Since most businesses in the UK now use the internet, email or cloud technology as an integral part of their operation, they become ever more reliant on technology. This increases the vulnerability of each business to electronic security threats. A UK government report found that 60%* of small businesses had suffered a data breach in the last year; a further 16% of small businesses experienced a ‘denial of service’ attack, effectively making their computer systems unusable.
The most common terms for the issues (threats) associated with cyber include:
- Data breach
- Employee error
Cyber insurance and the continually changing environment
Because the use of technology in our everyday lives has increased, criminals can now access information and data like never before. It is important that you to take steps to protect your organisation from cyber-attacks and stay safe online.
Warnings since the Ukrainian invasion
Since Russia invaded Ukraine in January, the National Cyber Security Centre have been sending out warnings to UK organisations regarding making sure that cyber and digital defences are in place and are reliable should any sudden cyber-attacks happen.
While the NCSC is not aware of any current specific threats to UK, it should be made clear that there is a pattern to cyber-attacks happening when there has been other historical crisis’ such as COVID-19 and this could just be the latest in a list of international consequences.
How at risk are you?
To find out your organisation's level of cyber risk, complete this quick cyber risk assessment.
Assessing the risk to your business?
In most small and medium sized businesses responsibility for data control under the Data Protection Act lies with the owner of the business. The loss of personal or customer data can bring significant financial loss and/or prosecution. Any attacks could also significantly impair the company’s ability to operate. Therefore if your business:
- holds sensitive customer details such as names and addresses and banking details
- is heavily reliant on computer systems to conduct its business
- has a website
- is subject to a payment card industry (PCI) merchant services agreement; then it could be vulnerable to a data breach or loss of vital business service
What can you do? - Three simple steps for protecting you and your business
There are a number of risk management and risk transfer strategies that can be undertaken to minimise the exposure:
- Identify and understand the risks - understanding the exposure of the business enables a number of bespoke precautions to be put in place such as; a business security plan, the encryption of sensitive data, secure and hide wireless networks, install and maintain anti-virus software and firewalls, restrict employee usage of non business related web sites and carry out daily backups of data.
- Planning ahead - the process of Business Continuity Planning (BCP) identifies potential threats to the business, evaluates the threats and determines the action required to minimise the effect that any resultant losses will have on the business. A viable BCP will also ensure that staff, customers and suppliers are reassured that there are effective policies and practices in place to manage the unexpected.
- Risk Transfer - Many traditional liability and business interruption insurance products do not address the full range of risks associated with e-commerce and the internet. A Cyber Liability policy will fill the gap in the protection of your business by including your own losses (first party) and third party losses (claims against the business by others). First party protection covers your businesses for costs of notifying customers and regulators and will also include network interruption to your computer systems which cause your business to be disrupted with the resultant loss of revenue. Third party exposure involves the financial risks relating to loss or breach of personal or confidential information contained on your systems and protects you against claims for damages from data subjects resulting from the loss of their confidential information.
Take simple security actions to protect your business
There are also simple best-practice points you can take and make sure are embedded in your organisation's culture, such as:
- Investing in antivirus software
- Always locking screens when away from desk
- Two-factor identification systems
- Limiting the sharing of information
- Using complex passwords; a phrase or statement is best
- Requesting password changes regularly
Cyber insurance protection available
Cyber insurance can help protect your business against a range of cyber threats and exposures, including cybercrime, data breaches and system interruption. Top activity areas for cyber-criminals include:
- Data leakage
- Insider threat
How can we help?
Given the significance of this particular risk, your existing service team will be available to discuss your options and can be included in your next review process.
What is covered by a cyber liability policy?
- Practical support in the event of a data breach
- Compensation for loss of income
- Payment of the costs associated with regulatory investigations
- Reimbursement for the costs of repair, restoration or replacement
- Defence costs and damage awards if you mistakenly infringe someone’s copyright
- Forensic Investigation costs
- Legal advice
- Notifying customers or regulators
- Support service – offering expert help and guidance
- Damage to reputation
- Claims for damages made against the business
- Civil Penalties levied by regulators
- Inadvertently libeling a third party in an email or other electronic communication methods
- Reinstatement of data
- Credit monitoring to affected customers
- Compensation costs
- Actively work with the business to minimise losses
*Source: ‘Don’t get locked in Cyber Space’, Hiscox Underwriting Ltd.
Cyber insurance from Towergate
Towergate are actively engaging with insurers and our clients to obtain cyber protection for businesses of all sizes, to protect against the very real and growing threats of the digital age. We can offer cyber insurance for businesses to help protect you should the worst happen.
Alternatively speak to your usual Towergate advisor.
About the author
Mark Brannon Cert CII is a respected industry leader with over 17 years’ industry experience in a variety of roles within the business insurance sector. He works across a wide spectrum of insurance product and policy development, delivery and optimisation for clients, including claims, insurer relationships, marketing and communications, and risk management.
Read more cyber insurance articles
- End of financial year? Prime time for cyber scams
- Cyber and Ransomware Attacks Are On The Increase
- Protect Yourself From Phishing Emails And When Sharing Data Online
The information contained in this article is based on sources that we believe are reliable and should be understood as general risk management and insurance information only. It is not intended to be taken as advice with respect to any specific or individual situation and cannot be relied upon as such. If you wish to discuss your specific requirements, please do not hesitate to contact your usual Towergate Insurance Brokers adviser or email TIB@towergate.co.uk.