Your broker for real estate insurance and professional indemnity
Call us now: LONDON : 020 7734 3346 BRISTOL : 0117 387 8880

Arlington
News & Blog

CYBER INSIGHTS

Nearly a third of UK businesses have experienced security breaches or attacks in the past year but despite this the research shows that only around 30% of medium-sized firms now have cyber insurance and the overall proportion of businesses remains relatively low at 11%.

Whilst many of the cyber incidents that are publicised involve large companies, hackers now recognise that often smaller businesses present an easy target. Over a third of targeted attacks are aimed at businesses with less than 250 employees, many of which don’t have the resources available to manage the impact of an attack. The effects of these attacks can be many and varied but mainly result in:

  • Financial costs of your own, or from third parties, in dealing with lost data
  • Legal and Regulatory implications for breach notifications
  • Damage to tangible and intangible assets
  • Loss of reputation and customers in the event of a security breach

The Financial Conduct Authority (FCA) has recently published a useful document bringing together industry insights on cyber resilience. Since 2017, the FCA has brought together over 175 firms across different financial sectors to share information and ideas from their cyber experiences and they run these Cyber Coordination Groups (CCGs) with industry to help improve cyber security practices amongst members of the CCGs and their sectors discussing and sharing practices in the following areas: Governance, Identification, Protection, Detection, Situational Awareness, Response and Recovery, and Testing.

This is in the hope that the practices and experience of the groups help those firms not already involved when considering where to prioritise their efforts in increasing cyber resilience.

To read the FCA “Cyber security – industry insights” publication click here.

You will note that many of the insights in the publication refer to advice and guidance from the National Cyber Security Centre (NCSC) and they have produced a Small Business Guide which is worth looking at as it shows how to improve cyber security within your organisation – quickly, easily and at low cost by following the five quick and easy steps outlined below which could save time, money and even your business’ reputation.

  • Protecting your organisation from malware – 5 free and easy-to-implement tips that can help prevent malware damaging your organisation.
  • Backing up your data – 5 things to consider when backing up your data.
  • Avoiding phishing attacks – Steps to help you identify the most common phishing attacks.
  • Keeping your smartphones (and tablets) safe – 5 quick tips that can help keep your mobile devices (and the information stored on them) secure.
  • Using passwords to protect your data – 5 things to keep in mind when using passwords.

To read the NCSC Small Business Guide click here.

While risk management will help to prevent a cyber-attack, even the best security does not mean you will not one day experience an incident. In the event that an incident does occur, cyber insurance provides a valuable safety net and risk aware businesses are increasingly recognising the vital role that Cyber Liability mitigation and insurance products play as par of an effective risk management strategy.

Cyber-attacks are widely recognised as one of the greatest risks faced by businesses and with premiums these days starting at very reasonable levels we would encourage all firms that are serious about risk management to seriously consider purchasing a good quality cyber policy.

Our insurance solutions will give you 24 hour 7 days a week access to immediate support, guidance and risk mitigation just when you need it.

If you would like to find out more about how you can protect your business with cyber insurance, please give Andy Wright or Tony Housden a call on 0207 292 6011 or 0207 292 6018, or, email us at andy@arlingtoninsuranceservices.com, or, tony@arlingtoninsuranceservices.com

Cyber Claims Case Study and 10 (cyber) resolutions for 2019

Most companies use their computer systems to carry out certain business functions in a variety of ways but many do not realise, or believe that, they have a significant cyber exposure.

If as a result of a cyber attack their computer systems are not functioning correctly or are not available it can have an adverse effect on the business and also result in considerable additional costs.

The latest case study from CFC Underwriting which relates to an electrical firm but could equally apply to any business that suffers a ransomware attack tells the story of how an electrical contracting firm’s legacy system was affected after a ransomware attack, resulting in sizable data re-creation costs.

The main learning points from this case are:

  • Dealing with a ransomware incident is rarely a simple matter of the ransom payment being made. As shown in this case, even though the ransom payment was made and the system was successfully decrypted, the ransomware had the unintended side effect of severely impairing the functionality of one of the company’s most vital systems.
  • The use of legacy systems can significantly increase the risk of a cyber loss. Typically not only are legacy systems far more vulnerable to attack they are also much more susceptible to being made defective following a cyber attack.
  • The majority of the costs of this claim came from the labour costs associated with manually re-entering data and it is important to ensure that this is covered as many cyber policies only provide cover for the cost to recover or restore data from back-ups, but not the costs to re-create or re-enter lost data from scratch
  • Today almost all businesses have some form of cyber exposure and even though the policyholder in this case was an electrical contracting business that didn’t solely rely on their computer systems to carry out work, they still had an office function that had a key role in the running of the business.

Click here to read the full case study but before you do here are some cyber-related resolutions to think about for 2019.

  1. I will change all default passwords on my personal and work devices.
  2. I will regularly check for updates to the operating systems of my laptop, computer and mobile phone.
  3. I will install strong anti-virus software and keep it updated.
  4. I will think twice before clicking on unknown links or attachments in emails.
  5. I will authorise payments to new transfer partners via telephone to minimize risk of fraud.
  6. I will not share sensitive information on social media that could be used against me in phishing attacks.
  7. I will back up my entire system at least once a week on an external hard drive.
  8. I will encrypt my mobile phone and all of my other devices.
  9. I will talk to my kids (or parents) about how to stay safe online.
  10. In the event that resolutions 1-9 fail, I’ll have a cyber insurance policy in place to save the day!

New data regulations come in to force next year – are you ready?

May 2018 sees the introduction of the European Union General Data Protection Regulation (GDPR). In the UK this will be enforced by the Information Commissioner’s Office, who is acting as the regulator and is talking to the government at the moment about compliance issues.

The new regulation will give consumers better data protection and also enable them to access their information more easily. Businesses will need to be transparent about how they store and use customer information and will need to declare any cyber hacks or data breaches.

If they do suffer a breach they will be obliged to inform the regulator within 72 hours. Failure to do so could result in a fine of up to £17m or 4% of global turnover, whichever is greater. Breaches can include anything from emailing client information without their consent to ransomware attacks and data theft by hackers.

Under GDPR customers have a new “right to be forgotten”. Customers can request information on how their data is being used and, in certain circumstances, request that data about them is erased.

 

Make sure you have cyber insurance in place

While the concept of cyber insurance is no longer that new, take up by businesses has been slow. But with GDPR looming on the horizon and the potential threat of large fines in the event of a data breach, the value of cyber insurance is more evident than ever before.

The team at Arlington are well placed to assess the insurance needs of your business, including cyber risks, and will find the most appropriate cover to protect your systems and your customers’ data.

With Arlington you get the reassurance that if you do suffer a data breach you have someone to turn to. The team at Arlington would be there to support you by helping to manage, investigate and resolve a breach and the issues this causes, with their insurer partners.

 

 

Protect your business against cyber attacks

You cannot have failed to notice the havoc caused by cyber attacks in the past week. Last weekend the headlines were dominated were dominated by the news that the NHS and other organisations in the UK and across the world were hit by a new strain of ransomware.

Our insurer partner, Zurich have published some guidelines giving advice on steps you can take to avoid ransomware infecting the computer system in your business.

Cyber – extortion and ransomware

Cyber claims statistics reveal that extortion and ransomware are one of the fastest growing sources of cyber loss.

The importance, and urgency, of cyber security measures have become increasingly visible in recent years. Industry reports from the likes of VerizonTrustwave, and PwC all express the importance of cyber security measures and the costly consequences of cyber attacks.

No company wants to become another data breach statistic but some decision-makers still may not understand the urgency of cyber security protection. This is largely down to the fact that on the whole, UK businesses have a lower level of security maturity than their US counterparts.

Acknowledging that cyber security is a major problem is one thing, but understanding what you can do in response is another. Few organizations feel prepared for a sophisticated cyber attack and if you are not one of those – or you are not sure if you are prepared – one thing you can do is to start monitoring your performance and create a benchmark to track changes in your security posture and create a performance metric around cyber risk that is specific to your organization will help you protect yourself from being just another number.