What is cyber insurance? And do you need it?

Businesses are vulnerable to a variety of cybercrimes, such as viruses, hacks, ransomware, phishing, and data breaches. Is cyber insurance an answer to this problem? Learn more about what cyber insurance is, find out if you need it, and what to look out for when taking out a policy.

Cybercrime has huge consequences for your business. Find out if cyber insurance is right for you, with information and tips from 2 cybercrime experts.

What is cyber insurance?

With cyber insurance, you protect yourself against costs incurred if you become a victim of a cyber incident. Most cyber insurance policies cover more than just business losses. Consider third-party liability: if you have to pay for the damage incurred by a customer or business partner as a result of your cyber incident. And also the cost of any legal help you might need.

Cyber insurance is usually made up of 3 parts:

  1. Prevention: with the insurer, you look at current risks and take preventive measures where necessary. For example, you can install better antivirus software to protect against viruses and ransomware.
  2. Repair: if you are a victim of cybercrime, experts will repair the damage as quickly as possible. They make sure your website works again, for instance, or limit reputation damage.
  3. Compensate for damage: you may lose turnover because a virus makes your computer or server unusable. Or because your online shop is temporarily offline after a ransomware attack. You are insured up to a maximum amount.
KVK Insurance Check

You want to prepare for risks you may face as an entrepreneur. You can do that with insurance. The KVK Insurance Check (in Dutch) lets you see which insurances suits you.

Do you need cyber insurance?

“It makes sense to take out cyber insurance,” says Henk van Ee, director of MKB Cyber Campus (in Dutch). His organisation helps increase the digital resilience of SMEs. “You cannot just take out cyber insurance. Like fire insurance, you have to meet conditions.”

A cyber resilience scan shows if you meet the conditions. The scan shows your company’s digital vulnerabilities. Are the risks properly covered? For example, do you have secure antivirus, anti-spyware, and firewall software that updates automatically? A reliable computer system, a password policy, and making regular backups are also among the conditions. The insurer will identify the risks with you, and give tips on how to improve your digital security.

Van Ee also calls cyber insurance a ’subscription to digital roadside assistance’. “Such insurance does not just pay out compensation. It allows you to get help from professionals. Before or after a cyber incident.”

Are you taking out cyber insurance? Pay attention to this

If you take out cyber insurance, the policy you choose depends on your business situation and your business sector. Almost all insurance companies use an SME risk scan. This scan indicates how digitally vulnerable your business is.

Make sure your different insurances fit well together. This is the best way to cover business risks. Cyber insurance is an additional type of insurance. It does not replace business liability and/or professional indemnity insurance.

Check terms and conditions

Rutger Leukfeldt, a director at the Centre of Expertise Cyber Security at The Hague University of Applied Sciences, sees the popularity of cyber insurance growing. “These insurances fulfil a need. For business owners, it is a reassuring thought that damage caused by cybercrime is covered.” But beware: what is and what is not covered by cyber insurance varies from one insurer to another. Always get advice and pay attention to the terms and conditions.

According to Leukfeldt, the insurance agent has an important duty of care. “They must check the insurance conditions together with the entrepreneur. For example, the insurance agent can explain that cyber insurance is nothing more than an additional cover. And that it is in addition to your professional indemnity insurance, for example. It should be crystal clear what digital security is all about. In other words, what cyber insurance does and does not cover. After that, entrepreneurs can feel free to take out insurance."

Have you taken out cyber insurance for your business? We would like to hear from you. Share your experience at kvk.cyber@kvk.nl.