Cybercrime isn’t going away, with more and more companies making the big switch to digital, it’s not surprising that cybercrime is on the rise. The Office of National Statistics (ONS) estimated that there were 2.46 million cyber incidents and 2.11 million victims of cybercrime in the UK alone in 2015. [1] With data breaches becoming common for all businesses, from Yahoo’s Hack in starting in 2013. [2] to the Germany Steel Mill hack in 2014 [3], and the Petya malware attack that infected multiple public services in Ukraine [4], it’s clear that hackers are here to stay.
What is Cyber Liability insurance?
Cyber Liability insurance has been around for 10 years now. Even with these large threats, plenty of security professionals are still unaware its existence. [0] No matter the size of your business, it is highly likely that you rely on Information Technology (IT) services to store information, operate or communicate. If your infrastructure is hacked, this can have potentially devastating consequences. You could experience loss of income as business operation will be interrupted, as well as paying out for device repair, and possibly having to replace mass amounts of IT equipment.
Cyber insurance can cover multiple costs such as the ransom money you have paid against a ransomware attack, legal advice, forensic investigations, providing compensation for income lost, theft of money or digital assets and cost of device repair and replacement. You should think of what your company might need in detail if this did happen to you, that way you can choose a policy which is right for you.
Typical policies for SMEs have cover limits of £100k up to £5 million. Though, you can get higher limits depending on the level of threat your company might face.
Who is at risk from Cybercrime?
Everyone is at risk when it comes to cybercrime, even if a small business only uses e-mail or a small server. You are at risk of being hacked. The main reasons why hackers target businesses is for data and the money belonging to you and also your consumers.
A small business in Blackburn was targeted by a virus which encrypted over 12,000 files on its company network. The hackers extorted the company, telling them they will decrypt them if they way £3,000 for it, which the company did indeed pay. [5]
It’s not just in-house company servers and networks that are affected by this, with cloud-based storage being a favourite of many businesses and freelancers now due to its portability and backup options, it’s important to understand that providers of these services are susceptible to attack as well. In 2016, Dropbox had data from 68 million accounts leaked online, this included usernames and passwords allowing people access to very sensitive information.
In 2018, the E.U. is bringing in a new regulation called the General Data Protection Regulation (GDPR), which is dedicated to protecting user’s sensitive information from being mishandled. If you fail to protect these from attack you could receive fines up to €20 million or 4% of the company’s annual turnover. It’s dangerous thinking to believe it’ll never happen to you.
If you work with sensitive information, personal information, or financial data, then Cyber Liability Insurance would be an investment and an asset to your work.
Manage your cyber risks:
It’s great to protect yourself if you are attacked, but these are some tips that can help you stay safe from the start.
1) Make sure that you evaluate first and third party networking systems in the business. This includes employees that bring their own devices to work on as they are more likely to leave vulnerabilities on the network.
2) Train employees on cybercrime and security. The UK Government even offer this as a free 30-minute online course. [6]
3) Creating individual user accounts for employees means information is traceable to each user, without employees having to share a user account keeping their information safe from each other.
4) Update software, this one is quite simple but we often forget to do it as we are busy at the time when asked to update. This is crucial when it comes to operating systems. Windows XP, 7 and 8 are all outdated/obsolete versions of the Windows Operating Systems. The WannaCry software attack which affected the NHS, Telefonica and 200,000 systems worldwide earlier in 2017 managed to infect old operating systems causing massive damages to these I.T. Infrastructures.
5) Physical offline hard/flash drives of important information can be a saviour, especially if you password protect it and get a Kensington lock for it so it cannot be stolen. Having it offline means it won’t be victim to viruses. (unless the user PC is already infected). Having a safe backup is good practice in any business.
6) Update your passwords, and don’t use the same ones for all your login credentials. Variety will make it harder for hackers to find information on multiple accounts you own.
Cyber insurance is becoming an important part of many businesses cyber toolkits. No business, big or small which uses computers, the internet or holds data is safe from the threats.
Sources:
[0] https://cvbj.biz/2017/06/05/decoding-cyber-liability-insurance/
[1] http://www.nationalcrimeagency.gov.uk/publications/709-cyber-crime-assessment-2016/file
[2] http://www.bbc.co.uk/news/world-us-canada-38324527
[3] http://www.bbc.co.uk/news/technology-30575104
[4] http://www.telegraph.co.uk/news/2017/06/27/ukraine-hit-massive-cyber-attack1/
[5] https://www.theguardian.com/small-business-network/2016/feb/08/huge-rise-hack-attacks-cyber-criminals-target-small-businesses
[6] http://nationalarchives.gov.uk/sme/