Myth busting Cyber Insurance: why your business may already be at risk

Most responsible businesses are aware that a cyber attack is a “when” not an “if”, and that cyber insurance is now key to managing the risks within any organisation. What most businesses might not have been able to predict is the impact COVID-19 would have on cyber security and the surge in attacks on their infrastructure.

From February to April 2020, cyber attacks against the financial sector, as an example, increased by 238%, according to VMware Carbon Black data.[1] With cyber crime cases and data breaches hitting headlines, businesses globally are shoring themselves up against a range of ever-evolving tech and cyber risks.

Yet, that preparedness is not always accurate. Now more than ever, it’s important to ensure you have robust protection.

As experts in cyber insurance advice, we’ve pulled together the top five myths we hear from businesses regularly in an effort to debunk them, and offer better protection options for you and your business:

  • “We invest heavily in our IT security and data compliance… we don’t need cyber insurance”

Reality: No matter how much you invest in cyber security, there’s no such thing as 100% security. Cyber attacks also aren’t all about IT – often it’s the human element which is your biggest risk exposure, so you need protection against the impact of phishing and social engineering attacks too. The purpose of an insurance policy is to respond in the event that the worst happens.

  • “Our business outsources its IT, so we’ve removed exposure to risk”

Reality: Even if you outsource your IT, chances are you’re still liable. Assuming you’ll be successful in claiming back damages from a third-party is a risky gamble.

  • “We don’t collect any sensitive data, so there’s no need to worry about GDPR or cyber insurance”

Reality: Any business that relies on a computer system to operate, whether for business-critical activities or simply electronic banking, has a very real cyber exposure.

  • “Cyber attacks only affect big business – we’re too small to be a target”

Reality: Cyber criminals target the most vulnerable companies, not just the most valuable companies.

  • “Cyber is already covered by other types of insurance”

Reality: Traditional insurance policies lack the depth and breadth of standalone cyber cover and won’t come with experienced cyber claims and cyber incident response capabilities.

At Partners& we can help you better protect your business when it comes under cyber attack. Cyber Insurance policies provide protection in two main ways:

  1. Liability for third party losses (“Third Party Cyber”)
  2. Liability for a policyholder’s own losses (“First Party Cyber”).

One size doesn’t fit all in Cyber Insurance – it’s important to talk to your insurance adviser about your specific risk exposures so you can be more confident your insurance will deliver on its promise. 

Please get in touch to discuss your cyber insurance needs in more detail – we’d love to hear from you.


[1] https://www.verdict.co.uk/retail-banker-international/news/banks-see-a-238-surge-in-cyber-attacks-amid-covid-19/

Matthew Clark

Partner - Business Development, Science & Technology