What is cyber insurance? A helpful guide for your small business

David Woodfield
By David Woodfield, Chief Growth Officer

If your business uses any type of connected devices, such as laptops, payment devices, and even smartphones, it’s at risk from hackers and cyber attacks.

According to a 2023 survey from Cyber Security Breaches, 32% of businesses in the UK have experienced cyber attacks or security breaches. 

Something that can help battle this problem is cyber insurance. But what exactly is it? We’ll walk you through everything you need to know about cyber insurance and how it could save your business in the long run.

male typing on mac laptop with a red warning triangle animation

What is cyber insurance?

Also known as cybersecurity insurance, cyber insurance covers losses relating to damage to or any information lost from networks and IT systems. Essentially, cyber insurance aims to protect your business from threats in the digital age, with everything from data breaches to DDoS attacks and more. 

Find out more about the effects of cyber attacks on small businesses with our guide. 

Why is cyber insurance important for businesses?

No matter the size of your business - whether you’re running a small online retail shop or a large warehouse - you need to consider cyber insurance if you use any internet-connected devices or store sensitive information digitally. 

According to data and information published by itgovernance, there were more than 8 million breached data records reported in 2023, with the highest number of attacks taking place in December. 

But how exactly are businesses affected by data breaches? Here are a couple of high-profile examples to give you an idea:

  • In 2013, software maker Adobe initially believed that 2.9 million accounts had been affected after they were victims of a cyber-attack. In fact, 38 million active users had their usernames and encrypted passwords stolen. 
  • In 2011, hackers claimed they breached Sony’s security systems and stole data, offering it up to the highest bidder. Over 77 million PlayStation users were affected, and, as a result, Sony took the PlayStation Network offline for over a month. They incurred costs of over $171 million that would have been covered had they had cyber insurance — instead, they had to shoulder these hefty costs themselves. 

What does cyber insurance cover?

Cyber insurance should be a key consideration for any business. It can act like a digital safety net aiming to keep your business secure no matter what. 

But what exactly does cyber insurance cover? Let us explain:

  • Pre-incident support — Pre-incident support involves services like risk assessments, security training for employees and access to cybersecurity experts should you have any questions. This proactive approach can help create a digital defence barrier to prevent cyber incidents before they happen. 
  • Post-incident support — If a cyber incident does happen — think hacking or data breaches — post-incident support swoops in. This aims to reduce any damage and help your business get back on its feet. It helps with everything from crisis management to legal expertise or even forensic services to help investigate the breach. 
  • Cyber extortion — Cyber extortion is when someone blackmails an individual or a business by threatening to release sensitive data or launch a cyberattack. This is usually through ransomware and distributed denial of service (DDoS) attacks. Cover for cyber extortion can pay the ransom payment — if you choose to pay — negotiation services and investigation into the attack. 
  • Damage to digital assets — Cover for your business's digital assets means help in restoring or replacing any damaged digital assets like data, software or built networks after an attack. Depending on the attacker's method, they could corrupt and change data, which can be bad for business. 
  • Security and privacy breaches — Data is the power behind many UK businesses, and protecting it is so important. Security and privacy breach protection aims to cover any costs related to security breaches — like unauthorised access to your systems and the theft of personal data. This can cover legal fees, to inform those affected and even public relations or press to help manage your business's reputation.

What doesn’t cyber insurance cover?

While cyber insurance can cover a lot for businesses, there are also certain things it won’t be able to cover. But, it’s always best to check with your insurer exactly what they do and don’t provide cover for.

As a general rule, most insurers won’t provide cover for:

  • Poor security processes — You wouldn't leave your front door wide open for a burglar, so why would you not have proper security processes in place for your business? If a company has bad or outdated security practices, some insurers might not cover accidents. Insurance companies expect a baseline level of security, such as regular updates and having a form of basic security protocols. If you don’t have these in place, insurers can see this as an open threat for cyber attacks.
  • Breaches or attacks before a policy was purchased — Cyber insurance policies generally do not cover incidents that happened before the policy was in place. To avoid paying out of pocket after an attack, it’s better to make sure that you’re protected, as insurers will only cover events that happen within the policy period.
  • Cyber attacks caused by human error — We all make mistakes, but some mistakes can lead to big breaches or losses for businesses. If an incident happens due to a simple mistake by an employee — such as accidentally sharing sensitive information — insurers may not cover these losses.
  • Insider attacks — This can be a bit of a tricky area, but if an employee or insider within the business sabotages your systems or steals data, many cyber insurance policies might not cover the damage. It can be seen as a risk that’s harder to predict and prevent, lying outside the typical scope of external cyber threats that these policies are designed to protect against. 

Who needs cyber insurance?

If you run a small business, why would a hacker want to attack you? Well, hackers will go after anyone they can get — and small businesses are often an easy target.

Small businesses are often targeted because they don’t have the same level of security as larger companies, making it easier to gain access to confidential information. Whether you’re a large or small business, the costs can be large, not to mention it can put your name in the spotlight for all the wrong reasons. 

Essentially, all businesses that store information digitallty or use cloud-based VoIP systems, should strongly consider cyber insurance. No matter whether you run a dog-walking business, a café or anything else in between, it’s best to do what you can to protect from hackers.

Find out more about how to tell if your business has been hacked with our guide. 

Get your business set with Bionic

Cyber insurance should be considered to help protect your business in the worst case. The last thing you need as a business owner is to be hit by a cyber attack. 

In the meantime, for all things business, get in touch with our team here at Bionic, who can help with sorting other business insurance needs, or check out our broadband, phone and VoIP services to get your business on the right track. 

Looking for some more inspiration? Head over to our Business Insurance guides page.