Last year’s cyber attack on TalkTalk was widely publicised, and there are few who won’t be aware of it. But what business owners do tend to be unaware of, however, is the fact that such attacks are definitely not confined to larger organisations like TalkTalk. In fact, 60 per cent of small businesses suffered a cyber security breach in 2014.*
Technology is the driving force behind so many business processes nowadays and it is unlikely that any company, whatever its size, would be able to categorically state that an attack on its data or systems would not have a devastating effect in one way or another.
The Knock-on Effect of Cyber Security Breaches
Cyber security breaches can have a serious knock-on effect. Viruses or hacking can bring customer transactions to a standstill; critical data can be lost, corrupted or damaged; intellectual property can be compromised. Revenue and profits are likely to suffer as a result. There could be follow-on liabilities such as notification costs, fines for data loss, legal expenses, awards and damages to pay out.
Reputation damage is another very real possibility, with customers no longer trusting that their personal data is safe, or doubting the ability of the organisation to deliver and so taking their business to a competitor. And the knock-on effect doesn’t stop there, as shareholders may lose confidence and sell their shares, causing values to decline and tarnishing the company’s financial reputation.
How Many of your Staff Have Company Data on their Personal Devices?
Most companies have processes in place to protect against cyber attacks. From written policies to firewalls and staff training, you may well consider that you are doing everything possible to reduce your business’ risk. However, human error and misjudgement are facts of life. For example, did you know that 23 per cent of people who receive them open phishing emails? And that 11 per cent go on to open the attachments in those emails?**
What about the 40 per cent who download company files onto their personal devices? The 30 per cent who transfer data into file sharing apps without first asking permission? And the 50 per cent who, when leaving an organisation, take confidential information with them?*** Disgruntled ex-employee or not, it still leaves a business lacking control over its data. Then there is the risk of lost devices … a misplaced laptop or USB stick containing confidential data could lead to disastrous consequences if it found its way into the wrong hands.
The Costs of Cyber Crime
To fix a single data record that has been breached costs in the region of £35.** Imagine if you lost 500 records – or 1,000 – or 5,000.
Everyone is potentially at risk from cyber attacks: whatever the industry, whatever the size of the business, from sole traders to global entities. If you rely on technology for any element of your operation, then the threat applies to you.
In the region of 52 per cent of businesses believe they have insurance cover for cyber breaches. The reality is however, that less than 10 percent actually do.* Traditional insurance policies were generally not designed to cover these new technology related risks.
Cyber Risk Insurance
Thankfully, purpose-designed insurance products are now becoming available in response to a very real need. Focused on mitigating the impact of a data breach incident, the cover aims to restore a business to its full operational status in as short a turnaround as possible.
The cover will deal with innocent, human-error based data breaches through to malicious attacks, extortion and denial of service. Legal assistance, public relations guidance and IT forensics can all be included as required, as can cover for cyber extortion, business interruption, data restoration and loss of profits.
For example, in the instance of a hacker installing ransomware on a network and in doing so denying a business access to its data files, certain types of cover will include forensic work to get to the root of the problem; PR intervention to help limit adverse publicity, and assistance in removing any credible threat that stems from the extortion. The costs to restore or replace data will be taken care of and, with some policies, loss of profits compensated for.
Cyber risks are growing and evolving. Cyber risk insurance offers a cost effective way to manage the risks, and to make sure the threats to your business are kept to a minimum.
For more information, or to request a tailored quotation for cyber risk insurance, please get in touch.
* HM Government & Marsh UK Cyber Security Report March 2015
** Verizon Data Breach Investigations Report May 2015
*** Symantec at Security Matters Forum March 2015