Guest blog – Cyber crime and the threat to your business

Gary Bryant cyber insurance specialist
Jul
26
Posted 2016 by Chris Davies

Cyber crime is the world’s fastest growing criminal activity and is the single biggest future risk to businesses. Whilst money is the primary motivational factor for cyber criminals, other factors such as ideology, sympathy, anger and espionage are also significant drivers of cyber crime.

“Cyber Crime has overtaken the drug trade as the most profitable form of crime in the world”

Australian Attorney General, Robert McLelland.

Why Do Businesses Need Cyber Insurance ?

Businesses are increasingly relying on technology to store and process their data and their customer’s data. With the use of technology comes the exposure to security breaches and consequences such as:

• Breach of personal data
• Theft of funds through fraudulent entry into IT systems
• Loss or damage to data and networks
• Business interruption losses

The rise in IT outsourcing and the use of cloud computing services adds a further dimension to these risks. The risk is not limited to unauthorised access of networks as loss or theft of laptops, smartphones, data storage devices, physical documents and careless IT disposal also result in a high number of data breaches.

Electronic media is becoming an integrated part of the marketing and distribution strategies of most companies including corporate websites, social media and blogs. The risk of defamation, privacy breaches and infringement of intellectual property rights increase with the use of electronic media. Businesses frequently fail to implement adequate policies for corporate and employee use of such media.

So is Insurance the Answer ?

Robust risk management and IT security will help businesses to protect themselves against cyber attacks, however breaches can happen.

Cyber insurance provides cover against risks such as:

Third Party Liability:

• Data breaches
• Breach of privacy, confidentiality, security
• Customer notification expenses

First Party Loss or Damage:

• Restoration of the network and data
• Business Interruption – loss of income or additional expenditure
• Theft of money, securities or goods
• Extortion

10 Government Tips for Cyber Security

In the 2015 Information Security Breaches Survey, the Department for Business, Innovation & Skills reported that 90 per cent of large organisations had experienced a cyber breach in 2014. The worst security breach of the year cost each company, on average, between £1.46 million and £3.14 million. Small businesses did not fare much better—74 per cent experienced a security breach in 2014, costing on average between £75,000 and £311,000 for their worst breach.

Regardless of the size of your organisation, cyber security provides invaluable protection. To help your company develop thorough cyber risk management, the government has laid out 10 beneficial tips.

1. Keep directors and officers informed about what preventative measures your company
has taken to manage cyber attacks. This may include reports detailing current and new initiatives.

2. Produce a user security policy that covers the acceptable use of your organisation’s
systems. Additionally, establish a general staff training programme on how to manage cyber risks.

3. Develop a mobile working policy.

4. Apply any security patches as soon as they become available, and ensure that the configuration of all information communications technology (ICT) systems is secure and maintained. Additionally, create a system inventory and define a baseline for all ICT devices.

5. Create a policy for all removable media—such as thumb drives and external hard drives. Include the requirement that all media be scanned for malware before importing it on the
corporate system.

6. Establish online and cyber account manager processes, and monitor user activity for
potentially hazardous or malicious behaviour.

7. Establish a cyber incident response and disaster recovery policy. This should include
testing incident management plans.

8. Establish a general employee monitoring strategy to identify potential malware and
hazardous online behaviour.

9. Establish anti-malware defences to protect against hackers and viruses.

10. Protect your organisation’s computer and online networks against external and internal
attacks by managing the network perimeter and filtering out unauthorised access and malicious content.

Through the implementation of these 10 tips, your organisation should be able to effectively shore up any deficiencies in your cyber risk management scheme.

If you would like to discuss the implications for your business and what can be done please contact me Gary.Bryant@icbgroupuk.com or visit our web site for more details ICB Group

Leave a Comment