You need the right cyber insurance package for your business.
A cyber liability policy can help meet the costs of a cyber attack:
Cyber crime is a crime in which a computer is the object of the criminal offence (hacking, phishing, spamming). Criminals can use technology to access personal information, confidential business information not available in the public domain or use the internet for malicious purposes with the intention of damaging or financially exploiting their victim.
The risk of cyber attacks is growing every day. Every business, including yours, is vulnerable.
Major cybersecurity breaches make front page news. But SMEs are not immune. Due to a lack of IT investment, training and awareness, SMEs are easy targets for cyber criminals who exploit poor IT security.
Cyber attacks no longer just happen to someone else. And the weakest link is often found within your own doors.
Perhaps an employee naively clicks on an email link, releasing a malicious virus that takes down your systems.
Weak passwords allow hackers entry, to steal and sell your client data.
Out of date software gives entry to a malware attack, holding your data to ransom. If you don’t pay, it’s all deleted.
When a cyber attack happens, you’ll need access to funds and advice that your IT service or traditional insurance policy can’t provide.
Cyber Vs Crime
A Cyber Liability policy assists your business in recovering from an incident involving damage to your data, systems or network, including any third-party liability resulting from this.
A Crime policy will cover you for fraud including fraudulent fund transfer, dishonesty, theft, forgery and loss investigation fees.
Illustration of Cyber v Crime
A hacker gains access to your system and steals client data, as well as accessing your bank account to transfer funds to an overseas account. As a result of the hack, your systems are damaged and clients need to be notified of the data breach.
The cost of reinstating data, restoring your system and notifying clients of a breach is covered under a Cyber policy.
The money stolen from your bank account is covered under a Crime policy.
Buying Cyber insurance is part of the answer, but it won’t cover all eventualities or costs. You need the right package for your business. More importantly, you need to avoid getting stung in the first place!
The General Data Protection Regulation (GDPR) come into effect on 25th May 2018 in the EU and across the UK. The GDPR ushers in expanded rights to individuals and their data. This means greater obligations on businesses and other entities that process personal data.
Does GDPR apply to you?
GDPR applies to all ‘controllers’ and ‘processors’ and applies to ‘personal data’ and ‘sensitive personal data’.
What are your responsibilities?
You are expected to put into place comprehensive governance measures. These measures should minimise the risk of breaches and uphold the protection of personal data.
GDPR introduces a new “accountability principle” which requires you to demonstrate compliance with GDPR principles. You’ll need to:
For further details on your responsibilities and how to prepare please see the ICO’s 12 steps to take now: ICO’s 12 steps
What are the consequences for your business if you fail to comply?
The Information Commissioner’s Office will have the power to impose significantly increased levels of fines – up to €20m or 4% of global turnover, whichever is greater.
This is when an unauthorised individual manages to view, steal or use sensitive, protected or confidential data without your knowledge or permission.
It ranges from unauthorised access to your computer system from someone inside your company to malware that allows a third party access to your system.
Examples of data breaches include:
What are the consequences to your business?
Disruption from a cyber event can compromise not only the operational processes of a business but pose a substantial financial risk. Often the lost sales and revenue from website or system downtime can have a substantial impact even when the downtime is only for a matter of hours. A system breach or failure can easily result in loss of productivity, sales, revenue, profit and customers – not to mention reputational damage!
Imagine the following scenario:
A manufacturing business has a denial of service attack resulting in the loss of use of systems including core processes dependent on specialist software. As a result, the business is unable to produce products for a full day so unable to meet customer demand and therefore lose sales.
What are all the ways loss of revenue can occur?
Doesn’t my insurance policy cover this?
Not necessarily. Traditional Business Interruption cover under a standard Material Damage policy will provide cover for the loss of income sustained from specified physical perils. However, Business Interruption losses from a cyber occurrence sit outside this normal definition of cover as they are intangible in nature. For this reason, specialist Business Interruption cover is required to protect your business from cyber risks where there is no physical loss.
The purpose of Business Interruption insurance cover is to indemnify you for loss of profit or revenue as well as increased cost of working as a result of a cyber attack or system failure.
Denial of Service Attack
A data centre which hosted a retail company’s website became the target of a distributed denial of service attack which caused the network to fail. The retail company’s website was inaccessible for hours. A claim was made for Business Interruption due to lost sales and recovery costs.
A manufacturer had their IT systems penetrated by a hacker who corrupted specialist software. The manufacturer was unable to process stock, replenish orders or confirm the price of goods. A claim was made for Business Interruption due to lost profit.
Data protection is a key cyber risk. Any kind of system breach could result in data being compromised or affected. Data can be lost due to accidental deletion, loss of hardware, or a virus or attack. As well as the costs to recover and restore lost data, you must also be prepared for potential third-party liability claims.
The importance of data should not be overlooked or undervalued. Reinstating data quickly can significantly reduce the financial impact on your business.
Are you doing everything to protect your most valuable data?