Cyber risks: protecting your business

Almost every company relies on computer systems for online sales, stock control, office applications, email or some other aspect of managing their business. A failure of these systems can have a catastrophic effect on their bottom line.

Cyber threats are numerous and well documented. It is thought that, worldwide, one PC is infected every 4.5 seconds and, in addition to infection, systems may also be exposed to deliberate sabotage or criminal intent. Recovering from cyber damage

Reports suggest system downtime can cost businesses £10,000 per hour rising to as much as £1,000,000 per business day. Time spent sourcing replacements can result in a total loss of online sales. Similarly the failure of retailers’ systems can not only mean immediate lost sales but longer term reputational damage. Reinstating systems, audits, data recovery and the increased cost of working add pressure for an organisation in already turbulent times.

A case in point

Many hotels use computerised systems for bookings, managing availability and showing when a room is vacated, cleaned or ready for occupancy. Their restaurants use electronic ordering and billing facilities which link to a room ready for production of bills when guests check out. The failure of internal systems can create havoc, lost revenues and extra expense to rectify the problem. A bad review on Trip Advisor or other consumer websites can cause immeasurable losses in the longer term. Many companies also hold personal information of their clients and disclosure of this through hacking or lost laptops may breach data protection law, resulting in potential legal action against the company.

Mitigating cyber risks

Not all cyber risks relate to system failures. The loss of personally identifiable data, the publication of online of images and content that infringes intellectual property rights or disparaging words in an email can result in legal action against the organisation. Network security, infrastructure and procedures are not sufficient on their own. This is where financial protection insurance policies can assist businesses to recoup some of those costs.

Case study: website failure

Impact: A charity relies heavily on donations made via its website, with the level of donations fluctuating according to the season, such as Christmas, or in connection with a sponsored event or advertising campaign. The website failure coincided with such an activity, severely compromising fund-raising activity and thus hindering its viability in terms of fulfilling its charitable aspirations and responsibilities.

Consequence: Inability to accept online donations.

Policy response: Covered forensic investigation work into the cause of the failure and met restoration costs in full. It also covered the policyholder for loss of income and increased cost of working.

Case study: disparaging comment via email

Impact: A seemingly throw-away comment within an internal email eventually formed part of a longer email thread that was distributed widely outside the business. It was eventually seen by a competitor who considered it to be disparaging and potentially damaging to its interests, and therefore legal proceedings were instigated. These resulted in the award of a £450,000 settlement.

Consequence: Legal action by competitor.

Policy response: Covered the policyholder’s legal expenses and the cost of the settlement.

Types of cover

1.Network restoration in the event of a loss of data, communications, applications etc. The benefit of this type of cover is that it allows the organisation to get back to business as usual in the knowledge that additional costs will be covered.
2.Loss of business income and extra expense. The benefit of this type of cover is that it protects the bottom line.
3.Liability in respect of disparagement, plagiarism and infringement through the use of the internet and email. The benefit of this type of cover is protection from litigation in respect of electronic communications.
4.Liability in respect of data breaches, including costs associated with the notification of clients/customers post breach. The type of cover means that the loss of client lists or databases does not signal the end for the business.
5.Transmission of a virus to a third party and denial of access. The benefit of this type of cover is managing risk outside existing awareness.


Any views or opinions expressed in this article are for guidance only and are not intended as a substitute for appropriate professional guidance. We have taken all reasonable steps to ensure the information contained herein is accurate at the time of writing but it should not be regarded as a complete or authoritative statement of law.