Protecting your business from cyber attack should be the first thing on the agenda of every board meeting. Why? Because if you do have a strategy of protecting your business from cyber attack then you are potentially putting your business at risk.
You may have heard the quote; ‘There are only two types of business – ones that have had a cyber breach. And, those that don’t know they have had a cyber breach! However, I believe that is just a marketing slogan and cannot be quantified by fact. What is fact though, is that according to government figures, 60% of SME’s have been breached and a further 16% have had denial of service attacks against their business.
Unleashed has written a lot of blogs about how you can protect yourself and you can catch up with them here. However, what I want to discuss today is protecting your business from cyber attack with cyber insurance.
Cyber insurance has been very slow to take off in the UK. I still think that a lot of businesses are burying their heads in the sand. They still have it wont happen to me attitude, well let me tell you, at some point it will happen to you. Just like car/house/buildings/business/liability etc, you need to think about cyber insurance.
Protecting your business against cyber attack with cyber insurance
As I have already pointed out, a lot of business are thinking – why would someone target my business. Let me tell you now, there are an estimated 120,000 cyber attacks in the UK every day!.
Here is a few reasons why you will be attacked at some point.
- You hold data, this is valuable to someone. If you have employees/customers you will hold names, addresses and bank details – GDPR will also effect you!
- You will rely on your computer systems – even if you only have a single PC. There will be valuable information on it.
- You will have a website – if you sell products you are more vulnerable
- You may take payments online or over phone. Again, you must also be looking at GDPR
What can Cyber Insurance offer you?
- Practical support to find how you were compromised. This includes forensic investigations as to what data was targeted and how it was taken. You also get legal advice, details on how to notify customers or regulators (again GDPR)
- Compensation for loss of income, this could include damage to reputation if you are compromised.
- Payments of investigation costs or damages against your business. This could be fines from regulatory bodies.
- Reimbursement for the costs to make good a cyber attack
- Liability against infringement of copyright
You can straight away that the benefits outweigh the risks of not having cyber insurance. This also applies to all other business insurance – You simply cannot adopt a ‘so what’ attitude anymore.
There is a but! You will not get cyber insurance unless you have taken reasonable steps to protect your business. The best way to protect your business from cyber attack is to engage an independent cyber security consultant. Even, if you have a third party IT company supporting your business or a employed IT team you should get a second company to test your networks.
You may have heard about Cyber Essentials and Cyber Essentials Plus? This is a government accredited scheme to help you put in place the proper methodology and steps in place to protect your business.
Cyber Essentials cover the following 5 steps.
- Boundary firewalls and internet gateways
- Secure configuration
- Access controls
- Malware protection
- Patch management
If you take the steps above you will definitely be able to qualify for cyber insurance and it could even reduce your payments.