What is cyber insurance? And do you need it?

Cybercrime has huge consequences for your business. Find out if cyber insurance is right for you, with information and tips from 2 cybercrime experts.

What is cyber insurance?

With cyber insurance, you protect yourself against costs incurred if you become a victim of a cyber incident. Most cyber insurance policies cover more than just business losses. Consider third-party liability: if you have to pay for the damage incurred by a customer or business partner as a result of your cyber incident. And also the cost of any legal help you might need.

Cyber insurance is usually made up of 3 parts:

1. Prevention: with the insurer, you look at current risks and take preventive measures where necessary. For example, you can install better antivirus software to protect against viruses and ransomware.
2. Repair: if you are a victim of cybercrime, experts will repair the damage as quickly as possible. They make sure your website works again, for instance, or limit reputation damage.
3. Compensate for damage: you may lose turnover because a virus makes your computer or server unusable. Or because your online shop is temporarily offline after a ransomware attack. You are insured up to a maximum amount.

Do you need cyber insurance?

Whether you need cyber insurance depends on the severity of the digital risks your business faces. And how high you estimate the cost of potential cyber incidents to your business. The Digital Trust Centre's (DTC) questions and concerns (in Dutch) will help you choose whether or not to take out cyber insurance.

‘You cannot take out cyber insurance just like that. Like fire insurance, you have to meet certain conditions,’ says Henk van Ee, chairman of the foundation Cyberbrein.nl. This foundation organises presentations on cybersecurity for students and businesses, among others. But also workshops such as ‘Work and think like a hacker’.

‘A cyber resilience scan shows whether you meet the conditions,’ says Van Ee. Such a scan shows the digital vulnerability of your business. Are the risks properly covered? For instance, do you have secure antivirus, anti-spyware, and firewall software that updates automatically?  Conditions also include a reliable computer system, a password policy and making regular backups. The insurer will identify the risks with you. And gives tips on how to improve your digital security.

‘Also look carefully at what exactly is covered in case of a cyber incident. And especially what is not covered. This prevents extra misery if you are a victim of cybercrime,’ Van Ee advises.

Are you taking out cyber insurance? Pay attention to this

If you take out cyber insurance, the policy you choose depends on your business situation and your business sector. Almost all insurance companies use an SME risk scan. This scan indicates how digitally vulnerable your business is.

Make sure your different insurances fit well together. This is the best way to cover business risks. Cyber insurance is an additional type of insurance. It does not replace  business liability and/or professional indemnity insurance.

Check terms and conditions

Rutger Leukfeldt, a director at the Centre of Expertise Cyber Security at The Hague University of Applied Sciences, sees the popularity of cyber insurance growing. “These insurances fulfil a need. For business owners, it is a reassuring thought that damage caused by cybercrime is covered.” But beware: what is and what is not covered by cyber insurance varies from one insurer to another. Always get advice and pay attention to the terms and conditions.

According to Leukfeldt, the insurance agent has an important duty of care. “They must check the insurance conditions together with the entrepreneur. For example, the insurance agent can explain that cyber insurance is nothing more than an additional cover. And that it is in addition to your professional indemnity insurance, for example. It should be crystal clear what digital security is all about. In other words, what cyber insurance does and does not cover. After that, entrepreneurs can feel free to take out insurance."