At RiskBox, we work with a lot of businesses who take out Cyber and Data insurance as a safety net, hoping to never need it. But as you’ll see in the news, cyber attacks are a daily occurrence – just look at Jaguar Land Rover, Louis Vuitton, M&S and the Co-op… And those are the big names. New UK government figures show that 43% of businesses (equivalent to around 612,000) suffered a breach or attack in the past year.
We’ve seen first-hand the impact that an attack can have on businesses – of all sizes and varying severity. So whilst we hope you never need it, here’s what to expect if you do.
It’s a scenario every business owner dreads: a ransom note on the screen, a call from a panicked team member, or a notification from a client that their data is suddenly “out there”.
In the digital and tech world, we often talk about “when, not if”. But knowing the theory of a cyber attack is very different from sitting in the hot seat while it’s actually happening. At RiskBox, we see the aftermath of these incidents regularly.
The good news? Having a roadmap makes the chaos a little more manageable.
Step 1 – Triage and notification
In the first moments, the situation can feel a little uncertain – you don’t know if it’s a minor incident or a full-scale breach. But regardless of the scale, the first step is always the same: notify your insurer, your broker, or both.
This is where your insurance policy becomes your best friend.
Although Cyber policies still vary in quality, the best ones today aren’t just a pot of money to pay claims – they’re a service. After that first call to your broker or insurer, typically through their 24/7 emergency line, they’ll usually appoint a claims handler. With a quality insurer, this will be a specialist who coordinates the entire response.
An expert claims handler can often get things moving right away and appoint the appropriate people to support you throughout this incident.
Step 2 – Deep dive
Once the immediate threat is contained, the forensic investigation begins.
At this point, you can expect specialists to comb through your logs, systems and networks. They aren’t just looking for what was stolen – they’re looking for how the threat actors got in. This can be invasive for your development team, but it’s essential to ensure the “back door” is locked before you reboot.
After this, there’s usually a legal and regulatory review. If you handle personal data (and let’s face it, who doesn’t?), the clock starts ticking on your GDPR obligations. You generally have 72 hours to notify the ICO if there’s a risk to individuals. The insurer’s legal team will be working hard to make sure you don’t go beyond that deadline.
Step 3 – Communication and reputation
This is the hardest part for businesses. You pride yourself on being a trusted partner, and now you have to tell clients there’s been a “hiccup”.
Client management is crucial here. You’ll need a clear, factual script – speculation is your enemy and you shouldn’t promise things you can’t guarantee yet.
Your insurer will then likely step in to provide some form of PR support. If the breach is public-facing or involves high-profile clients, they may even appoint a PR consultant to help manage the narrative. The goal is transparency without causing unnecessary panic.
Managing a claim isn’t just about the technical fix. Here are three things that often surprise business owners:
We often see the headlines for the big names, but these threats affect micro businesses and SMEs in the same way – and they can be just as (if not more) disruptive. They’re also becoming even more sophisticated.
Investing in Cyber insurance is now a vital part of a comprehensive cybersecurity strategy rather than just a smart financial decision. By safeguarding your business against the unpredictable nature of cyber threats, you can focus on what matters most: growing and succeeding online. Speak to RiskBox today to find the right policy for you.
Photo by Markus Winkler on Pexels
