There’s no denying that our reliance on technology is growing at a rapid pace as society evolves. And while there are many opportunities for businesses to benefit from this evolution there is a flip side that warrants consideration and a bit of risk planning.
Background
You don’t have to look too far back to a time before social media existed, for example. Some thought it was a bit ‘Emperor’s New Clothes’ but social is now a major channel featuring in any business’s integrated marketing activity.
The Industrial Revolution 4.0 has also been gathering pace, particularly in the manufacturing industry, which is beginning to use Big Data to hone its supply chain control and production processes. Meanwhile, in the motor industry we’re witnessing technological advancements in areas such as telematics, driver aids, V2V and V2I, while also moving towards driverless cars.
You’ve probably also seen that Artificial Intelligence is being rolled out across customer service functions and even being trialled in medical diagnostics to ease the workload of GPs.
With Big Data and the IOT (Internet Of Things) becoming more commonplace in all kinds of sectors, we are truly edging towards fully connected living.
Risks for business
Maybe your business already takes advantage of some of these technologies or perhaps your business helps others to implement them. Even the most tech-averse firms will, as a minimum, hold customer data on a computer system of one kind or another.
This dependence means the consequences of failure and downtime are much greater than at any other time in our history. Sadly, some unscrupulous individuals – often linked to organised crime and terrorism – are keen to exploit that for their own financial gain.
But hang on, is this just scare-mongering or hype?
No, most definitely not! It is arguable that there is a greater chance of a business suffering a cyber-attack than any other risk a business faces.
The Cyber Security Breaches Survey 2023 showed that 32% of businesses had reported cyber-attacks or breaches in the previous 12 months, with this figure rising to 69% of large businesses. The average cost of all of these cyber breaches was £1,100, with larger businesses losing out to the cost of £4,960.
Yet the research revealed that only a little under four in ten businesses (37%) are insured against cyber security risks in some way, and even then this is not necessarily with a dedicated cyber-specific policy.
The human factor
Of course, you could have the most robust IT security on the planet but if your personnel have been compromised, corrupted or conned into action there’s not much you can do. Unfortunately, humans all too often prove to be the weak link in a cyber security strategy, something that has been made even more likely by the growth in remote working..
Breaches can occur simply as a result of human error or impaired judgement too – forgetting to apply security patches and software updates or losing a device in a public place, for example. Even following their most disruptive incident in the last 12 months, 36% of the businesses that experienced a cyber-attack in the DCMS survey chose to take no remedial action to prevent or protect their organisation from further breaches!
So let’s just pause here. Cybercrime is not an IT or tech team’s issue – it’s a wider business issue because it can result in loss of revenue, reputation and a potential decrease in share price. Think about the well-publicised Microsoft Exchange Hack, which resulted in an estimated 7,000 UK servers being compromised (according to The National Cyber Security Centre), and Carphone Warehouse – major tech companies with whole departments devoted to IT security but who still came a cropper (in Carphone Warehouse’s case, twice).
A quick word about financial penalties for failings and breaches
The data regulator, the Information Commissioner’s Office (ICO), has the power to issue fines of up to £17.5 million for major breaches under the GDPR regulations (or 4% of global turnover if there’s a holding company – whichever is the greater). For more minor breaches both those figures are halved. Regardless, what would a fine from the regulator do to your ability to continue trading – both in financial terms and to your reputation?
Real-world solution
Into this ever-changing landscape comes a whole new breed of insurance under the banner ‘Cyber’. It can come in various guises. For example, some commercial insurance policies include an element of cyber cover (usually as an extension under a different section), but this is quite basic in terms of scope and indemnity limit (the maximum amount it will pay out), so caution needs to be exercised.
You should involve your business insurance provider in the conversation to make sure you’re getting the best advice for your own needs.
For your peace of mind, your chosen insurance expert should be able to exhibit a sound understanding of Cyber Liability cover and have a pragmatic approach when relating the risks to your business. They’ll also keep in touch with developments, updating their knowledge as new exposures arise.
Robust protection comes in the form of dedicated Cyber Insurance, which offers all you’d need following a data loss or security breach. It typically covers things such as the costs of forensic investigation, data recovery, PR & reputational damage limitation, losses to third parties as a result of the breach, and even the defence costs of any ICO investigation and the resulting civil fine.
What does cyber insurance typically cover?
Breach Costs – Practical support in the event of a data breach (electronic or otherwise), including forensic investigations, legal advice, notifying customers or regulators, and offering support such as credit monitoring to affected customers.
Crisis Containment – In the event of a data breach, prompt, confident communication is critical to help minimise the damage to a company’s reputation. A leading public relations firm is engaged who can provide expert support, from developing communication strategies to running a 24/7 crisis press office.
Cyber Business Interruption – Compensation for loss of income, including where it is caused by damage to your reputation if a hacker targets your systems and prevents your business from earning revenue. How else would you survive this type of catastrophe?
Cyber Extortion – Protects you if a hacker tries to hold your business to ransom with any final ransom paid, as well as the services of a leading risk consultancy firm to help manage the situation.
Hacker Damage – Reimbursement for the costs of repair, restoration or replacement if a hacker causes damage to your websites, programmes or electronic data.
Cyber Crime – Covers direct financial loss following an external hack into your company’s computer network. This could be theft of money, property, or your digital assets.
Telephone Hacking – Pays the costs of unauthorised telephone calls made by an external hacker following a breach of your computer network; includes traditional fixed-line telephony systems, as well as online systems (VoiP, Skype, etc.).
2) AMOUNTS YOU MAY BE LIABLE TO PAY TO OTHER PARTIES
Privacy Protection – Pays to defend and settle claims made against you for failing to keep customers’ personal data secure, including the costs associated with regulatory investigations and settlement of civil penalties levied by regulators where allowed.
Multimedia Liability – The policy includes protection if you mistakenly infringe someone’s copyright by using a picture online for example, or inadvertently libel a third party in an email or other electronic communication.
Final thoughts
Cyber risks are very real and are only set to increase over time. As part of your overall risk planning you should consider the likelihood and implications of a cyber-attack or data breach (including the ICO’s fine levels) and whether your business could survive that financially.
You’d be wise to consult your insurance provider and get the most up-to-date advice if you’re looking at arranging cover for the consequences of a loss. Just make sure that they know what they’re talking about, specifically in relation to your business activities and how the cover would apply in real terms.
Don’t forget you’ll also benefit from those other specialist professional services that the cover provides – expertise that is waiting in the wings and will step in to help you deal with the practicalities of such an event.
Comprehensive cover is available for your business, and rest assured that it’s not just the organisations with deep pockets that can afford this cyber insurance protection.
