Most companies use their computer systems to carry out certain business functions in a variety of ways but many do not realise, or believe that, they have a significant cyber exposure.
If as a result of a cyber attack their computer systems are not functioning correctly or are not available it can have an adverse effect on the business and also result in considerable additional costs.
The latest case study from CFC Underwriting which relates to an electrical firm but could equally apply to any business that suffers a ransomware attack tells the story of how an electrical contracting firm’s legacy system was affected after a ransomware attack, resulting in sizable data re-creation costs.
The main learning points from this case are:
- Dealing with a ransomware incident is rarely a simple matter of the ransom payment being made. As shown in this case, even though the ransom payment was made and the system was successfully decrypted, the ransomware had the unintended side effect of severely impairing the functionality of one of the company’s most vital systems.
- The use of legacy systems can significantly increase the risk of a cyber loss. Typically not only are legacy systems far more vulnerable to attack they are also much more susceptible to being made defective following a cyber attack.
- The majority of the costs of this claim came from the labour costs associated with manually re-entering data and it is important to ensure that this is covered as many cyber policies only provide cover for the cost to recover or restore data from back-ups, but not the costs to re-create or re-enter lost data from scratch
- Today almost all businesses have some form of cyber exposure and even though the policyholder in this case was an electrical contracting business that didn’t solely rely on their computer systems to carry out work, they still had an office function that had a key role in the running of the business.
Click here to read the full case study but before you do here are some cyber-related resolutions to think about for 2019.
- I will change all default passwords on my personal and work devices.
- I will regularly check for updates to the operating systems of my laptop, computer and mobile phone.
- I will install strong anti-virus software and keep it updated.
- I will think twice before clicking on unknown links or attachments in emails.
- I will authorise payments to new transfer partners via telephone to minimize risk of fraud.
- I will not share sensitive information on social media that could be used against me in phishing attacks.
- I will back up my entire system at least once a week on an external hard drive.
- I will encrypt my mobile phone and all of my other devices.
- I will talk to my kids (or parents) about how to stay safe online.
- In the event that resolutions 1-9 fail, I’ll have a cyber insurance policy in place to save the day!