reduce risk, protect against breaches, and ensure compliance with regulatory standards.
MSSPs work closely with industry-leading partners to provide advanced solutions and cyber security services.
As a full-service MSSP, we help businesses safeguard their systems, data, and people from the latest security threats.
Obtaining more attractive cyber insurance premiums
Around four in ten businesses (43%) report being insured against cyber security risks. If your business handles sensitive customer data and conducts significant online transactions without external cybersecurity coverage, consider exploring cyber insurance.
To secure more favourable cyber insurance premiums, your organisation should proactively mitigate cyber risks beyond the minimum requirements. This includes considering more advanced solutions which are now being mandated by insurance providers, such as
- Disaster Recovery / Business Continuity / Incident Response Plan
- Password Management
- Managed Detection and Response (MDR)
- Security information and event Monitoring (SIEM)
- Data Loss prevention (DLP) tools
A full breakdown can be found below:
Complete your Cyber Resilience Strategy with Cyber Insurance
Cyber insurance is crucial for businesses in today’s digital landscape, providing financial coverage for cyber incidents.
Discover more strategies to help improve your IT and cyber security in our blog, ‘Strengthening Your IT Resilience in 2024 & Beyond’.
Alternatively, feel free to contact us for further assistance in enhancing your security posture through cyber resilience.
*Cyber Security Breaches Survey 2022
