It's no secret that cyber security incidents are on the rise, nor that it's likely that every business will experience at least one cyber attack in some form during their lifetime. In fact, the latest statistics indicate that at least 50% of all businesses have suffered some form of cyber attack, data breach or cyber problem since the start of the Covid-19 pandemic. This is only likely to get worse, as dispersed teams who combine home and office working increase the risk of cyber related problems, thanks to less awareness, more difficulty in training them, increased use of personal devices for work activities, dispersed networks and the like. So, what can you do about it?
The best defence is prevention. Prevention comes in many forms, including staff training to minimise risk, robust business systems, and strong cyber defences. The main challenge however is that cyber threats are in constant development, either through machine learning to circumvent antivirus and defences, or through malicious actors developing new ways to get around defences. Add to this the weaknesses and unidentified security gaps in major software platforms, and it is no surprise that a cyber breach of some kind is inevitable.
As an organisation, your responsibility is to take every possible and necessary step to reduce your cyber liability and to ensure you have done everything you can to prevent a breach. That includes everything from updating to the latest software versions and security patches, through to regular staff training, and ensuring that your own internal processes, procedures and systems are in no way adding to your risk. In the event of a breach, you may need to demonstrate that you have properly assessed the risk of attacks and breaches, and mitigated them through responsible and robust strategies and practices. Regulators may use this to assess your liability in the event of fines, and being able to demonstrate that you have robust processes may help to reduce your liability.
So what about cyber liability insurance?
The cost of cyber issues are widespread and varied; everything from the physical cost of recovering the systems and replacing necessary hardware and software, to potential fines for data breaches, loss of reputation, loss of productivity and much more besides. Earlier this year, Redcar and Cleeveland Council became victims of a cyber attack, and in September 2020 they confirmed that the total overall cost to the Council was £10.4million. Could your business really afford that?
This is where Cyber Liability Insurance can come into play. Obviously, there are some extensive terms that you have to meet and responsibilities you have as an organisation, but assuming you follow these to the letter, then Cyber Liability Insurance can help to pick up some of the financial shortfall. The type and terms of cyber policies will vary according to policy and provider, so it is worth investigating and comparing the different policies that are available on the market, and whether they are best suited to your business. For example, liability cover can be 'first party' or 'third party' in much the same way as your car insurance, with the former covering you for some or all of the costs for data loss or damage, and the latter covering you for costs incurred by third parties or your employees. Both will usually (although you should check the terms) cover the cost of crisis management of an incident, covering things like incident investigation, remediation costs, court fees and even fines. This can be the difference between being able to focus on recovery from the incident, and / or having to deal with the financial ruin or near ruin of the business.
Each individual policy is different and it is worth speaking to a broker who deals with multiple market products to help find the right one for you and your business. For example, some policies will cover you for loss of income, but this will push the premium much higher, while others will focus on direct costs only. We use and are insured through the John Morgan Partnership should you need a place to start...
Cyber Security Training
When you're looking for a cyber liability policy, you should ask and consider whether the provider offers regular or ad hoc cyber training for your staff. Some policies come with access to an ad hoc platform that you can use at your leisure, while others provide a monthly training unit that they strongly recommend all your staff sit through. This can be another form of defence for your cyber security and is a great way to demonstrate your commitment to robust security.
Alternatively, if you'd prefer to keep training and insurance separate, ask us about the Barracuda AI product which can help shore up your defences and comes with market-leading monthly training too. Our team is happy to help and advise on 01453 700 800.
Businesses that invest in robust cyber security planning, have clear processes and procedures, add multiple layers of security products and have well-trained staff are much less likely to suffer a breach in the first place. They will also likely be more desirable customers for cyber insurers (meaning lower premiums) and in the event of a breach, which can be unavoidable even with the best preparation, these robust practices will demonstrate commitment to excellence and may reduce or even remove potential regulatory fines. Cyber insurance cannot and should not be your only line of defence, but it is a complimentary option for your all-round defence practices.