Cyber security isn’t just about technology, it’s about protection, too. With cybercrime on the rise and attacks becoming ever more sophisticated, businesses of all sizes are at risk. Emma Francis, Financial Risk Officer at Thomas Carroll, explains why cyber insurance is a vital part of keeping your business secure.
You’d have to have been living under a rock over the past six months not to have heard about the cyber attacks that brought retail giants Marks & Spencer, Co-op and Harrods to their knees.
Customer data was also caught up in the breach. This meant the retailer had to break this bad news to its customers. It wasn’t until July that M&S’s website finally felt back to normal.
Hackers are also said to have launched an attack on Co-op and Harrods, which had a knock-on effect on supplies and orders.
If household names like these can be so seriously affected, imagine the carnage an attack could wreak on a small to medium sized business.
Cybercrime is on the increase, according to The Cyber Security Breaches Survey 2025, it was estimated that UK businesses experienced nearly 9 million incidences of cybercrime in the past 12 months, and ransomware (where hackers ask you to pay a ransom) is also on the up.
Some attacks are easy to recognise, like a suspicious email, but others are far more sophisticated. Cybercriminals may research employees and target them directly, a tactic known as phishing. Ransomware is another threat, installing malicious software that locks you out of your own systems until a ransom is paid. Beyond the potential financial and productivity losses, the disruption and reputational damage can be huge.
As a business, you must inform the Information Commissioners Office (ICO) of a data breach. You must also tell your clients that their data might have been leaked, which isn’t a good look.
This is why, no matter what the size of your business, we recommend getting advice from qualified cyber experts to ensure that you have all the proper checks and balances in place with your IT infrastructure to properly protect yourself and your business.
Cyber insurance is an important part of that cyber protection puzzle that many people overlook, yet it is an essential one. Most standard business insurance offers little to no cover for cyber-attacks, unless specifically asked for by a company owner and so getting stand-alone insurance that adequately covers your business risk, I believe, is vital.
Cyber insurance ordinarily offers an immediate incident response, which is essential to mitigate a breach. Would you know how to respond if you did suffer a hack? Outsourced IT providers aren’t necessarily experts in this field; they might know a bit but not enough to help you out in a crisis.
It also offers liability cover which helps if a third party sues you for data breach (if they allege harm has been caused). It can cover IT forensic, legal and notification costs (notifying a person or business affected by a breach), as well as credit and IT monitoring, cyber business interruption, and extortion costs – if you have been affected by a ransomware attack.
Every cyber policy is a little different, so it really helps to chat with a broker about what your business needs. Think about things like how much sensitive data you store or how badly a system outage could slow you down. Laying that out up front makes it much easier to find a policy that actually fits your business.
Cyber insurance is an additional cost to your IT budget, but today, with statistics showing that cybercrime is on the up year on year, I believe businesses that rely on technology to run their businesses or hold customer data, really do need this cover.
Businesses of all sizes can be affected by cyber-attacks, yet it’s only the bigger ones that hit the headlines, but no business is immune. In fact, a Northamptonshire logistics company KNP went under after a ransomware attack in 2023.
Here are my top tips to protect your business from a cyber attack:
- Put clear policies and procedures in place – understand what data you hold, where it is held and look at the controls/processes you have in place to protect it.
- Use multi factor authentication for cloud services, all remote access, backups etc.
- Backup, backup and backup. Ensure your backups are segregated and tested – there is no point having a backup if they don’t work.
- Employee awareness training – most breaches (around 95%-99%) are as a result of human error – make sure employees are aware of the risks.
- Speak to cyber security company to understand the risks and the measures that can be introduced to protect your business.
- Have a disaster recovery and incident response plan in place so you can mitigate a breach should the worst happen.
- Cyber insurance – if you are subject to a cyber-attack, then your insurance will help with dealing with the fall out.
Every business faces cyber risks, but the right protection reduces the impact. To learn more about how cyber insurance can help, contact our specialist team at contact@thomas-carroll.co.uk or on 02920 853788.
