Protect your business against cyber crime and data breaches
Why should you be thinking about cyber insurance?
The threat of being exposed to cyber-crime or a data security issue is an acknowledged risk to all sizes of enterprise. Many Cyber security professionals state it’s not if a cyber crime happens to a company; it is when.
Now, with the General Data Protection Regulations (GDPR) in force from 25th May 2018, there is the added risk of significant fines and penalties for any firms falling victim to a data breach.
After a data breach, you will need to contact the Information Commissioner’s Office (ICO) within 72 hours, and, you will need a rapid plan of action for communicating to customers, suppliers and employees. You are likely to incur costs for a combination of IT forensic investigation, legal assistance, communication logistics and, public relations.
If you think your business is unlikely to be targeted (perhaps you think you’re not big enough to be of interest) you should consider that hackers will often look for a weak link in the chain to access their ultimate target, which could be one of your most important customers.
All businesses, regardless of size, should be considering their potential risks to ransomware, electronic crime, damage to systems, data privacy and virus transmission.
That’s why cybercrime is no longer a problem just for the IT department; it’s become a business issue that now ranks in the top three issues at Board level.
What are the implications of a cyber attack?
Impacts can be many and variable but in headline terms:
- Financial costs of your own, or from third parties, in dealing with lost data
- Legal and Regulatory implications for breach notifications
- Damage to tangible and intangible assets
- Loss of reputation, and customers, in the event of a security breach
Customer expectations are that a company with a data breach will act quickly and inform them of truthful facts, so, it is crucial for all businesses to be prepared for the next steps to take, should a data breach occur.
What does cyber insurance cover?
Valuable data lost to cyber-crime won’t necessarily be covered under standard business insurance policies, and, nor will the costs associated with cleaning up afterwards, such as hiring forensic specialists to find out what went wrong, or the cost of notifying affected customers, or any resultant legal fees.
Not all cyber policies are the same. The market is evolving quickly and it’s critical to understand what is covered, in what circumstances and to what level.
Below is a brief summary of some of the key elements to be considered, depending on individual business needs.
Ransomware and extortion: in the event that a hacker tries to hold your business to ransom, cyber insurance would cover the ransom cost and provide support to manage the situation. It would also provide the services to restore system security.
Crime, social engineering and phishing scams: these are common cyber attacks, often caused by human error, that result in unauthorised electronic funds transfer, theft of funds held in escrow or theft of personal funds.
Breach costs: this provides support in the event of a data breach, such as undertaking investigations and providing legal and communications services. It would also provide the services to restore system security.
Privacy protection: if your customer data is compromised, cyber cover would meet the cost of any claims brought against you for not keeping customer data secure. This may also include any associated costs, such as regulatory investigations that may be required, with the resultant cost.
Cyber business interruption: if your business is hacked by third parties or even your own employees and your systems are compromised, it may prevent you from operating. If this were to happen, cyber insurance would compensate you for your loss of income while your business is temporarily shut.
Hacker damage: in the event of a hacker damaging your website, data, systems or computer programmes, cyber insurance would cover the cost of repair or replacement.
Crisis containment and brand protection: An online security breach could have a detrimental effect to the reputation of your business. Cyber insurance would provide the support to mitigate reputational damage.
How can you assess the risks faced by your business?
The arrival of GDPR has been the catalyst for many organisations to improve protection of their businesses. Companies must now prepare themselves to use customers’ personal data responsibly and to the ICO’s agreed standards.
Undertaking a risk management analysis such as the Government backed Cyber Essentials (which covers Firewalls, Security Configurations, Access Controls, Malware Protection and Software Patch Management) ensures that businesses are doing everything they can do to avoid a cyber-attack or a data breach:
While risk management will help to prevent a cyber attack, even the best security does not always prevent an intrusion. In the event that an incident does occur, cyber insurance provides a valuable safety net.
Talk to the team at Arlington for expert support and advice on cyber insurance
Our insurance solutions will give you 24 hour 7 days a week access to immediate support, guidance and risk mitigation just when you need it.
If you would like to find out more about how you can protect your business with cyber insurance, please call Andy Wright on 0207 292 6011 or Tony Housden on 0207 292 6018. Alternatively, email us at firstname.lastname@example.org or email@example.com