Cyber insurance guidance for accountants and bookkeepers

Cyber Insurance Guidance for Accountants and Bookkeepers

As a finance professional and member of the IAB, handling personal and sensitive data
comes with the territory and is considered to be a key business activity. That’s why finance
professionals must dedicate time to ensure they have had the relevant data security training
needed in order to do their job and run their business effectively.

By deploying the correct data security measures, it’s possible to safely manage risk when
handling personal data, however things can unfortunately go wrong. When it comes to
cyber security, even the most robust processes can sometimes be circumvented and data
can be lost or exposed. Whether that’s because of a professional mistake, an issue with
technology, or the result of an ill-intentioned person, data security breaches are bad news
and could cost your businesses a lot of money should a claim be raised against you.
That’s why Cyber Insurance is an essential cover for any business working in the financial
services industry and is certainly something that IAB members should consider taking out.

How much does a data breach cost?
The severity of a cyber incident tends to determine the financial impact it will have on a
business. During such an event a business could expect to have to pay for;
o The recovery of lost data
o Investigations into how the incident occurred
o Upgrades to systems
o Court settlements and fees raised as a result of the breach
Even relatively small cyber incidents could end up costing your business a lot of money.

The Cyber Security Breaches Survey [1] is a government project which aligns with the
National Cyber Strategy to research and document cyber-attacks in the UK. The latest survey
highlights some of the costs that might be associated with a cyber-attack on a UK business.
The key findings show that during the last 12 months, 39% of registered UK businesses
identified a cyber-attack on their company, this data mirrors the data from 2021. During
2020, as many as 46% of businesses identified a cyber incident also, proving that over the
years, data breaches have had a major impact.

Furthermore, according to the report, the average cost to a business involved in a data
breach in the UK is between £4,200 – £19,400. The report does highlight however that this
figure is likely to be underreported and therefore the average cost to a business is probably
higher.
Phishing attempts made up the majority of UK cyber-attacks over the past 12-months (83%).
However, one in five businesses identified a ‘sophisticated attack’ such as; DDoS (Denial of
Service), malware or ransomware attacks – these types of attack tend to have more
significant consequences than phishing attempts and therefore tend to be associated with
higher costs too.
The biggest impact of a data breach can come when it takes place unnoticed over a long
period of time. These protracted breaches can have massive consequences as we have seen
with many high profile data breaches over the past couple of years.

Cyber insurance guidance for finance professionals
Ultimately, businesses have no legal obligation to take out cyber insurance, however for
businesses and IAB members like yourselves who use digital technologies and handle
personal data in different volumes, cyber insurance comes highly recommended.
In some limited and specific instances, your business interruption cover may include a level
of cyber cover, however you shouldn’t just assume that this is the case – if uncertain, you
should contact your insurer or broker to ensure you have adequate cover to suit your
business needs.
Since cyber threats are so varied, it’s always best to take out a cyber insurance policy that
covers a range of eventualities, should the worst happen you need to ensure your business
is adequately covered as the costs associated with a cyber incident, as we have discussed
earlier, can be astronomical.
When taking out cyber insurance, there’s a number of questions that you should ask to
ensure that your cover is adequate, indeed, working with a qualified insurance broker is the
best way to go about this as brokers have the intricate knowledge needed to ensure the
right questions get answered and that the best possible cover can be provided.
Some of the questions you should consider include:
o What data, systems and devices need to be covered?
o Do I need any specific software? i.e. anti-virus, encryption, etc.

o Will I need to keep my systems and mobile devices updated?
o What prerequisites must the business consider? i.e. password protection, specific
allocation of items, etc.
o What types of cyber incident could the business be impacted by?
o What types of cyber incident are covered by the policy?
o Does the policy cover claims by third-parties?
o Are the limits of the policy appropriate to that business?
o Does the insurer provide any immediate services in the event of a cyber incident?
o Does the insurer provide any additional, after incident support?
o What measures need to be in place to make a claim?

When taking out a cyber insurance policy it’s important that you remain in close contact
with your insurer or broker, this is because the digital landscape is forever evolving and new
risks regularly present themselves. Good communication can ensure that your business has
the correct and most up to date cover. For example, if your business switched to using a
new service to host personal information, the insurer would need notification of this to
ensure the policy remains valid, or that any necessary changes can be made in order to
accommodate the new service.
Above all, the protection of data is paramount and whilst businesses are moving their data
storage to electronic devices it is making protecting it much more difficult. The cyber-scape
is a complex place, it’s ever changing and there are so many factors to consider when
securing data that the chance of something detrimental happening is higher than ever
before.
If you’re interested in discussing your business’s needs, with a trained insurance advisor, call
Premierline Business Insurance Broker on 0330 102 6171, or email: iab@premierline.co.uk

References
1. “Cyber security breaches survey”, Department for Digital, Culture, Media & Sport. (2022)