We are now all aware of the phrase ‘cyber risk’ following the recent cyber attack on the HSE which held our country’s health to ransom, but have we considered what the cyber risk is to our own businesses?
Cyber Risk is now one of the most commonly talked about topics as the impact of cybercrime reaches an all-time high. With so much of our daily transactions and businesses now being transacted online via the digital world, this has opened up a whole target market for cyber criminals. We are now almost completely reliant on technology in all aspects of our lives.
Cyberattacks are making headlines on a daily basis. It’s no longer a question of if your company will be breached, or even when, because it is most likely to have happened already. The real questions for most of us now are whether you will know and how prepared is your business?
Below are our top 10 recommendations on cyber security
1. Establish governance and organisation: Identify roles and responsibilities, agreeing on what your Cyber strategy will be and develop policies that will encourage and enable reporting within your business.
2. Identify what matters most: Map your business objectives/products/services to identifying and categorising your people, processes, technology and data infrastructure. Rank each by their importance to your business.
4. Define your risk appetite: Start to understand what the potential cost would be to your business should you become the victim of a cyber-attack. This will enable you to draw up a risk management processes and assist you to making the necessary decisions as to how much it will cost you to offset some of this risk.
5. Focus on training and awareness: Establish an education and training programme, ensuring all of your team can identify a cyberattack and are aware of the role they play in defending your business against attack.
6. Implement basic protections: Act now and secure your business by putting in place basic protections including secure configuration, patch management, firewalls, anti-malware, removable media controls, remote access controls, and encryption.
7. Be able to detect an attack: Establish a security monitoring capability which can detect an attack through monitoring activity at various levels within your business. This could be a basic system whereby an alert is generated and emailed when suspicious activity is detected on a firewall.
8. Be prepared to react: Establish a formal cyber incident team who have been trained in your documented plan, and continue to test this plan on an annual basis.
9. Build a Recovery Plan: Establish recovery plans (including comprehensive backups) for all processes and supporting technologies in line with how critical they are for the survival of your business.
10. Challenge and test regularly: Carry out a cyber incident simulation exercise to test your response to a significant cyberattack on a regular basis.
Specialist Insurance Products have now been designed to specifically cover Cyber Risk and they can provide the following covers:
- Cyber Crime takes many forms including phishing scams, website spoofing, ransomware and malware
- Cyber attacks can also include electronic theft, computer fraud & telecommunications fraud
- Network extortion including ransom demands
- Social engineering is the term used for a broad range of malicious activities accomplished through human interactions. It uses psychological manipulation to trick users into making security mistakes or giving away sensitive information
- Reputational damage. Trust is an essential element of customer relationship. Cyber-attacks can damage your business' reputation and erode the trust your customers have for you
- Coverage for rogue employees: Rogue employees are a major cause of data breaches. There could be one sitting in your office right now. Disgruntled current or ex-employees can do serious damage that is costly and time-consuming to repair. Protect your company from malicious employees and other cyber dangers by purchasing cyber liability insurance.
- Privacy regulatory defence and penalties provides defence coverage for breach of privacy law and the disclosure of protected and personal information. It also covers defence for regulatory proceedings and fines and penalties where insurable by law
What kind of claims can happen?
- A criminal cyber gang launches an attack and takes over your hard drive and they threaten to encrypt the hard drive unless you pay them a ransom. Cyber Insurance will be there to cover the
cost of meeting this ransom demand.
- Cyber criminals gain access to your accounts system and which contains all your client’s personal
information including all of their payment details. With Cyber Insurance, you will be covered for the
costs associated with informing your customers, any subsequent legal defence costs and any damages you are liable to pay to other parties.
- Hackers take down your website and as a result you are no longer able to take or confirm bookings.
With Cyber Insurance, you will be covered for the cost of restoring or reinstating the data to get your
website back up and running, and you may also be covered for the potential loss of net profit to your business.