Cyber: April claims report

The risk of a Cyber incident is only ever increasing in todays world and after seeing a list of known data breaches and cyber attacks for April I thought that I would share this as the results are just staggering.

Follow this link so see a full list of known incidents for April 2015. 

Businesses of any size will rely on an information technology infrastructure and as a consequence you will be exposed to the risks of business interruption, income loss, damage management and repair, and possibly reputational damage if IT equipment or systems fail or are interrupted.

A UK Government survey estimated* that in 2014 a staggering 81% of large corporations and 60% of small businesses suffered a cyber breach in some form with the average cost of a cyber-security breach is £600k-£1.15m for large businesses and £65k-115k for SMEs. 

While existing insurance policies such as commercial property, business interruption or professional indemnity insurance, may provide some elements of cover against cyber risks, businesses are increasingly buying specialised cyber insurance policies to supplement their existing insurance arrangements, particularly if they:

• hold sensitive customer details such as names and addresses or banking information;
• rely heavily on IT systems and websites to conduct their business;
• process payment card information as a matter of course.

As well as putting adequate insurance in place, it is extremely important for businesses to manage their own cyber risks as it can have a significant impact on your actual exposure. This approach should include:

• Evaluating first and third party risks associated with the IT systems and networks in your business.
• Assessing the potential events that could cause first or third party risks to materialise.
• Analysing the controls that are currently in place and whether they need further improvement.
• Implementing robust management controls for money transfers and the accessibility of data by employees.

In 2014 the UK Government released the  Cyber Essentials Scheme which is a valuable tool kit and well worth a read.  However, it only highlights the basic concepts of protecting your own IT & data and although the concept is a great idea the problem with this solution is that it only looks to fix some basic loop holes which will probably only help stop the casual opportunist.  The professional that is well resourced (or even a disgruntled employee that may have a good knowledge of your own internal systems) will easily negate this basic level of protection.

Amongst all the information available about Cyber Insurancce, the fundamental key throughout is to make sure you have made a full assessment of your own IT systems, evaluated the data that you hold, reviewed the level of data that staff have access to and also considerd the risk of loosing partial or all of your data and it being made public. 

If after undertaking this process you still have genuine concerns for your Data and IT systems then you should find out more about insuring the risks you face through a Cyber Insurance Policy.

Nigel Bailey

* information sourced from the Association of British Insurers (ABI)