We live in a world that is constantly changing and understand the importance of protecting ourselves against anything untoward. When it comes to our personal lives, we usually jump at the chance to insure everything that we hold dear – from the contents of our homes, our health and even travel arrangements. But what about business cover, particularly cyber insurance? Many businesses, especially small-to-medium size enterprises (SMEs) have financial constraints that limit comprehensive liability coverage. The 2021 UK SME Insurance Survey found that 88.8% of all UK SMEs did not have cyber insurance in place. Others are sceptical and some say that it is like pouring money down the drain, having no real value or return on investment. These guys should be made to eat their words as any business that nowadays operates without cyber insurance is playing with fire.


Cyber insurance consists of speciality products designed to protect your business from any IT-related risk including hacking, ransomware, data breaches, Distributed-Denial-of-Service (DDoS) attacks and other forms of cybercrime. The insurance also often covers non-criminal events such as data deletion, failure to safeguard data and legal costs. A good policy with four distinct insuring agreements means that your business is protected from these primary risks:

  • network security and privacy liability
  • network business interruption
  • media liability and intellectual property infringement
  • errors and omissions


To cut a long story short, any cyberattack will deal a blow to your productivity and profitability. It could even render your business inoperable for days or weeks. According to IBM, in 2021 the average cost of a data breach was over $4 million, the highest on record. It’s estimated that cybercrime will cost the world $10.5 trillion annually by 2025. These levels of expense are prohibitively costly for SMEs. For those who don’t make protection a priority, it’s possible that one bad attack could bring down the business. Besides these dismal financial implications, cyber incidents also have non-compliance, regulatory, legal and reputational ramifications.


In 2011, Sony, the Japanese multinational corporation, suffered a massive breach of its PlayStation Network in which the personally identifiable information of 77 million users was exposed. The outage lasted for 23 days, a time in which gamers could not access their consoles. The breach cost Sony $171 million. Had the conglomerate taken out cyber insurance, the financial blow would have been much less severe. Sony took legal action against its insurers but a court case ruled that its insurance policy only covered damage to physical property. At the end of the day, Sony incurred the full costs related to cyber damages.


For SMEs that don’t immediately want to commit to cyber insurance, the National Cyber Security Centre’s (NCSC) Cyber Essentials scheme is an excellent start. The Cyber Essentials self-assessment programme will protect you against the majority of common cyberattacks. Here are some of the many benefits of being Cyber Essentials compliant:

  • you reassure your customers that your IT is secure
  • you are attractive to new business
  • you understand your own level of cybersecurity
  • you broaden your market as many Government contracts require Cyber Essentials certification
  • you’ll be eligible for a discount when you take out cyber insurance

Some organisations that achieve Cyber Essentials are provided with cyber liability insurance offered as part of this certification through the Information Assurance for Small and Medium Enterprises (IASME) Consortium.


After becoming Cyber Essentials certified, your next step could be to take out a cyber insurance policy. While this isn’t free, it doesn’t need to cost an arm and a leg either. According to IT Governance, the average annual cost of cyber insurance for SMEs is about £1,200 for £700,000 in coverage. The amount you pay will vary considerably depending on your industry sector, the size of your business, the amount of sensitive data that you collect and process, and your existing level of cybersecurity. On the plus side, if you can demonstrate that you are Cyber Essentials compliant, your insurer will give you a discount, sometimes as much as 40%.


Cyber insurance will not instantly solve all of your cybersecurity issues nor will it prevent a cyberattack. Think of yourself as a homeowner with household insurance  – you are expected to have adequate security measures in place. The same applies to protecting your IT and your data. I have over 20 years of experience in professional IT management and specialise in cybersecurity and risk mitigation. As part of my commitment to secure your data, we can work together to implement a best practice cybersecurity strategy that includes vulnerability scans, staff education and training, and the creation of policies and procedures as part of your Business Continuity plan. Besides keeping one step ahead of the bad actors out there and preventing any impending cyberattack, you’ll also be in a better position to claim competitive cyber insurance rates. Contact me today and let’s get your cybersecurity on track.

Leave a comment