Insurance is one of those things that you hate to pay for until you claim. You then realise why you paid the money (if the policy pays out!).
Given that you can get insured for most things; believe it or not, Alien Abduction, Wedding ‘Change of Heart’, and even body parts, should you be so inclined (Tom Jones was allegedly insured for his chest hair to the tune of £5 million), you may find it increasingly difficult, in future to obtain cover for Cyber incidents.
Why?
Insurance firms piled into a seemingly lucrative market by offering Cyber Insurance which would cover many aspects of a cyber breach – the cost of ransom, recovery, incident management and reputation recovery amongst others. However, the rates of claims have been such that a number of providers are withdrawing from the market. Those that are left are ensuring that their potential clients are subject to rigorous questions about their cyber security readiness and their application of cyber awareness across their business.
Cyber insurance is no longer a thing you can just go and buy after searching for the best price – you now have to fill out a comprehensive questionnaire that will not only ask what equipment or software you might have deployed, such as firewalls and spam filters, but also if you have policies in place and a cyber awareness training programme that educates your employees to spot potential threats. The consequence of making a weak application for insurance will be either higher premiums or, most likely, the inability to get insurance at all.
Double trouble
If you currently have a mindset in your enterprise that serious cyber security is for other businesses and that cyber insurance is an expensive ‘must have’, then you may be in for a surprise. Soon, to get any cyber insurance that is of any value, i.e. it pays out, you’ll have to pay good money to put protections in place to qualify. Not only will you have to invest in a multi layered security approach, but you’ll also need to ensure that it is always current and subject to audit.
For some businesses, quite rightly, Health and Safety is a ‘must do’ and will undoubtedly be a foundation discipline which is a focus of the business – often being the first agenda item on a board meeting agenda. Being cyber safe is now racing up behind this to consume management time and make the organisation cyber fit for the current climate.

Where to start?
So, being reactive is no longer an option. Which means, of course, being proactive – doing something – putting a framework in place and proving that you are compliant. For a small and medium size businesses a good place to start is with Cyber Essentials and Cyber Essentials Plus, a framework devised by the National Cyber Security Centre (NCSC) from the UK Government. By gaining certification under the scheme, you can show that you are committed to being Cybersafe.
Beyond the basics
For small and medium enterprises, the bar to reach becomes higher as the complexity of the organisation and the threat surface increases. This is when it is worth considering a more comprehensive framework, such as the CIS controls (Centre for Internet Security).
Following the CIS controls and implementing the policies will certainly improve your overall security stance and will ensure that you can get insured.
Benefits beyond insurance
The affects of a cyber compromise can be profound. It may stop you doing business whilst you remediate the issue. It could result in you paying out a ransom. It could see the loss of vital money through a redirection of funds – all in themselves a disaster. Sure, you may get some money back through that expensive insurance, but will you fully regain your reputation?
People work with people they like and, importantly, trust. If you are compromised and threaten the integrity of a business partners’ security, whether customer or supplier, they will, potentially, consider if you are a threat to them. By showing that you are committed to being Cybersafe you are displaying a commitment to their business too.
Contact Neuways today
Request a chat with one of our Cyber and Technology Experts. Whether you are looking for an IT strategy review, a confidential conversation about your cyber security measures or an enquiry about ERP systems, the Consultants at Neuways are waiting to chat to you. Simply contact us on 01283 753 333 or send us an email via hello@neuways.com.