Does Your Small Business Need Cyber Breach Insurance?

According to a 2019 report by the Federation of Small Businesses, small businesses fall victim to around 10,000 cyber-attacks every day. Cybercrime is estimated to cost small businesses a staggering £4.5 billion each year, with the average cost of a single attack at £1,300.

The latest Cyber Breach Survey from the government, which was published earlier this year, reports that incidences of cybercrime are on the increase. Many larger businesses with the right specialist skills, resources and infrastructure are now able to recover faster from a cyber breach and don’t always suffer a significant financial impact as a result. However, small and medium sized businesses don’t usually have that level of support at their fingertips. The government survey puts the financial cost for SMEs higher than the FSB report at an average of £3,230 in 2019.

The FSB report revealed that those businesses based in the North West, South East and West Midlands are most likely to suffer cyber-attacks. However, no business is immune, regardless of its size or location.

Small businesses suffer 10,000 cyber-attacks every day

In spite of the apparent and increasing threat posed by cyber criminals, UK businesses are woefully under-protected against cyber risk. Research published by the Association of British Insurers last year, stated that only 11% of businesses have specific cyber cover in place. However, for those businesses protected with cyber insurance, the good news is that 99% of cyber claims were paid in 2018.

What does all this tell us? In a nutshell that cyber-crime is on a seemingly unstoppable upward trajectory, that as each year passes SMEs are at a greater risk of suffering a cyber-attack, but that uptake of cyber insurance is still far too low, despite its viability and affordability.

Let’s take a closer look at the most common types of cyber-attack and some real-life examples of cybercrimes that have taken place in the recent past.

What is Cybercrime and What Type of Cyber Attack Poses the Biggest Threat to Small Business?

Cybercrime comes in many forms, all with the aim of causing destruction and eliciting money for cyber criminals from inadequately protected businesses. Here are some of the most common examples:

  • Phishing – phishing attacks usually take the form of emails with the aim of obtaining information or spreading malware.
  • Malware – usually software containing a virus that’s distributed as an email attachment, infected app or fake software installations.
  • Ransomware – ransomware is a type of malware specifically designed to block access to vital systems or databases until a ransom is paid.
  • Baiting – this uses incentives (e.g. giveaways) to lure people into compromising their security.
  • SMS phishing – these are text messages used to gain information or infect systems with malware.
  • Diversion theft – this works by getting users to send information to the wrong recipient and thereby steal confidential information.
  • Scareware – this is typically a pop up saying that a user’s security is out of date or that they have malicious software on their PC. This scares the user into visiting a malicious website or persuades them to buy non-existent products.

There’s more information about how cyber-attacks work on the National Cyber Security Centre website.

The most common form of cybercrime is phishing attempts, with 530,000 small firms suffering from such an attack over the past two years. Incidences of malware (374,000), fraudulent payment requests (301,000) and ransomware (260,000) also affect many thousands of small businesses each year. 

There have been a number of high-profile cyber-attacks in the last few years. One of the most recent victims was Travelex. Earlier this year, cyber criminals blocked access to their systems and demanded that Travelex pay a ransom.

At British Airways and Marriot Hotels major data breaches led to record fines from the Information Commissioners Office of £183 million and £99 million respectively.

In 2017 Wonga suffered a cyber-attack that compromised the confidential data of 245,000 customers in the UK. The WannaCry ransomware attack in 2018 targeted the NHS and led to the cancellation of 19,000 medical appointments.

What Measures Can Small Businesses Take to Protect Themselves Against Cyber Attacks?

There are a few relatively simple steps you can take to protect your business against cybercrime, including:

  • Conduct a cyber risk assessment to identify the types of risks you face and the impact they might have. Doing this will help you pinpoint and prioritise what actions you need to take to mitigate the risks.
  • Ensure you have a robust password policy and two-factor authentication process in place to keep data and systems secure.
  • Regularly install software updates and keep anti-virus software up to date.

Taking these steps may seem like common sense but the FSB report found that 35% of small businesses haven’t installed security software for at least two years and 40% do not regularly update software. A similar proportion do not back up data and IT systems, while only 47% have a password policy for devices. 

As with anything, prevention is better than cure. However, if your business does fall victim to a cyber-attack, you will be much better placed to deal with it if you are covered by Cyber Breach Insurance.

What Does Cyber Breach Insurance Cover?

Not all Cyber Insurance policies are the same so it’s important that you consider the risks your business faces and look for a cyber policy that offers protection that’s right for your business.

As an example, Tapoly’s Cyber Breach Insurance provides the following cover:

  • Legal and Forensic Services – our experts will work with you to identify the source of the security breach. They’ll assess the extent of the breach and recommend the actions that should be taken to restore your systems securely.
  • Computer Security Failure – We’ll protect any valuable data assets stored on your computer system. This includes whether your data is altered, corrupted, damaged, or deleted outright. If you unknowingly pass a virus onto any client or customer computers because of the breach you will still be covered.
  • Notification Services – We’ll notify any individuals who may have been affected by your security breach.
  • Call centre services, credit monitoring and identity monitoring solution – We’ll provide you with the call centre resources and monitoring specialists to anyone who may have been compromised because of the security breach to your systems.

Find out more about Cyber Insurance from Tapoly.

If you would like a quote or want more information about one of our products, email us at or give us a call on 020 7846 0108