Greetings fellow member of the Sevenoaks Chamber of Commerce. For those of you who I have yet to meet “ Hello “ the meetings are normally so well attended that it is impossible to get round to everybody, so I thought it a good idea to put this out there and it concerns probably the biggest single threat to any business whatever their size or Industry and that is a Cyber-attack/Incident. I have just arranged cover for the Chamber itself and was asked to offer the same to all members.
Please do have a think about Cyber & Crime insurance – this is something we are speaking to all our clients about old and new because firstly, cybercrime is on the rise and secondly, most small businesses think it will never affect them (which is not the case!).
Your business is at risk if:
- you hold customer or employee data such as names, addresses, bank details, passport copies etc.
- you use a computer to operate.
- you have a website.
- you take payment via card.
- you store data in the cloud or rely on cloud-based services.
- you make electronic payments.
The evidence suggests that the effects of COVID-19 have made the risk level of experiencing an attack higher than ever, and the resulting costs are substantial. As we become increasingly reliant on technology, at times solely, now’s the time for businesses to take action against cybercrime before it’s too late. Due to the evolving methods of cybercriminals, it’s near enough impossible to fully safeguard your business with cybersecurity software alone. That’s why it’s not only important to remain vigilant in your defence against an attack, but also to have a plan of action in place should you become victim to one.
Standard Business Insurance doesn’t adequately protect your business against cyberattacks, especially when it comes to your data. With dedicated Cyber Insurance in place, your business will have the reassurance that you’re covered for the aftermath of an attack, including damage to your IT systems, business interruption, data loss, reputational damage and more:
MOST INSURERS ADVISE THAT A CYBER ATTACK AGAINST YOUR BUSINESS IS NO LONGER A CASE OF ‘IF’ BUT ‘WHEN’.
- Why should I buy insurance for cyber risks? You’re most likely covered for risks like fire, flood and liability but you are just as likely to suffer a cyber-attack which can lead to loss of business, revenue and reputation; significant extra costs involved in dealing with the attack; and regulatory penalties.
- Doesn’t my business insurance cover this risk? No. Your standard business insurances will not provide the comprehensive protection you need against a cyber-attack.
- Hackers aren’t interested in me, are they? Much of the criminal activity online isn’t specifically targeted at a particular business; those behind the attacks will often use tools to search the internet for any system that has a vulnerability. They will then exploit that vulnerability, regardless of who is sitting behind it.
- I’m not an online business, so is this cover relevant for me?. A lot of companies identify as ‘offline’ and assume they don’t need cyber insurance. However, virtually all UK businesses (98%) represented in a government survey rely on some form of digital communication or services, such as staff email addresses, websites, online banking, and the ability for customers to shop online, which exposes them to cyber security risks.
- Does the policy only protect against hacking attacks? No. Whilst cyber criminals are one of the biggest sources of claims, issues can also occur from human error, such as sending an email to the wrong address, leaving a briefcase on a train, or mistakes in configuring a system.
- I don’t hold any customer personal data – do I still need this cover? The definition of personal data under GDPR is very broad and would still include things like a business email address. You also need to consider suppliers’ details, as well as information relating to employees (past, present and prospective). Additionally, most claims that we deal with do not involve a breach of personal data, but loss of funds, data corruption, or system downtime – all of which you may be vulnerable to even if you do not hold much personal data
How you can protect your business:
Cyber Insurance has been developed to offer comprehensive, but flexible, cyber cover to UK businesses of any size – from one – person operations to multinationals – and can include protection against:
- data breaches – where personal or commercial information (electronic or otherwise) is accessed without authorisation.
- security failure – a hacker exploits weaknesses in your security systems, leaving your business exposed.
- cyber-attacks – any digital attack against your business.
- extortion – criminals holding your systems or data to ransom or threatening to publish information.
- human errors – mistakes made by staff or suppliers that results in a data breach or system outage.
- business interruption – covering the loss of income that you may suffer from a cyber-attack.
- GDPR – covering your liabilities and the cost of defending regulatory investigations after any alleged breach of data protection legislation.
- reputational damage – includes PR and crisis management support and covers lost revenue or customers.
- financial crime and fraud – the use of the internet to deceive employees, customers or suppliers into transferring money or goods.
- property damage – physical damage to equipment or property resulting from a cyber-attack.
- dependent business interruption – covering lost revenue or increased costs incurred if a supplier’s systems are taken offline by a cyber incident.
A few claims examples:
- The files of a small business unexpectedly become encrypted and a ransom demand from a hacker arrives.
- A staff member leaves their work laptop on a train which contains personal data resulting in notification requirements under GDPR.
- An employee of a firm makes a bank transfer of £25,000 to fraudsters after falling victim to a phishing email supposedly from a senior manager.
- An employee misconfigures a software update over a weekend leaving systems unavailable and causing business interruption.
Any one of these incidents could happen to your business. In 2017, nearly half of all businesses were hit by at least one cyber-attack with average costs for UK businesses ranging from £25,000 for smaller businesses and £385,000 for companies with 1,000 employees or more. Data shows that 67% of cyber claims were caused directly by employee error, negligence, or social engineering.
Please let me know if this is of interest and I’ll be happy to discuss further and give you a rough indication as to cost.
Matthew Collins