We Outsource Our IT/Have an IT Department. Why do I Need Cyber Insurance?

Cyber Insurance is an added layer of protection that some companies may feel isn’t necessary for their organisation.

We have spoken to many businesses and business owners about the benefits of Cyber Insurance, here are some of the most common misconceptions relating to this kind of insurance and the reasons why Cyber Insurance is a very important way to safeguard not only your online security but also your business as a whole:

Great IT Team

We have a great IT team/pay our outsourced IT consultant to secure our networks, so we don’t need Cyber Insurance

A secure network is a fantastic way to protect your business from cyber threats, however, no person or business can ever be 100% secure. Your network is not the only way a criminal may attempt an attack.

Social engineering is a technique that targets the people in your business rather than your systems or network.

Cybercriminals may access your systems just to watch how a business works. They will learn who does what and which positions people hold within your business. They will study the type of language used by you and your staff and only when they are confident they can pull off a believable impersonation will they strike.

An example of this could be as follows.

Criminals access your company email system and after weeks or even months of research, they will impersonate the Finance Director. From the FD’s email account, they will send a message to a junior member of staff that sounds just like the FD.

The email will read:

Hi Dave,

We’ve just taken on ABC Limited as a new supplier so that we can get those widgets delivered for Claire’s big project. Can you set them up and transfer £100k to the attached bank account urgently for me? We need the widgets delivered tomorrow so the transfer needs to go through before 11am.

If Dave doesn’t double-check this request in person and simply completes the request, your company will be £100,000 down with no way to recover that money.

This has become even more important over the last 12 months as more and more businesses move to some degree of remote working. Simply checking with a colleague that an email is genuine can save a business huge sums of money, however, if those colleagues are no longer in the same office and are now possibly in different towns, that quick check is harder to make.

A secure network cannot protect you from this kind of social engineering, but a good cyber insurance policy can.

Cloud Provider

Our data is all hosted by an external cloud provider, so it’s their responsibility, not ours


This is simply not true.

If your cloud service provider is attacked and their service goes down, this may mean you cannot operate, your business may potentially suffer business interruption and you will incur additional costs as you strive to continue trading. Attempting to recoup these losses from your IT provider can prove extremely difficult.

If a data breach occurs at your cloud service provider that you are responsible for, it is still your responsibility and you will be liable for any financial losses incurred.

Not A Target

We’re only small, cybercriminals only target the big boys so we’re not a target

We’ve all seen recent news stories telling us about huge data breaches at big companies such as British Airways and Talk Talk and it is true that criminals will target businesses of this size as their potential return can be enormous.

It is also true however that criminals will also target small businesses as they are seen as “low hanging fruit” that are much easier to pluck. Smaller companies will have less security than bigger companies and the staff of SMEs are less likely to be trained to spot various types of suspicious behaviour that could lead to a breach.

Attacks on small businesses do not make headlines because they are not deemed newsworthy. However, according to a recent report, 58% of cyberattack victims were classed as small businesses.

Bank Will Protect Me

Even if they steal funds from our account, the bank has a duty of care to protect me

Unfortunately, this is not the case if you are found to be negligent in allowing access to a fraudster. Your bank will not protect you if you or an employee of yours is tricked into transferring the funds themselves. No money will be reimbursed unless the bank itself is at fault.

Cyber threats are constantly evolving

Please remember that cyber threats are constantly evolving with criminals continuously changing their approach to stay ahead of the curve. Cyber insurance policies are available to protect your business from a range of threats not just limited to hacking or data breaches.

Ransomware is a form of malware that encrypts a victim’s files. The attacker will take control of your systems and then demand a ransom to restore access to the data upon payment. Attacks of this nature are a serious threat to any business. Cybercriminals may gain access to your systems via phishing emails, social engineering or through impersonation of a higher authority, to name but a few.

Cyber Insurance can cover your business against social engineering, business interruption and extortion. In the event that your systems are compromised, your policy would cover the cost of 24/7 IT forensic support to identify, contain and repair a breach, plus restore the data. They’ll also work with you to understand your specific vulnerabilities and proactively manage these in order to minimise the chance of a recurrence.

The multitude of ways in which cybercriminals could attack your business is ever-growing, meaning that a policy of this nature is a must for any business.