What is Cyber Insurance and why do we need it?
Cyber insurance is a form of insurance designed to protect your business from threats in the digital world. Cyber Insurance can protect your business in the event of a malicious cyber hack or data breach on your business computer system or systems. In today’s world, we are connected via so many systems, applications, and physical technological gadgets but this means that our data and communications could be exposed as well.
Why do you need cyber insurance?
Cyber insurance should cover the cost for your business to recover from a cyberattack, virus, or malicious data breach. In a nutshell, it should protect your business against damages caused by electronic threats to your business computer systems or data. It should cover any legal claims resulting from the attack or breach. These cyber-attacks and threats could, unfortunately, lead to the theft, damage, or misuse of your business’s sensitive information. They also can impact your business’s supporting technologies which could result in business downtime and recovery costs.
Any business that stores sensitive data (including customer data) on a physical electronic device or on a cloud platform should have cyber insurance. There are certain things that cyber insurance policies generally do not cover, such as future loss of profits, general depreciation due to the theft of your intellectual property. It will generally not cover system or process upgrades after a cyber event.
A Real-Life Example
Perhaps the most relevant example of this is the thousands of fake shopping websites that are set up every day aiding various purchase-related frauds. These websites sometimes masquerade as official or related sites from reputable and recognised brands. They trick people into sharing personal information and their credit or debit card information which usually is used for fraudulent purposes. Once the User shares this information they may not receive the goods they purchased or could receive counterfeit goods in their place.
Another example is where websites try to entice people to click a link. This link can trigger the download of malware. Malware is the collective term that describes malicious software. It’s not all about capturing an innocent victim’s credit card details, there are more sophisticated attacks that target large institutions such as banks, tech, and big pharmaceutical companies in an attempt to steal intellectual property.
Security of your technical systems and the protection of your businesses and customers’ data is not something that can be taken lightly. Especially in the evolution of a pandemic that has forced businesses to move to remote working literally overnight. Having the digital capabilities to work remotely has been a lifeline for many Irish businesses and worldwide. However many do not have clear policies and security measures in place. Basic deployment of laptops and access to the essentials such as email and collaborative platforms came first and security came afterward. Many businesses did not have the ability to roll out security controls in a remote environment overnight.
Businesses now have to secure their equipment, systems, and access to systems on their physical premises and from remote locations as well. Cybercriminals have no boundaries, they are not targeting your physical premises typically. It’s your systems and data they are after and they will follow the trail of your data everywhere. They will target shared home Wi-Fi networks as well. Think of who is using your home WI-FI network? Your family or housemates could be streaming content or playing games from an unsecured site, they could unknowingly download content onto smartphones, tablets, and other devices. The reality is that most people’s home networks and wi-fi have become an extension of your business network.
Corporate businesses have an advantage that smaller businesses do not. They will have IT staff or partner firms that have the necessary skills to put these policies in place and regularly check that the systems and everything are secure. Sole traders and micro SME’s typically don’t have access to these specialised skills and cant typically afford to implement them. They are extremely exposed and it is imperative that the owners of small businesses and their staff are cyber-aware.
Companies are migrating to digital platforms without realising the risks associated and without contingency plans in place. Especially now, in the heart of the pandemic, businesses have been forced to pivot to online platforms to enable customer online engagement and commerce. The alternative for these businesses is a permanent closure. They are rushing to get online and unfortunately may not be thinking of or not know to ask certain security questions. Business owners need to ask if they have the same security and control of their data on these digital platforms, systems, and in general on the cloud. Never assume and always get the answer from your digital provider. These businesses may not know that their platforms have security controls because they are focused on keeping the business running. But remember the onus is on you the owner.
If digital platforms exist in your business or your staff are working remotely you might want to consider the following questions:
- Have you moved your data or some client data to the cloud?
- Do you have an SSL cert on your website if using your website to complete financial transactions?
- Have you analysed the risk that hybrid home working/office environments bring?
- What systems, platforms, apps do you use on your laptop, phone, or computer to communicate with clients, suppliers, and staff, and are they secure?
- Having considered key areas of exposure do you have the relevant procedural and technical controls in place?
- When investing in new technology or platforms do you consider the security implications?
- Have you reviewed cloud service security?
- Do you have platform and cloud Service Level agreements in place you’re your suppliers?
- Have you completed a digital security assessment and Followed up with definitive answers to all your concerns?
- Do employees use their own devices for work and if so have you thought about the potential risks and mitigations?
- Are you communicating security awareness to staff and partners and ensuring they are fully engaged with your cybersecurity protocols?
The list is much more extensive than this but having experience in cybersecurity claims and knowledge of the industry we know how fundamentally important it is to answer these basic questions.
We would be delighted to have a conversation with you if you have concerns about cyber insurance for your business.