The threat of cyber crime is widely considered to be one of the biggest challenges for modern business. For nearly 20 years Hiscox has been a pioneer in the tech and cyber-related insurance industry and, in conjunction with the IoD, has produced a series of guides to help you understand how and why the cyber threat can affect any business of any size.
We begin with this step-by-step guide on the simple measures you can take to improve your online security and how to prepare yourself for the worst-case scenario…
An increasing number of UK businesses are getting to grips with the growing cyber threat.
Indeed, the new Hiscox Cyber Readiness Report, which surveyed 4,100 businesses across the UK, Europe and US, reveals that two-thirds of respondents (66%) rank cyber crime, alongside fraud, as the top risks to their business.
However, this report on cyber security also highlights the scale of the problem, as almost half (45%) of those surveyed were hit by a cyber attack at least once in the past year. Furthermore, the average cost for UK SMEs of dealing with a cyber attack comes to nearly £25,000.
If you think that protecting your business against cyber crime is optional, or that you don’t look after much data, so it’s not a priority, here are some essential facts you need to know…
You are 40% more likely to be a victim of cyber crime than burglary
A report on Crime in England and Wales published in March 2017 by the Office for National Statistics revealed that whereas 27% of all households were victims of burglary, 39% of adults were victims of computer misuse or unauthorised access to computer material.
Criminals are targeting businesses across the UK, usually via bogus emails, to extract important personal data that can be used to commit a wide range of offences, such as credit card fraud.
More often than not, these attacks are successful because an employee has opened a file or an attachment that infects the computer, and potentially a whole network. In fact, 67% of claims filed by Hiscox insurers from March 2016 to September 2017 were caused by employee error.
It is not an IT issue, it is a business issue
Because the cyber threat exists predominantly online, company directors are often guilty of giving the IT department sole responsibility for online security, when it should be a priority at board level.
Perhaps the easiest way to look at cyber crime is to treat it like any other crime such as fraud, theft, embezzlement or burglary. You cannot guarantee that you will never be the victim of a data breach - where sensitive, confidential or protected data has been accessed without authorisation - in much the same way that you cannot guarantee that your house will never be burgled, or your car won’t be stolen.
Prevention is better than the cure
You can improve your online security at work by carrying out some simple procedures…
- Regularly change passwords
- Use two-factor authentication. In other words, have another form of ID, such as a PIN number, along with a username and password.
- Make sure your systems are up to date. Last year’s cyber attack on the NHS happened because they failed to install the latest updates.
- Create protection policies. Given that we know most data breaches occur through employee error and we know people will often instinctively open files and attachments, you need to make them aware of the possible consequences.
You have a responsibility to protect your data
On 25 May 2018, a new pan-European regulation comes into effect, which is known as the General Data Protection Regulation (GDPR). Businesses that fail to protect their data and suffer a breach could face fines of up to 4% of their global turnover. They will also have just 72 hours after finding out that a breach has occurred, to notify the national data regulator and everyone affected, otherwise they could also be liable for a fine. This is designed to make companies put better structures in place to deal with such a problem.
The legal implications
If a business suffers a data breach and fails to have any insurance in place, this could put its directors in breach of their statutory duties as set out in the Companies Act of 2006. In turn, a business may also incur fines through failure to comply with GDPR.
It can mean the difference between losing and keeping customers
Perhaps the biggest cost to a business once its data has been stolen is the damage to its reputation. A swift, clear and professional response to the situation can help you to maintain the trust of your customers and prevent them from taking their business elsewhere.
Stephen Ridley is the Lead Cyber Underwriter at Hiscox. He says, “We’ve seen from some of the high profile instances of data breaches that delays or mishandling of a situation can reflect incredibly poorly on an organisation, and have a lasting impact on its reputation.
“That’s why we focus on providing our customers with immediate access to expert firms (such as IT forensics, legal and PR), who have vast experience of managing these types of situations and can take the appropriate steps to ensure that the incident is resolved as quickly as possible, and that there is as little consequential harm to the business as possible.”
You may need to take out cyber insurance if one or more of the following applies to your business…
- You have a website
- You employ staff who use a work email and/or are connected to your network
- You hold sensitive customer data such as names, addresses or bank details
- You are reliant on computer systems to conduct your business
- You are subject to a payment card industry (PCI) merchant services agreement
- A data breach could seriously disrupt how your business functions from day to day
What is the right level of cyber insurance coverage for your business?
There is no ‘one-size-fits-all’ approach to taking out cyber insurance. You must assess each of the risks inherent to your business.
It’s worth using this simple checklist as a starting point, to consider the level of insurance cover that you may require:
- The amount of personal data that you hold and how sensitive that information is.
- The size of your business. This could include being a sole trader, a contractor, an SME or a large organisation.
- Your dependence on tech and computer systems.
IoD members benefit from a 5% discount on Hiscox Business Insurance including Cyber and Data Risks Insurance. For more information contact Hiscox’s team of UK based insurance experts on:
0800 2800 354
Learn more here