Does Cyber Insurance Cover Costs of Data Recovery?

Caeva O'Callaghan | November 14th, 2023

When your data is breached, you don’t have to start from scratch. You can employ IT specialists to help you recover the information – but will cyber insurance help cover the expense?

Yes. If the worst should happen and your company falls victim to a data breach, your insurance provider will help you cover the costs of data recovery.

Small businesses are just as likely to have a data breach as large businesses. In fact, many criminals prefer targeting a larger number of smaller businesses to risking breaking into a large firm.

In this article, we’ll cover the following questions:

  • Are data recovery costs covered by cyber insurance?
  • How do I recover my data after a breach?
  • Will my cyber insurance providers help with regulatory fines?

Always remember to look over your cyber insurance policy thoroughly before the worst happens. You don’t want to deal with any more nasty surprises than necessary if your business falls victim to cyber criminals.

What is a data breach?

A data breach is the intentional or unintentional release of secure or confidential information to an untrusted environment. Other names for this type of incident include unintentional information disclosure, data leak, information leakage and also data spill.

Breaches are serious because companies manage an increasing amount of personal data online, from names and addresses to credit card information and passwords.

Data can be leaked in a number of ways. Employees in your own company engaging in criminal activity is one of the most serious ways your security may become compromised. Or, insufficient employee awareness and training on cyber security could lead to unintentional data leaks through human error.

On the other hand, your company may be the target of criminals who need never set foot in the building to steal your customers’, or your employees’, data. Through malware, ransomware, viruses and phishing, they can initiate a data breach by exposing the weaknesses in your security and getting their hands on sensitive information.

Cyber insurance and data breaches

Cyber insurance policies help minimise the financial and business damage of hacking attempts, whether successful or not. No matter how much data got out – if any – being hacked can be equated to having an unknown intruder in your home, rifling through your bank statements and looking for your keys. Even if nothing was taken, you probably won’t feel safe unless you take extra precautions.

Having a solid cyber insurance policy in place can help to cover costs related to data recovery or business disruption. The policies can also protect against non-criminal loss or damage, such as an IT system failure.

Your policy will bring in IT specialists to assist you in the data recovery. The worst case scenario is to reinstate up until your last back-up. Having back ups held off site and updated regularly is key, so if you haven’t already you need to create a robust back-up procedure.

Trusting a third party with data back-ups and security is a prudent move, as they will likely have the expertise and resources to do a very secure job. However it’s important to understand that the company who collects the data in the first place is considered the “holder” according to GDPR regulations. Therefore, you will still be liable for any data breaches, and may have to argue indemnity should your third party become compromised under their own attack.

Cyber attacks and small businesses

While we see large cyber incidents reported in the media, often they have the insurance, personnel and capital to recover from a cyber attack. But in fact, smaller businesses are just as likely to be attacked – sometimes more so, as they pose a smaller risk to hackers afraid of being caught.

A survey conducted in 2020 by the UK Dept of Digital, Media, Culture and Sport found that 74% of companies that had 250 employees or more experienced a cyber security breach or attack in the last 12 months, 68% of companies that had 50-249 employees; 62% of companies with 10-49 employees and 43% of companies with 1-9 employees.

In a nutshell, there is a 50-50 chance of experiencing an attack – and this is why cyber insurance is of utmost importance for small businesses.

A long established hairdressing salon with two branches in the Glasgow area of Scotland were completely unable to trade for a month following a ransomware attack. Hackers broke into a system used to store appointments, wage details, client histories and stock information, effectively freezing the establishments’ operations, and demanded a ransom for its release.

No client data was involved in the attack – but as you can imagine, it didn’t need to be for the consequences to be serious. The phone and online booking systems were also compromised.

Cyber insurance helps to pay for costs associated with notifying the authorities and the affected persons, investigating the incidents, taking measures to contain the damage and recover the data, as well as fines and court costs. Call us and talk to our cyber insurance experts today to find out how we can help you protect your business.





All Information in this post is accurate as of the date of publishing.