Since most businesses in the UK now use the internet, email or cloud technology as an integral part of their operation, they become ever more reliant on technology. This increases the vulnerability of each business to electronic security threats. A UK government report found that 60%* of small businesses had suffered a data breach in the last year; a further 16% of small businesses experienced a ‘denial of service’ attack, effectively making their computer systems unusable. Recently hackers reportedly swamped a large high street retailer with junk traffic as a smokescreen, before breaking into systems and stealing the details of 2.4m of their customers. The most common terms for the issues (threats) associated with cyber include:
• Data Breach • Viruses • Hacking • Employee Error
To take our cyber risk assessment please visit https://towergateinsurancebrokerscyber.co.uk/towergate
Assessing the risk to your business?
In most small and medium sized businesses responsibility for data control under the Data Protection Act lies with the owner of the business. The loss of personal or customer data can bring significant financial loss and/or prosecution. Any attacks could also significantly impair the company’s ability to operate. Therefore if your business:
- holds sensitive customer details such as names and addresses and banking details
- is heavily reliant on computer systems to conduct its business
- has a website
- is subject to a payment card industry (PCI) merchant services agreement; then it could be vulnerable to a data breach or loss of vital business services
Changes in Legislation
It is expected that legislation will be approved and come into force in 2018. This will change the way in which businesses handle data. The key changes are:
- Mandatory notification to the Information Commissioner’s Office (ICO) of any breach
- Increases in the maximum fines imposed (amounts still to be determined). Any fine imposed will be set dependent upon the severity of the breach
- Individuals will have the right to require businesses erase their personal data where consent is withdrawn
What can you do? - Three simple steps for protecting you and your business
There are a number of risk management and risk transfer strategies that can be undertaken to minimise the exposure:
- Identify and understand the risks - understanding the exposure of the business enables a number of bespoke precautions to be put in place such as; a business security plan, the encryption of sensitive data, secure and hide wireless networks, install and maintain anti-virus software and firewalls, restrict employee usage of non business related web sites and carry out daily backups of data.
- Planning ahead - the process of Business Continuity Planning (BCP) identifies potential threats to the business, evaluates the threats and determines the action required to minimise the effect that any resultant losses will have on the business. A viable BCP will also ensure that staff, customers and suppliers are reassured that there are effective policies and practices in place to manage the unexpected.
- Risk Transfer - Many traditional liability and business interruption insurance products do not address the full range of risks associated with e-commerce and the internet. A Cyber Liability policy will fill the gap in the protection of your business by including your own losses (first party) and third party losses (claims against the business by others). First party protection covers your businesses for costs of notifying customers and regulators and will also include network interruption to your computer systems which cause your business to be disrupted with the resultant loss of revenue. Third party exposure involves the financial risks relating to loss or breach of personal or confidential information contained on your systems and protects you against claims for damages from data subjects resulting from the loss of their confidential information.
How can we help?
Given the significance of this particular risk, your existing service team will be available to discuss your options and can be included in your next review process.
What is covered by a Cyber Liability policy?
- Practical support in the event of a data breach
- Compensation for loss of income
- Payment of the costs associated with regulatory investigations
- Reimbursement for the costs of repair, restoration or replacement
- Defence costs and damage awards if you mistakenly infringe someone’s copyright
- Forensic Investigation costs
- Legal advice
- Notifying customers or regulators
- Support service – offering expert help and guidance
- Damage to reputation
- Claims for damages made against the business
- Civil Penalties levied by regulators
- Inadvertently libeling a third party in an email or other electronic communication methods
- Reinstatement of data
- Credit monitoring to affected customers
- Compensation costs
- Actively work with the business to minimise losses
*Source: ‘Don’t get locked in Cyber Space’, Hiscox Underwriting Ltd.
Cyber insurance from Towergate
Towergate are actively engaging with insurers and our clients to obtain cyber protection for businesses of all sizes, to protect against the very real and growing threats of the digital age. We can offer cyber insurance for businesses to help protect you should the worst happen.
Alternatively speak to your usual Towergate advisor.
About the author
Mark Brannon Cert CII is a respected industry leader with over 17 years’ industry experience in a variety of roles within the business insurance sector. He works across a wide spectrum of insurance product and policy development, delivery and optimisation for clients, including claims, insurer relationships, marketing and communications, and risk management.
Read more cyber insurance articles
- End of financial year? Prime time for cyber scams
- Cyber and Ransomware Attacks Are On The Increase
- Protect Yourself From Phishing Emails And When Sharing Data Online
The information contained in this article is based on sources that we believe are reliable and should be understood as general risk management and insurance information only. It is not intended to be taken as advice with respect to any specific or individual situation and cannot be relied upon as such. If you wish to discuss your specific requirements, please do not hesitate to contact your usual Towergate Insurance Brokers adviser or email TIB@towergate.co.uk.