If a business opts not to be insured as a result of a falsely held view, their risk of suffering financial loss from a cyber attack increases — often along with associated, and costly, business interruption.
At the Clear Group, we don’t want that to happen. That’s why we’ve put together this list addressing 10 of the most common myths about cyber insurance that we encounter — so you can be sure to avoid them when considering cover for your organisation.
Myth 1: If you invest enough in IT security, cyber insurance is unnecessary
People often hold the false view that if you invest enough in IT security, cyber insurance is unnecessary. The truth is no matter how much a company invests in IT security, they will never be 100% secure.
This is because cyber attacks are always developing, growing more sophisticated and varying in nature.
It’s also true that unfortunately, humans make mistakes such as clicking on phishing links.
Myth 2: If your IT is outsourced, you don’t have exposure
Another commonly held myth is that if you outsource your IT, you won’t be exposed to risk.
Even if this is the case, the chances are you’re still liable — and it would be a risky gamble to assume you’ll be successful in claiming back damages from a third-party.
Myth 3: If you use a third party cloud provider, the risk is with them
If the cloud service provider suffers an attack and goes down, meaning you cannot operate, it is your business that will suffer first party business interruption — and the additional costs incurred in attempting to continue trading.
It can prove extremely difficult to recoup these losses from your IT provider.
Myth 4: If you don’t collect sensitive data, you don’t need cover
If your business relies on computers in any way to operate, whether for business-critical activities or simply to bank, there’s a very real cyber threat.
Plus, your sensitive data does not need to be exposed for your business to feel an impact — merely being unable to access key systems will put your businesses at risk of financial loss.
Myth 5: Cyber attacks only affect large companies
While blockbuster data breaches against household names tend to make the news more, attacks against smaller organisations are also frequent (so frequent, in fact, they’re less newsworthy).
Consider that in the Verizon Data Breach Investigations Report, 58% of victims were categorised as small businesses.
Myth 6: Cyber attacks only impact certain types of businesses, like financial companies
Criminals do not discriminate in who they target; making victims of everyone from building contractors to beauticians.
A cyber criminal will likely diversify their attack to target all different types of businesses, increasing their odds of successfully extracting money.
A 2022 GOV survey found that 39% of businesses have reported an attack this year (and that’s just those who had the means to identify it). Within the same survey, from the organisations reporting cyber attacks, 26% of charities estimate they were attacked at least once a week.
Myth 7: Cyber cover is already covered by other lines of insurance
While some overlaps do exist (as they do with all lines of insurance), traditional insurance policies lack the depth and breadth of standalone cyber cover, and won’t come with experienced cyber claims and incident response capabilities.
Myth 8: Business insurance covers cyber risk
This isn’t true — your standard business insurances will not provide the comprehensive protection you need against a cyber-attack.
Myth 9: The bank has a duty to reimburse theft of funds
If you were negligent in allowing access to a fraudster, the bank does not have a duty to reimburse you.
Similarly, if you or an employee was duped into wiring funds to a fraudster, the bank is not at fault and again has no duty to reimburse you.
Myth 10: A cyber policy only protects against hacking attacks
Whilst hacking attacks are one of the biggest sources of claims, issues often occur as a result of simple human error.
For example, an employee may send an email to the wrong address, leave a sensitive device on a train, or make an error when configuring a system.
That’s why your cyber policy won’t just cover against hackers, it will encompass the above too.
Contact us
If you need further support, we have a team of cyber specialists ready to help. Please don’t hesitate to get in touch at cyberinsurance@thecleargroup.com or visit our page below.
