Cyber Security: What it means for UK businesses

Cyber Security is a constantly evolving landscape – and small and medium businesses in the UK need to be aware of the threat. Although it’s a high profile subject in the media, cyber liability is an emerging insurance risk and insurers are evolving their products to meet market demand.

Simon Henderson, Managing Director of insurance broker and NAS Associate Member Darwin Clayton, gives us an insight into what Cyber Security means for SMEs today.

 What form are cyberattacks taking in 2017?

According to the National Cyber Security Centre, many attacks are ‘state sponsored’ – alleged attacks by foreign governments hacking into defence and foreign policy servers. However, beyond central government departments, there have been many varied types of attack in the last 12 months, such as Yahoo advising users that they were hit with a ‘cookie’ attack, Tesco Bank falling victim to hackers who removed money from customers’ accounts, and Lincolnshire County Council, whose computer system was closed down by hackers demanding a ransom.

What do SMEs need to know about cybercrime?

SMEs need to consider the many ways cybercrime can affect their businesses. Some key emerging risks include cyber extortion, in the form of illegal threat and ransom demands excluding a business from its systems; telephone hacking, affecting both traditional fixed lines and online systems; external hacking to steal money, property, or digital assets. This can lead to a range of consequences, including data breach costs, crisis containment, business interruption, and costs for repairing hacking damage – all serious issues for a business.

How can businesses protect themselves against cyberattacks?

 Businesses should be taking several precautions:

  • Encrypt all mobile computing devices (laptops/tablets/phones/PDAs) and portable data devices (e.g. USB sticks) used by employees for business (including personal equipment) – this is a common requirement of insurance covers
  • Regular mandatory password updates
  • Regular network scans and/or penetration testing
  • Two factor authentication for any online banking facility
  • All passwords (including voicemail) changed from the defaults
  • Calls to premium rate and international numbers to be barred
  • Alerts being in place with telecoms provider for notifications if calls reach a certain volume
  • Telephone system (at least outgoing calls) switched off out of business hours (or at least over weekends)

What does the cybersecurity landscape mean for the way insurers work with businesses?

Many insurers are now providing cost-effective insurance solutions to transfer the risk away from businesses and onto the insurer. There are usually three elements to the cover: Standard policy covers (First party), standard policy covers (Third Party), and optional policy covers.

Standard policy covers (First party) can include breach costs, cyber business interruption, hacker damage, cyber extortion, and crisis containment. Standard policy covers (Third party) often consists of privacy protection and media liability, while Optional policy covers can comprise cybercrime, telephone hacking, and cyber hacktivism.

Many SMEs still have a culture of ‘it won’t happen to me’, but as Robert Mueller, sixth director of the FBI, once said, there are “two types of companies: those that have been hacked and those that will be”.

Is your business prepared? Visit Darwin Clayton’s website for more insurance expertise.