Five cyber myths

Trying to get your client to understand the value of cyber insurance? Here are the five most common myths and our advice on how to bust them.

Cyber myth 1: “I’m an SME, it wouldn’t be worth anyone’s while to attack my business”

They probably already have. SME cyber crime is increasing.

Plus, because SMEs have fewer processes, they are particularly vulnerable to human error, like the loss of data by an employee. And if that data loss involves sensitive customer data, such as names, addresses, banking information or other confidential records, the impact could be severe.

Cyber myth 2: “My business doesn’t hold customer data, such as names, addresses or banking information”

Ask your client:

- Are you reliant on computer systems and/or email and the internet to conduct business?

- Do you have a website that’s a shop front, sales or support desk for your customers?

- Do you operate a payment card industry (PCI) merchant services agreement?

- Do you use social media?

If your client answers yes to any of the above, a cyber attack could stop them dead in their tracks.

For example: A denial of service (DoS) attack could paralyse a business’s website while a ‘ransomware’ attack could lock commercial systems or information until a release fee is paid.

Plus, good cyber cover doesn’t stop when the incident is resolved, it will also pay for income lost while the business can’t operate.

Cyber myth 3: “We back-up on the cloud, so our systems and data are secure”

When it comes to data, there’s no such thing as completely secure. While a loss of data by a cloud provider wouldn’t be a business’s fault, it could still have a huge impact on their reputation and earnings

Cyber myth 4: “I’m covered under my existing insurance”

Most existing insurance policies do not cover the full range of cyber threats.

What would your client say was their most important asset? Data? Reputation? Yet neither would be covered by most standard property or casualty insurance policies.

Without cyber insurance your client is vulnerable to a spectrum of electronic threats, from viruses and disruptive malicious software associated with highly motivated hackers to petty criminals and organised crime. Not forgetting the acts of careless employees – and even random cyber-saboteurs with no agenda other than scoring cheap and illegal thrills at a business’s expense, simply because they can.

Cyber myth 5: “Cyber cover is expensive“

Not taking out cyber cover could also be expensive. There are almost always immediate costs, for example:

- Let’s say your client’s business has 100,000 customer records that are compromised.

- It will probably be required to write a letter to each of them to report this (a letter is needed because the worst thing a business can do after a data loss is to email their clients to report it)

- At 65p for a first class stamp, that’s £65K gone before the business even starts to look at legal costs.

When all the costs are tallied up, PwC puts the average cost per lost record at £110. Could your client’s business support this?

Then there are long term costs, for example, your client’s business may be fined. From May 2018 businesses can be fined up to 4% of annual global turnover, or €20m, whichever is greater.

Persuaded? Watch our video (on this page) and see how easy it is to get a quote for cyber insurance from our new e-trading portal, Pen Central.