Editorial & Advertiser disclosure

Global Banking & Finance Review® is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.

Home > Business > Why cyber insurance is worth the investment

Why cyber insurance is worth the investment

Published by Gbaf News

Posted on February 28, 2020

5 min read

Last updated: January 21, 2026

Will your cyber insurance protect you during COVID-19

By Scott Cutler, Director UK&I Sales at Fortinet.

For almost as long as businesses have been subject to risk, some form of insurance has existed to mitigate their exposure. The first recorded commercial insurance policies date back to Babylonian times, and in the thousands of years since, the types of business cover available have multiplied exponentially, driven by the uptake of technology.

It’s now over 20 years since the first cybersecurity policy was written. At the time, this was considered groundbreaking – although by modern standards, its scope was limited. These days, cyber insurance providers cast a far wider net. By 2025, it’s expected the global market size will grow to over $23 billion. Some policies cover the costs arising from first-party data breaches, while others cover liability for damages, providing assurance for companies who collect and store sensitive customer information. Professional Liability, meanwhile, protects businesses that sell technology services against negligence claims.

While the cybersecurity insurance market is getting more complicated by the year, the risk of cyber breaches is still growing. To get a grip on it, some forward thinking businesses are looking at digital audits to ensure that the insurance they take out will cover what they need it to. Others are working with vendors to get the right overall cybersecurity insurance policy for their business. Either way, the place of the policy holds firm.

Putting a figure on protection

Scott Cutler

Scott Cutler

Cybersecurity policies are unusual in that they’re both difficult to price and it can be hard to see exactly what they’ll provide in the event of a security incident. For one thing, it’s tough to put a figure on this sort of risk, especially since there’s very little actuarial evidence available to base policy decisions on. Accordingly, there’s no ‘standard’, and businesses may find the quotes they receive to be off-puttingly high.

Risk is also ever-changing. In an environment where new threats emerge on a daily basis, many businesses struggle to understand exactly what digital protection they need. What worked last year may no longer be relevant, making the potential benefit of cyber insurance unclear. Given how hard it is to establish the right level of cover in the first place, some even wonder if cyber insurance is akin to PPI, which was mis-sold to millions of people during the 1990s and early 2000s to cover mortgages, loans and credit cards.

Businesses are also rightly concerned about reputational risk. While you might be able to attach a numerical value to the income lost during a systems outage, reputational damage can’t be smoothed over with a lump-sum pay-out – especially since it’s impossible to predict exactly how much business you’ll lose as the result of a breach. As a result, some may avoid the hassle and cost of a cybersecurity policy altogether.

The concern is understandable. However, the risk is that businesses may end up with cover that doesn’t fit their requirements, or no cover at all. This is problematic because, despite its complications, cybersecurity insurance is an important and valuable part of an organisation’s cyber security readiness, and particularly for sectors like financial services, where the data held by businesses is extremely sensitive.

For example, although it can’t rescue a company’s reputation, insurance can at least partially provide the funds to remediate a situation, whether that’s setting up hotlines to help customers, providing financial compensation, or covering a period of business outage.

For larger enterprises, there may be a need to engage legal advisers, communication specialists, and first responders – all of which could be funded by an advanced cyber insurance policy. And – as an unexpected side effect – the process of securing insurance can even help businesses to identify gaps in their current cybersecurity set-up, as well as training gaps in their frontline cybersecurity staff.

Threat analysis: the audit advantage

While the ostensible benefit of insurance is financial cover, the act of arranging it can help businesses to protect themselves more effectively against threats. In order to receive a quote for a cyber insurance premium, businesses must undergo a threat analysis.

This audit can also go some way to preventing issues from arising in the first place, because businesses gain a valuable understanding of the lie of the land within their organisation – including where valuable digital assets sit, and which controls could be implemented in order to secure them. This sort of in-depth analysis puts businesses in a much better position to take proactive decisions around cybersecurity, highlighting any potential gaps and providing the impetus for action, including training.

The right cover for peace of mind

Securing board level approval for taking out a cybersecurity policy isn’t easy, given how confusing this particular cover type can be. Yet despite the difficulty of precisely establishing the value of cover needed, cyber insurance isn’t like PPI. And it certainly isn’t a policy that any digital-facing business should be without.

Businesses must therefore be prepared to invest in the right threat analysis process to ensure they have the correct level of cover in place and adequately trained staff to take responsibility for cybersecurity. Not only will this go some way to providing peace of mind – it might even uncover security risks businesses never knew they were exposed to.