Cyber risk for business owners - what you need to know in the connected age

(article posted 17/04/2019)

Request a Chris Knott business insurance quote

There’s no denying that our reliance on technology is growing at a rapid pace as society evolves. And while there are many opportunities for businesses to benefit from this evolution there is a flip side that warrants consideration and a bit of risk planning.

Background

You don’t have to look too far back to a time before social media existed, for example. Some thought it was a bit ‘Emperor’s New Clothes’ but social is now a major channel featuring in any business’s integrated marketing activity.

Lean production in manufacturing has moved on apace. The automation of repetitive processes and data transfer has been commonplace for a while and in the motor industry we’re witnessing technological advancements in areas such as telematics, driver aids, V2V and V2I, while moving towards driverless cars.

You’ve probably also seen that Artificial Intelligence is being rolled out across customer service functions and even being trialled in medical diagnostics to ease the workload of GPs.

So-called ‘Big Data’ and the IOT (Internet Of Things) mean we’re edging nearer and nearer to fully connected living.

Risks for business

Maybe your business already takes advantage of some of these technologies. Maybe your business helps others to implement them. Even the most tech-averse firms will likely, as a minimum, hold customer data on a computer system of one kind or another.

This dependence means the consequences of failure and downtime are much greater than at any other time in our history. Sadly, therefore, some unscrupulous individuals - often linked to organised crime and terrorism - are keen to exploit that for their own financial gain.

But hang on, is this just scare-mongering or hype?

No, most definitely not! It is arguable that there is a greater chance of a business suffering a cyber-attack than any other risk a business faces.

A report commissioned by the Department for Culture, Media & Sport (DCMS) found that as many as 32% of businesses have identified security breaches or attacks in the last year.

The Cyber Security Breaches Survey 2019 showed that the average cost of dealing with lost data or assets was almost £3k for small businesses. For larger organisations that rose to over £22k.

Yet the research revealed that only 11% of businesses overall have specific cyber insurance in place to protect themselves from these costs and losses. In medium-sized businesses that rose to 31% (up from just 19% in 2018).

The human factor

Of course, you could have the most robust IT security on the planet but if your personnel have been compromised, corrupted or conned into action there’s not much you can do. With systems being so advanced it’s often easier for hackers to target an employee.

Breaches can occur simply as a result of human error or impaired judgment too - forgetting to apply security patches and software updates or losing a device in a public place for example. Even following their most disruptive incident in the last 12 months, 29% of the businesses consulted for the DCMS survey chose to take no remedial action to prevent or protect their organisation from further breaches!

So let’s just pause here. Cybercrime is not an IT or tech team’s issue – it’s a wider business issue because it can result in loss of revenue, reputation and a potential decrease in share price. Think about Carphone Warehouse and TalkTalk for example - major tech companies with whole departments devoted to IT security but who still came a cropper (in Carphone Warehouse’s case, twice).

A quick word about financial penalties for failings and breaches

The data regulator, the Information Commissioner’s Office (ICO), has the power to issue fines of upto €20m for major breaches under the recently implemented GDPR regulations (or 4% of global turnover if there’s a holding company - whichever is the greater). For more minor breaches both those figures are halved. Regardless, what would a fine from the regulator do to your ability to continue trading – in financial terms and reputationally?

Real-world solution

Into this ever-changing landscape comes a whole new breed of insurance under the banner Cyber. It can come in various guises. For example, some commercial insurance policies include an element of cyber cover (usually as an extension under a different section) but this is quite basic in terms of scope and indemnity limit (the maximum amount it will pay out), so caution needs to be exercised.

You should involve your business insurance provider in the conversation to make sure you’re getting the best advice for your own needs.

For your peace of mind, your chosen insurance expert should be able to exhibit a sound understanding of Cyber Liability cover and have a pragmatic approach when relating the risks to your business. They’ll also keep in touch with developments, updating their knowledge as any new exposures arise.

Robust protection comes in the form of dedicated Cyber Liability Insurance which offers all you’d need following a data loss or security breach. It typically covers things like the costs of forensic investigation, data recovery, PR & reputational damage limitation, losses to third parties as a result of the breach and even the defence costs of any ICO investigation and, crucially, the resulting civil fine.

What does cyber insurance typically cover?

The various heads of cover can be broken down into 2 main provisions: 1) costs your business may incur and 2) amounts you may be liable to pay to others.

1) Costs your business may incur as a result of an incident

Breach Costs - Practical support in the event of a data breach (electronic or otherwise) including forensic investigations, legal advice, notifying customers or regulators, and offering support such as credit monitoring to affected customers.

Crisis Containment - In the event of a data breach, prompt, confident communication is critical to help minimise the damage to a company’s reputation. A leading public relations firm is engaged who can provide expert support, from developing communication strategies to running a 24/7 crisis press office.

Cyber Business Interruption - Compensation for loss of income, including where it is caused by damage to your reputation, if a hacker targets your systems and prevents your business from earning revenue. How else would you survive this type of catastrophe?

Cyber Extortion - Protects you if a hacker tries to hold your business to ransom with any final ransom paid, as well as the services of a leading risk consultancy firm to help manage the situation.

Hacker Damage - Reimbursement for the costs of repair, restoration or replacement if a hacker causes damage to your websites, programmes or electronic data.

Cyber Crime - Covers direct financial loss following an external hack into your company’s computer network. This could be theft of money, property, or your digital assets.

Telephone Hacking - Pays the costs of unauthorised telephone calls made by an external hacker following a breach of your computer network; includes traditional fixed-line telephony systems, as well as online systems (VoiP, Skype, etc).

2) Amounts you may be liable to pay to other parties

Privacy Protection - Pays to defend and settle claims made against you for failing to keep customers’ personal data secure including the costs associated with regulatory investigations and settlement of civil penalties levied by regulators where allowed.

Multimedia Liability - The policy includes protection if you mistakenly infringe someone’s copyright by using a picture online for example, or inadvertently libel a third party in an email or other electronic communication.

Final thoughts

Cyber risks are very real and are only set to increase over time. As part of your overall risk planning you should consider the likelihood and implications of a cyber-attack or data breach (including the ICO’s fine levels) and whether your business could survive that financially.

You’d be wise to consult your insurance provider and get the most up-to-date advice if you’re looking at arranging cover for the consequences of a loss. Just make sure that they know what they’re talking about, specifically in relation to your business activities and how the cover would apply in real terms.

Don’t forget you’ll also benefit from those other specialist professional services that cover provides – expertise that is waiting in the wings and will step in to help you deal with the practicalities of such an event.

Comprehensive cover is available for your business and rest assured that it’s not just the organisations with deep pockets that can afford this cyber insurance protection.

Further info

To be the first to receive information like this in the future, plus occasional offers from Chris Knott, please subscribe to our updates - we promise not to overdo it and you can unsubscribe again at any time.

 

RELATED POSTS:

Cyber risk for business owners - what you need to know in the connected age...

3 Important Business Insurance Checks For Non-Experts

Key benefits to your business of conducting an insurance review

Business Interruption ensures you'll weather a storm

GDPR - your Cyber Liability considerations

 

Company Profile  |  Feedback  |  Press  |  Terms of Business  |  Privacy Policy  |  Site Map   © Chris Knott Insurance 2008 : Site design by Nick Day