Cyber & Data risks are an exposure that no modern business can escape, and the financial impact of system interruption, privacy and cyber-crime events are now felt within all sectors.
Understanding the Threats and How to Protect Your Business
Your Business is at Risk
Cyber & Data risks are an exposure that no modern business can escape, and the financial impact of system interruption, privacy and cyber-crime events are now felt within all sectors. According to the 2019 Cyber Security Breaches Survey, conducted on behalf of the UK Government, 32% of all UK businesses identified at least one cyber security breach or attack in the previous 12 months and this rises to 60% for large firms. Many businesses feel that they will not be a target of a Cyber incident, this is certainly not the case. Incidents are becoming more common and leading Cyber & Data insurer, Hiscox, have provided some up to date information from their latest Cyber claims analysis:
- Nearly 75% of the top 40 claims incurred by Hiscox UK in 2018 were for companies under £10,000,000 in revenue.
- The most common types of claim were; Business email compromise 37%, Ransomware 16% and a Hack 11%.
- Even with the best security, companies are still vulnerable. 66% of cyber claims are due to human error.
Protection Measures that Will Help Keep You & Your Business Safe
- Purchase a comprehensive Cyber Insurance policy.
- Access government resources and consider a cyber security accreditation for your business.
- Update operating systems regularly as the security patches help avoid breaches.
- Install a recommended firewall/antivirus product and keep it up to date.
- Do not open emails or files from unknown sources.
- Ensure you have a suitable backup system in place which is archived.
- Always change passwords (including voicemail) from the defaults and update regularly.
- Use a password manager – these are encrypted to a high level and help avoid the temptation to use similar/common passwords across accounts.
- Regular network scans and / or penetration testing.
- Use two-step verification/authentication whenever this is available – common in banking.
- Encrypt mobile computing devices (laptops/tablets/phones/PDAs) and portable data devices (e.g. USB sticks) used by employees for business (including personal equipment).
What is Encryption?
Encryption is the process of encoding information so that only authorised parties can read it and is an important risk control measure – a breach of encrypted data is significantly less costly to deal with than a breach of unencrypted data.
A password or pin is not encryption – such data is scrambled on the hard disk, so it is unusable unless accessed with a decryption key. A hacker can bypass a password and access clear, intact data.
Encryption is viewed more favourably by regulators including the Information Commissioner’s Office (responsible for enforcing data regulations in the UK) and many of the fines levied have involved loss of unencrypted data by organisations.
Resources & Accreditations
The Government has a website, www.cyberaware.gov.uk, with free resources to help businesses protect themselves against cyber threats. We would also recommend looking at the government accreditation www.cyberessentials.ncsc.gov.uk/
This is designed to provide organisations with basic protection from the most prevalent forms of threats coming from the internet. It focuses on threats which require low levels of attacker skill and which are widely available online.
This assessment enables you to carry the “Cyber Essentials” accreditation and advertise the fact you adhere to the government endorsed standard.
There are two levels:
- Cyber Essentials – requires you to complete a self-assessment questionnaire with responses reviewed by an independent certifying body
- Cyber Essentials Plus – penetration tests on your systems are carried out by an external certifying body using a range of tools and techniques
There is also an international accreditation standard ISO 27001. Insurers can offer discounts for these accreditations on Cyber insurance policy premiums.
There are a range of insurance policies available in the market to help protect your business and get you back up and running fast. Be wary of inferior products and a good quality policy can include protection against:
Financial Crime and Fraud
When cyber criminals use the internet to steal funds, impersonate your business or deceive employees into transferring money or goods. This cover is usually an optional extension we would recommend including.
If a hacker holds your systems or data to ransom, or threatens to publish information, insurers cover the ransom you may have to pay and the services of a leading risk consultancy firm, to help manage the situation.
Where personal or commercial information (electronic or otherwise) is accessed without authorisation, cover can provide support with forensic investigations, legal advice, notifying customers or regulators and credit monitoring for affected customers.
Mistakes made by staff or suppliers that results in a data breach. Reputation protection – In the event of a data breach, prompt, confident communication is vital to keeping a company’s reputation in-tact. PR and crisis management with a leading public relations firm will help; from developing communication strategies to running a 24/7 crisis press office.
Covering the defence and settlement of claims made against you for failing to keep customers’ personal data secure, or for allegations of non-compliance with GDPR. Also cover costs associated with regulatory investigations and settling civil penalties levied by regulators where allowed.
The cost of getting your business back to normal and compensation for loss of income, including where it is caused by damage to your reputation. Some policies also include Key Person Cover; an extra pair of hands to help your business with any increased workload.
Personal cover for Directors
Some policies will offer Statutory Directors the same cover provided to your business on a personal level.
Act now to protect your business from the threat of a cyber-attack or data breach
If you would like more information or to discuss a quotation, please get in touch with your usual Darwin Clayton representative at Tunbridge Wells 01892 511144 or Nottingham 0115 951 7030.