The number of medium-sized businesses with Cyber insurance has increased to 31% from 19% in 2018 (gov.uk report). As costs for a breach continue to rise, practices are starting to see the value in protecting themselves.
The cost of Cyber crime
While the Information Commissioner’s Office (ICO) has so far handed out very few fines since GDPR came into force in 2018, they are starting to investigate a huge number of cases and enforcement notices are expected to rise over the next year.
It’s not just the ICO that you need to consider. If you lose your patients’ data through Cyber crime – even if you have tried to be compliant to regulation – there is a good chance that your practice could be sued. This can be time consuming, damage your reputation, and cost a huge sum of money to defend.
And then there is the direct cost of the breach…
Of course, without considering fines and lawsuits, there is still the cost of dealing with the actual breach. This could be the cost of recovering data (including ransom fines), or fixing a security flaw that allowed an attack, or even managing damage caused to systems from hackers.
The government Cyber Security Breaches Survey 2019 has found that the cost of Cyber crime has increased for businesses over the past year.
The average cost for businesses for breaches with material losses, such as data, ranges from £3,000 – £22,000 per incident.
The average cost for a medium-sized business, which many medical and dental practices will fall into this category, is £9,270. This figure is considered quite low compared to other reports. However, if you consider that on average there were more than 200,000 internet-borne Cyber attack attempts on each UK business in 2018, the cost if just a small fraction of these are successful could potentially be enormous.
Where are the risks?
According to the government survey, a third of businesses reported a Cyber breach in the last 12 months.
The most common threats are reported as phishing attacks, impersonation of an organisation in email or online, and viruses, spyware or malware (including ransomware – like WannaCry).
Why do businesses buy Cyber liability insurance?
Financial repercussions are a priority for practices who are trying to manage their Cyber risk. However, it is not the only reason for choosing to purchase Cyber liability insurance. Practice owners are increasingly taking their data protection responsibilities seriously. The reasons that they choose Cyber liability insurance include:
- Support through the process of managing a data breach – including reputational damage
- Access to Cyber training
- Support to improve Cyber protection practices to minimise risks
- Financial pay-out to cover the cost of a breach
- Broker recommendation to improve their risk management
Should you consider Cyber liability insurance?
Cyber crime is considered the biggest threat to small and medium-sized businesses today. Criminals are becoming more sophisticated in their approach, are good at covering their tracks and are adaptable to change when one method of breaching security no longer works.
Even if you are comfortable that you IT systems are up to date, your data is fully protected and your staff fully understand the need for caution when giving access to your practice’s information, you should speak to a broker to see what else you could be doing
Talk to us about Cyber liability insurance to make sure that you really are as financially and reputationally protected as you think.