Mike Ayres – Senior Manager
Cyber liability insurance has gone from being the new kid on the block to an essential part of a company’s protection over the past few years. There are plenty of reasons to have cover in place, but what are the risks and what solutions are there?
Cyber attacks – the risks posed by cyber fraudsters
Today’s businesses are increasingly at risk of a cyber-attack and the fraudsters perpetrating these are becoming smarter by the day. We have all received the emails purporting to be genuine, but underneath they are looking to ‘phish’ their way into our systems. Many sources claim it is not a matter of ‘if’ but ‘when’ your business will become a victim.
Our businesses systems and processes were originally designed to allow us to complete our jobs efficiently, however this has led to them becoming predictable and as a result easier to breach.
Cyber attack prevention
The most important consideration is that threats change and processes and systems that were deemed secure 1 year ago, may not be now. A policy of (at least) annual review is essential to ensure that the latest methods are considered and that your team are acting appropriately to deflect any potential attacks on your systems.
Having well trained staff who are aware of how a threat may materialise and what they can do to minimise it will help reduce the chance of a breach, but should also reduce the cost of any protection.
In fact, staff are both firms’ biggest weaknesses and greatest opportunities when it comes to cyber threats. By investing time (and money) in ensuring that they understand how they could be targeted and what to do if they are, then a firm can reduce both the likelihood and potential impact of an attack.
The Insurance Route
Alongside reviewing your processes and educating your team you need to think about insurance, but I can’t stress enough that this doesn’t mean you will become immune to attacks or indeed to penetration of your systems. Once you have considered and protected yourself against the risks you should be in a position where you never need to use the insurance.
Cover may pay out for:
- the cost of notifying customers of a breach
- losses from business interruption
- the cost of restoring damaged data
- settlement of extortion threats!
What it cannot do is repair any reputational damage that is suffered as a result. For this the greatest protection is to ensure you do everything you can to prevent it happening in the first place.
So do you need cover?
Yes, but it really does depend on your individual situation. Some industries are more at risk than others; those managing client funds or processing a large volume of transactions for example. But that doesn’t mean that an opportunistic fraudster won’t spot a gap in your procedures and take advantage.
Is there anything else to consider?
As with any policy, insurers will consider the risk when deciding upon a cost for your required policy. By taking any steps you can to reduce these risks you can reduce the cost of insurance. In addition to the steps above, Cyber Essentials (https://www.cyberessentials.ncsc.gov.uk/) is a government backed scheme that can help to show you are taking the right steps to reduce risk.
There are also myriad consulting firms happy to offer their guidance, but select carefully, ensuring you use a firm that has a strong reputation. It is also beneficial to consider a firm that follows through to help implement their recommendations rather than leaving you with a report that you may never get round to acting upon.
Menzies advisory team can help guide you with your systems and processes and we have contacts who can help take your protection to a higher level.