Almost everything we do these days is digital – shopping, working, banking, communicating, watching movies, filing tax returns, booking holidays – even keeping up to date with the kids’ homework! Our digital footprint is growing – as are the many ways that our data and security can be compromised. No wonder Cyber Security is big business, as well as one of the most talked about, and misunderstood areas of security and insurance.
Does your business handle or store data of any kind?
Does your business handle customer or employee information such as names, addresses or banking information?
Does your business rely on computer systems in order to conduct business?
Does your business take card payments or make electronic payments?
Does your business have a website?
If the answer to any of these is yes – as is most often the case – then no matter the size of your company, you could be at risk if you do not have the right insurance in place.
Don’t be caught out by thinking you won’t need it because you are a small business, and therefore of no interest to hackers or other cyber criminals. SME’s are one of the largest targets for cyber related crime with over 50% of cyber-attacks aimed at this sector.
One of the most important areas to protect is the customer data you hold. The right cyber and data insurance will protect your business should this information get lost, leaked or stolen. From April 2018, the General Data Protection Regulation (GDPR) means a company can be fined up to €20 million or 4% of its turnover (whichever is the higher figure) should they be found non-compliant.
Cyber and data risks insurance, also known as cyber security insurance, is designed to support and protect your business if it experiences a data breach or malicious cyber hack that affects its computer systems. It can also help you to limit the damage caused by a successful attempt to access your business data. Cyber security policies can offer support such as data recovery and business interruption cover which can help you to get you back on your feet in the event of a cyber-attack.
“Cyber insurance should be a consideration for any business that uses a computer system. A cyber policy will respond to first party claims, such as ransomware, as well as third party events, such as a data breach. The main causes of an economic loss following a cyber incident are business interruption, loss of reputation and liability claims, all of which can be covered by a cyber insurance policy.”
Kris Barnfather, Senior Account Executive, Eggar Forrester Creative
When investing in cyber insurance it is worth looking at the potential risks your business faces and how you can reduce them. Even large companies with departments dedicated to IT security are at risk of data breaches but there are some actions you can take which may reduce the threat. These include things like:
• Regular staff training – keeping your staff up to date with the latest threats so they know what to be aware of.
• Data Encryption – consider opting for these kinds of ways to protect data
• Storing portable devices at work – this limits the chance of laptops or tablets being left in public places by accident. Consider memory sticks with this also.
• Keep up to date with Legal – it’s important that you stay up-to-date with any changes in the law to ensure that your insurance does not become invalid without your knowledge, as well as the way you are conducting business is compliant.
We spoke to cyber security leaders Orpheus about cyber security and how businesses can help protect themselves:
Orpheus is a specialist, government accredited cyber threat intelligence and cyber risk rating company. Their award-winning technologies, including Machine Learning, together with a team of skilled analysts mean they can accurately identify the current and ongoing cyber risk to any organisation. Their services are used by cyber insurers to make sure they are accurately pricing risk and enabling their insureds to reduce the likelihood of being hacked. They also enable cyber security for supply chains, M&A and due diligence. They are one of only a handful of companies trusted to conduct cyber resilience testing on the UK’s critical national infrastructure. If you would like more information on how they can advise your business contact them via email on firstname.lastname@example.org
“Our Cyber Risk Rating (CRR) platform uniquely combine a calculation of the threats to any organisation with its live vulnerabilities to deliver an accurate cyber risk score. Furthermore, our reports specify how that organisation can immediately reduce its risks on an ongoing basis.”
Orpheus selected what they consider to be the top three current threats to SME’s:
- Ransomware attacks have been increasing year on year, and could encrypt critical data to prevent an SME functioning correctly. While SMEs are less likely to be victim of a targeted attack, they could feasibly be affected by either an untargeted variant or via a supply chain compromise against a third party, such as a software supplier, which was recently seen when the Sodinokibi variant infected hundreds of US dentists.
- Business Email Compromise (BEC) attacks have also been increasing yearly and could result in fraudulent payments from unwitting SME employees. It continues to be an effective threat vector which affects most sectors, with a recent FBI report outlining BEC fraud was a $1.3 billion industry in 2018.
- Crypto mining is very opportunistic and usually done at scale, targeting victims randomly. The typically less mature cybersecurity of SMEs suggests they could be more prone to being affected than larger firms. Crypto mining at an SME could use up resources, and potentially lead to further threats, for instance, by disabling anti-virus.
Our advice would be to always speak to your broker and get advice tailored to your business. We’d be happy to help in this regard, you can contact Eggar Forrester Creative by email or drop us a line on 0207 382 7710. Keep your business, your clients and reputation safe with bespoke insurance advice.