Business owners taking out insurance policies for cyber security are finding themselves exposed because of loopholes and exclusions in their policy documents.
“There are certain providers saying, ‘We can give you an insurance policy to help you in this cyber security space’, but when you really dig down into those policies, unless you have your house in order, unless you have the systems in place, the processes in place, that insurance won’t help you,” explains Nicole Billett of Teddington Legal.
Nicole’s comments were made during a recent appearance on the My Business Podcast with colleague Mark Gardiner, where they were discussing common legal problems for SMEs.
According to Nicole, SMEs are embracing cyber insurance in an attempt to protect themselves should they fall victim to a data breach. However, she says the fine print is catching many policy holders off guard.
“There’s some confusion around there, and I think sometimes, particularly smaller businesses see insurance as a way of saying, ‘Well I don’t really know what I’m doing but I’ll insure myself away from that risk’,” she says.
“In fact, there’s a really big hole in that relationship as to how that can help, or if it in fact will help.”
Highlighting one example of the loopholes insurance companies use to avoid making payment on a claim around cyber security, Monica Schlesinger, principal at Advisory Boards Group International, says that not updating your computer and its systems regularly can void insurance policies.
“If you do not patch your system, the insurance won’t cover you,” she says.
As such, business owners are encouraged to carefully read the fine print of any insurance policy they take out for cyber security, just like with any other type of insurance, and then take proactive steps to ensure that the business remains protected under the terms of that policy.