Myths Around Cyber Liability Cover

Many SMEs believe that cyber insurance is just for companies who sell products over the internet. Not only e-commerce companies and those undertaking transactions over the internet face cyber risks. Risks are faced by any and all companies that collect and store personal and corporate sensitive data, or are reliant on computer and telephone networks and/ or data for their daily operations.

Whilst not all SMEs operate in sectors where notifications of a data breach are reported on an obligatory basis, this does not mean that cyber insurance is not needed. Even if legally you do not need to notify victims of a data breach, it is recommended by many privacy regulators to do so as part of best practice processes. In addition notifying victims can avoid or mitigate any reputational harm.

Some companies believe that if they spend vast amounts of money on IT security, then they are not at risk. Both financially and ideologically motivated hackers can be very persistent in penetrating a computer network and no system is 100% secure. Computer networks are only able to complete the functions which they are programmed to do; it is often the humans who prove to be the weakest link.

Computer networks are the heart of almost all companies. Any kind of failure of these systems could halt day-to-day operations and cost companies a significant amount in lost revenue. System interruption can not only result from computer attacks/virus transmission, but also from operational and administrative errors.

Information required by underwriters, for cyber insurance, is usually limited to a simple proposal form. In some cases a telephone call may be necessary to expand on complex cases.