Cyber and data risks insurance is designed to support and protect your business if it experiences a data breach or malicious cyber hack. It can also help to limit the damage caused by a successful attempt to access your business data. Attacks can come in the form of phishing, denial of service and ransomware – to name but a few examples of cyber incidents that can put your business at risk.
Front-line defence is key when it comes to protecting your business from cyber-attacks. No business – however small – is safe from malicious threat. A well -rounded approach toward risk management and prevention is best and could save business owners a lot of stress in the long run.
It is common practice for businesses to run risk assessments to understand a multitude of vulnerabilities – and cyber security should be no different.
Education, strong infrastructure, up to date systems, backing up data, and installing security software are all paramount for effective attack prevention and risk management.
A disaster recovery plan for worst case scenarios, is of utmost importance to minimise loss of business, stress and recovery costs. The right cyber and data insurance will protect your business should this information get lost, leaked or stolen. A Cyber Insurance policy can also help with reputational damage.
Applying security precautions to your business can be simple and effective; basic security measures – such as encrypting company laptops and utilising group domains, locking the server room door, and installing anti-virus protection – will all successfully decrease your risk.
However, human error is the top cause of cyber breaches – something that can be easily avoided by implementing policy and training staff on what to look out for – such as emails with poor layout, improper spelling and unfamiliar attachments, or URL’s that differ from the principal business.
Ensuring devices and tools that contain data have safe storage locations, maintaining system updates in a timely manner and regular quality assurance will all help reduce the risk of human error.
Don’t be caught out by thinking you don’t need to think about cyber and data security because you are a small business. SME’s are one of the largest targets for cyber related crime with over 50% of cyber-attacks aimed at this sector. Any business can be at risk – if you handle or store data, hold customer or employee information, rely on computer systems in order to conduct business, take card payments or make electronic payments, have an email system, or have a website – then cyber and data security should be a priority.
Whilst cyber insurance offers protection to businesses, there is still a responsibility to ensure best practice is in place to avoid breaches where possible. We spoke with S4Encrypt who are offering simple risk management tools in order to assess and minimise the likelihood of a breach to your business.
“S4Encrypt are proposing that the cyber insurance offer be enhanced to provide a facility for prospective purchasers to go through a simple risk management questionnaire before the quotation for the insurance premium is issued. The questionnaire will pose questions relating to the preparedness of the business in terms of their ability to manage information in such a way that it minimises the likelihood of cyber penetration or loss of data.
The results of these questions will be placed into structured data fields in a Safe4 vault. This will form an immutable record of each entry, with a strong audit trail maintaining a history of all activity. The objective is to prompt the proprietor of the business to identify what is being done to train staff and make them aware of the risks.”
Ben Martin; Safe4UK
This not only allows for best practice for your business to stay secure, and ensure GDPR compliance, but Safe4Encrypt also provide record keeping with a strong audit trail, to prompt identification of what is being done and is still required. Any breaches, mitigation actions and reviews will be recorded.
By completing this risk assessment as a business, you will be able to demonstrate to your broker that you have taken direct action. This means your broker will be able to secure a more favourable policy.
Ensure prevention and risk management processes have been followed by:
This will place your business in a strong position should you be inspected by the ICO or a regulatory body following a breach – allowing your business to say “I have done everything I can” to minimise your risk of attack.
Our deep understanding of cyber and data insurance, alongside our commitment to stay on top of all products and developments in the market, means we are able to deliver the best service to our clients. Contact Eggar Forrester Insurance today to discuss personalised protection for your business with our specialist brokers.