Cyber security in business – case study and practical advice on the role of cyber insurance

by | Oct 10, 2025 | Blog

1. Why is this topic crucial?

In 2025, cyberattacks are one of the biggest threats to businesses of all sizes. Market reports indicate that:

  • on average, a ransomware attack occurs every 11 seconds,
  • over 70% of companies in Poland have had an IT security breach incident in the last two years,
  • the direct and indirect costs of cyber attacks (loss of customers, penalties, legal costs, compensation) are growing faster than the costs of security measures.

In this context, technical protection alone (firewalls, antivirus software, network monitoring) is necessary but insufficient. Cyber policy insurance is becoming a key element of risk management strategies.

 

2. Case study: Attack on a trading company

Situation:
A medium-sized retail chain, operating both brick-and-mortar and online stores, became the target of a hacker attack. Customer data (including payment card numbers) was stolen, and malware encrypted the ERP system responsible for sales and inventory.

Consequences:

  • Customers filed class action lawsuits.
  • The Data Protection Authority initiated administrative proceedings, threatening penalties for violating the GDPR.
  • The media quickly publicised the case – sales fell by 30%.
  • The company had to shut down its e-commerce for three weeks, resulting in millions in losses.

Solution:
Thanks to its cyber insurance policy, the company:

  • covered legal and administrative costs,
  • financed compensation for customers,
  • received support from IT experts to restore its systems,
  • used the services of a PR agency to help limit damage to its image.

The result: the company avoided a liquidity crisis and regained operational stability and sales within a few months.

 

3. What does a “cyber” policy cover?

It is comprehensive insurance against risks related to data management, IT systems and company reputation. It most often covers:

  • The costs of legal proceedings and compensation for persons whose personal data has been compromised.
  • Administrative costs and regulatory penalties (e.g. related to the GDPR).
  • Crisis management – remuneration of IT experts, law firms, public relations agencies.
  • Liability to contractors for damages resulting from a breach of information security.
  • Liability for copyright and personal rights infringement (e.g. use of unauthorised images on a website).
  • Refund of forced payments (e.g. ransom for decrypting data in ransomware attacks).

Additionally, if the company has a Business Continuity Plan (BCP):

  • the insurer covers the costs of data recovery,
  • pays compensation for lost revenue resulting from IT downtime.

 

4. Coverage extensions – a must-have for negotiations

A well-structured policy should include additional clauses that are particularly important in certain industries:

  • PCI DSS violation – costs and penalties in the event of payment card data leakage, failure to comply with electronic payment security standards.
  • Cyber extortion (social engineering fraud) – protection against financial losses resulting from transfers or the release of goods based on falsified email or telephone instructions.

 

5. For whom is cyber insurance particularly important?

Practice shows that cyber insurance should be taken out by, among others:

  • schools and universities (they process the data of thousands of people),
  • hospitals and clinics (sensitive patient data),
  • shops and retail chains, e-commerce,
  • law firms, consulting firms, accounting firms,
  • manufacturing companies (especially those with automation and robotisation),
  • cooperatives and property managers,
  • car dealers, hotels, service companies.

 

6. Who is most likely to be denied protection?

  • The most common exclusions apply to:
  • Internet providers and data centres,
  • software manufacturers,
  • electronic equipment manufacturers and service providers,
  • companies handling payments or debt collection for third parties,
  • entities offering social media platforms or illegal content.

 

7. Strategic conclusions and practical advice

  1. Cyber insurance does not replace IT security technologies – it should complement them.
  2. Companies with BCPs gain better protection conditions – insurers reward organisational preparedness.
  3. It is essential to analyse the scope of protection – not every policy covers administrative penalties or PR costs.
  4. Extensions are critical – especially in sectors exposed to electronic payments and social engineering.
  5. Reputation management is as important as reimbursement – regaining customer trust takes a long time and requires the support of specialists.

 

8. Summary

In the age of digitalisation and widespread data exchange, companies are increasingly vulnerable to hacker attacks and information leaks. The consequences can be multidimensional – from legal costs and financial losses to lasting damage to reputation.

A cyber insurance policy is not a luxury, but a key element of risk management strategy.
It is a tool that not only allows you to survive a crisis, but also minimises its long-term effects.

 

✅ Checklist 1: 5 questions to ask your broker before purchasing a cyber insurance policy

  1. Does the policy cover administrative penalties (e.g. GDPR) and up to what amount?
  2. What are the liability limits – are they common to all risks or separate (e.g. for PR, IT, compensation)?
  3. Does the insurance cover crisis management costs, including the services of PR agencies and IT experts?
  4. What extensions can be added – e.g. PCI DSS, cyber extortion, losses due to social engineering?
  5. Does the policy apply globally – in the event of an attack from abroad or claims outside Poland?

 

✅ Checklist 2: How to prepare your company for purchasing a cyber policy?

  1. Conduct an IT security audit – identify gaps in systems and processes.
  2. Develop a Business Continuity Plan (BCP) – insurers often require such documentation.
  3. Train your employees – most attacks start with human error (phishing, social engineering).
  4. Implement incident management procedures – who responds when and how in the event of a breach.
  5. Document the security measures you have implemented – this often reduces the premium and facilitates negotiations with the insurer.

 

✅ Checklist 3: The most common mistakes when choosing cyber insurance

  • Buying a policy just “for peace of mind” without analysing the scope of coverage.
  • Ignoring the costs of PR and image-building activities in the package.
  • Not verifying whether the policy covers social engineering fraud (e.g. fake transfers).
  • Failure to adjust the sums insured to the actual risks (too low limits).
  • Confusing cyber insurance with general liability insurance – these are completely different areas of coverage.

 

✅ Checklist 4: After an incident – what to do step by step?

  1. Secure your systems – cut off infected servers, block user accounts.
  2. Inform the relevant persons and institutions – internal team, management, supervisory authorities (e.g. UODO).
  3. Contact your insurer – it is crucial to report the damage quickly.
  4. Launch crisis communication procedures – internal (employees) and external (customers, media).
  5. Work with IT and legal experts – data recovery and minimisation of legal risks.
  6. Document all actions – this will be necessary for settlement with the insurer.