Call us on: 02920 887 362
Insights /

Cyber Insurance

To many people, cybercrime is simply another business risk to account for, like someone bumping the company car or a pipe bursting in the office. So, like these other risks,

But cybercrime itself is very different from these other risks, because it seems to be increasing exponentially. Not only are the number and variety of attacks on the rise, but the potential harm they can do to a business is also increasing. And unless you have a robust cyber security training system in place, users can get left behind.

Do I need cyber insurance?

We recommend taking every precaution you can to reduce the risk of cybercrime to your business, including taking out a sensible cyber insurance policy if you can afford one. More on affordability later.

We should stress that while cyber insurance is great to have as part of your risk reduction strategy, prevention will always be better than a response to a cyber incident, no matter how good a response it is. Remember, cyber insurance policies won’t cover everything, including the loss of earnings you could suffer due to the reputational damage caused by an incident.

So cyber insurance is a good investment. But just because you want it, doesn’t necessarily mean you can get it.

Can I get cyber insurance?

Insurers will want to know how robust your cyber security is in order to calculate your premiums. If your current approach to cyber security is particularly poor, they may refuse to insure you at all.

With that said, the requirements of insurance companies shouldn’t be treated as the gold standard; these are minimum requirements and your cyber security measures will ideally be much more stringent. Again, prevention is better than the response.

How Can I reduce my cyber insurance premiums?

Like any insurance, the lower the chances of you needing to claim, the lower the cost of insurance, so improving your cyber security is the best way to reduce our costs. There are a number of things that we can help you with which could reduce your insurance premiums:

Enforce Password Best Practise

The easiest thing you can do today is enforce password best practise. There are a number of resources you can look at but in brief your passwords should be

  • Unique to each account
  • Long
  • Complex
  • Changed often

You needn’t worry about forgetting passwords or not changing them, as this can be facilitated by a password manager.

Enforcing multi-factor authentication will also improve your security.

Get trained

Another factor that can have a big impact on your premiums is cyber security training for your staff. It’s an unfortunate fact that human beings are one of the most exploitable aspects of your cyber security measures, but with the proper training they could be your greatest strength.

We offer an automated training platform that sends security courses straight to your users’ inbox. The system allows you to measure the risk profile of your organisation, enabling you to demonstrate improvement over time. Another advantage of online automated training is that information is always up to date, meaning you’re kept safe from the latest threats.

Get Accredited

NCSC reports that some insurers offer discounts if you already have cyber security accreditations, like Cyber Essentials or ISO 27001. We offer assistance for both Cyber Essentials and Cyber Essentials Plus certifications. Some organisations with Cyber Essentials are also eligible for insurance provided by IASME, the Cyber Essentials governing body.

Get Advice

If need cybersecurity support, speak to us on 02920 887 362 or email info@excellence-it.co.uk

You might also be interested in:

What makes a good IT Support Contract?

If you’re looking for an IT Support provider, here’s our advice for telling a bad contract from a good one.

MSPs and Internal IT Resources

Why do MSPs have to fight like cats and dogs? Well, they don’t. Read on to discover how both working together might be the optimal solution.

What can we learn from last week’s £98,000 ICO fine?

What you can do today to reduce the risk of data breaches and regulatory fines.