It’s probably fair to assume that as you left your house this morning, you locked the door, and if you travelled to work by car, you will have locked your car. Yet the same ‘instinct’ for protecting your property doesn’t seem to apply to some people and businesses when it comes to their cyber security. Thieves knock on your virtual door asking to come in, and some people seem quite happy to let them in without even asking who they are or why they are asking to come in. ‘Of course you can come in, take what you want and leave a complete mess behind that will take ages and cost thousands of pounds to put right, and whilst you’re here, have you got an account you would like me to send some money to’?
We hear of companies and individuals who have been hacked or had online ransoms demanding money to give them their data back or simply ‘unlock’ their systems that they hadn’t locked themselves! Yet people still seem to think this is what happens to others. Is it a burying your head in the sand attitude, a lack of knowledge about what to do, or a genuine belief that a cyber criminal just wouldn’t be interested in you or your company?
The reality is that if you are online, which virtually every business is, and just to clarify, that doesn’t mean you have to sell goods online, it only means you connect to the internet or send e-mails – you are at risk!
The large cyber crimes are well publicised, but of course most companies aren’t keen to shout about how they have been victims of Cyber crime because of the potential reputational damage. So just because you only hear about the large cyber events, don’t think they aren’t happening every day to businesses large and small.
What if a member of staff loses a laptop or has it stolen? Is there client data on it? Or a member of staff is made redundant or sacked and has a grudge. How difficult would it be for them to misuse company data? The potential for a loss is very broad.
With the General Data Protection Regulation coming into force on the 25th May 2018, its vital that any company that handles data makes themselves fully aware of their responsibilities, and the consequences of falling foul of their responsibilities, which can include a fine equivalent to 4% of your annual turnover. The purpose of this article isn’t to go into detail on the GDPR regulations, but ignore them at your peril!
As insurance brokers, we have conversations with businesses large and small, and the vast majority take on board advice relating to how best to minimise their business risks, for example improved security or robust health and safety procedures. But there does seem to be a reluctance to engage in dialogue about cyber security. Perhaps the level of risk a business has is not fully appreciated, which could be because it’s not a subject people are confident to talk about, or the costs involved in being cyber secure are seen as being too high, will take too much time, or perhaps businesses just perceive it’s their insurance broker trying to sell another policy they don’t need!
With Cyber policies that cover a broad range of possible eventualities being available from a little over £100, cost really isn’t the barrier to insurance cover that it may have been a few years ago, and insurers have developed the skills to deal with Cyber claims so that they can really help your business get back on its feet as quickly as possible. Do you have the in-house technical ability to deal with a major cyber attack? How much would your IT consultants charge to deal with it, even if they did have the knowledge about what to do?
Who would deal with PR fall out? Who would pay for the possible ongoing credit monitoring costs for clients who have had personal data stolen? Is it a notifiable breach, and who meets the breach notification costs? Who covers the business interruption costs whilst your business can’t trade?
There are a large number of insurers now offering cyber insurance, and it would take a long time to go into the detail of different policy cover! What I would like to do is raise awareness of the risks that all businesses are exposed to and suggest that you look seriously at the risk you are exposed to, and have a conversation with your insurance broker about the products that are available to protect your business. Your broker may be able to take some of the problems away from you and give you critical advice about how to protect your business. Any policies they suggest may well cost far less than you thought and in the 21st century you may just think that the time has come to put a lock on your cyber risks.