Sponsored by: ?

This article was paid for by a contributing third party.

Spotlight: Cyber - Small businesses need cyber insurance now more than ever

Cyber - small_GettyImages-876792702_for CMS
Matt Cullina
Matt Cullina, head of global cyber insurance business, Transunion

The email was so persuasive almost anyone would fall for it. Unfortunately, the recipient was the law firm’s bookkeeper, who followed the instructions from the firm’s managing partner to wire £25,000 to a client’s bank account. But this was a phishing attack, and the small law firm had no cyber insurance to cover the lost money.

Such scenarios are all too common for today’s businesses. According to a new government report issued in March, almost one in three UK businesses (31%) said they now experience cyber security breaches or attacks at least once a week. The government urged organisations of all sizes to be vigilant of cyber threats and recommended taking steps to improve digital resilience.

As cyber threats like data breaches, phishing attacks, and wire fraud become increasingly frequent and costly, there is a critical need for cyber insurance for small to midsize businesses, a market that is wholly underserved by the insurance industry in the UK. Unfortunately, this type of insurance isn’t often offered as part of a small business insurance policy, and if it is, the additional stand-alone costs may be too much for a smaller entity to take on.

Just like larger companies, small businesses today often store personal and sensitive information online, including customers’ credit card numbers, account numbers, driving license numbers and health records, making them easy targets for savvy cyber criminals looking to make a quick score.

This is why many larger companies now require vendors and partners to have cyber insurance, as was the case for a copywriter recently hired by a large financial services firm. Unfortunately, the copywriter was unable to purchase cyber insurance as part of an existing small business insurance policy and was forced to find a different insurer just for cyber, which made the entire process very difficult, time consuming and costly.

Cyberattacks can be devastating

When a small business does experience a cyberattack, the results can be catastrophic for the business’s survival. Once sensitive data has been stolen, the onus is on the small business owner to notify customers – and that is a call no one wants to make.

While a national brand may be able to weather a hit to its reputation from a data breach, a small mom-and-pop shop may suffer irreparable harm to its reputation as existing customers flee and potential patrons take their business elsewhere. In fact, in 2019 PCI Pal research found that 41% of UK consumers claim they will never return to a business post-breach.

Fortunately, there are safe and profitable ways that insurance companies can offer cyber insurance to all business customers, large, medium and small. One way is to include cyber insurance as part of a core small business insurance bundle, and then outsource the all-important support and response functions to a third-party vendor.

This way, when a small business calls to make a claim, the insurance carrier’s external response team can spring into action with crisis management experts who can immediately troubleshoot and investigate the event. If needed, the team can bring in privacy lawyers to handle the data breach, cyber forensics experts to investigate, and a PR professional to handle any reputation fallout. The claim may even be closed without a payout because problems can often be fixed if they are addressed immediately.

Need for experts

Insurance companies often don’t offer cyber insurance because they lack the expertise to investigate, manage and resolve cyber claims. Utilising a third-party vendor with claims experts who are knowledgeable in cyber fraud alleviates this concern, as well as the need to send your customers to an outside cyber insurance provider.

There are also solutions, such as reinsurance, that allow insurance companies to share the risk of aggregated events where many policyholders suffer a catastrophic event all at once. There is infrastructure available that will allow you to make cyber insurance part of your policy offerings while lowering your own risk.

The bottom line is, it shouldn’t be so difficult for small to midsize businesses to purchase cyber insurance, and insurance companies can and should make this coverage part of their policy offerings, not an add-on. There is a need and a market for it. Cyber risks will continue to grow, and businesses of all sizes deserve the same security and peace of mind.


You need to sign in to use this feature. If you don’t have an Insurance Post account, please register for a trial.

Sign in
You are currently on corporate access.

To use this feature you will need an individual account. If you have one already please sign in.

Sign in.

Alternatively you can request an individual account here