Should I insure my company against cybercrime?

Abstract cyber security image of a man holding a symbol of a padlock inside a shield

Two-thirds of UK businesses have been victims of a cyber-attack over the past 12 months. Figures released in June 2016 by the Department for Culture, Media and Sport (DCMS) highlighted a serious and persistent threat, with a quarter of all large firms that had experienced a breach being attacked at least once a month.

"Everyone from TalkTalk to Sony and Ashley Madison have hit the headlines after suffering some form of cyber-attack," said the Association of British Insurers' Malcolm Tarling. "It used to be the province of large multinationals but small businesses are equally vulnerable to this type of crime and much less resourced to tackle it. In some cases, it could threaten their very existence."

Falling victim to cyber-attack will never have a positive outcome, but the one measure you can put in place, aside from making sure your systems are fully patched and your network is as secure as possible, is to take out cyber-insurance. Although not new, this specialist cover is gaining prominence as cybercrime becomes more mainstream.

Basic protection

The government is looking beyond traditional online crime fraud, child pornography and so on to make business cyber-attacks a priority. "Too many firms are losing money, data and consumer confidence with the vast number of cyber-attacks," said Ed Vaizey, former minister for the digital economy. "It's... crucial that businesses are secure and can protect data. As a minimum, companies should take action by adopting the Cyber Essentials scheme, which will help them protect themselves."

Cyber Essentials) is a system of accreditation that certificates qualifying companies as being hardened against attack. It costs around 300 exc VAT, depending on the accreditation body, but earning certification will protect you from a wide range of online threats. The government claims implementing Cyber Essentials will shield you from around 80% of vulnerabilities.

That still leaves a one-in-five chance you're vulnerable, and the cost of putting right the damage can be significant. Over the past year, the cost to SMBs of repairing a network, database and business operations ranged from 75 to 311,000, according to the Federation of Small Businesses. The lower end of that scale is manageable but at the upper extreme, as Tarling explains, "a cybercriminal can bring any business particularly an [SMB] to its knees".

Nik Rawlinson is a journalist with over 20 years of experience writing for and editing some of the UK’s biggest technology magazines. He spent seven years as editor of MacUser magazine and has written for titles as diverse as Good Housekeeping, Men's Fitness, and PC Pro.

Over the years Nik has written numerous reviews and guides for ITPro, particularly on Linux distros, Windows, and other operating systems. His expertise also includes best practices for cloud apps, communications systems, and migrating between software and services.