Why do you need a cyber attack plan?
- Loss of income to your business.
- Loss of trust from your customers and suppliers.
- Loss of your key data and your customers' data.
- Reputational damage.
Anyone of these will impact negatively on the business – pull all 4 together and you have a real problem. You need a plan to ensure the survival of the business.
It's no longer a case of IF your systems are targeted... rather when.
How can a cyber insurance product help protect your Business
Simply put… it will deliver the practical support in the event of an attack or breach including:-
- Investigation costs following a breach,
- Legal and regulatory advice
- System repair and audit following the breach to ensure system safety
- If you receive a ransom demand or your system will be or has been infected to prevent the use
- Insurers will cover any money paid (with their permission) with the purpose of terminating the threat or to recover data
- Insurers will provide guidance to manage this threat
- Claims by third parties in relation to their data being compromised (They do not have to suffer a financial loss to take a successful claim under GDPR
- Any financial loss by a third party
These are just some of the features of how Cyber insurance can form a key part of your strategy around protecting your business against this emerging threat.
If you would like to get more details the team here in Arachas will be delighted to help. Why not call us on 01 213 5000 or email: firstname.lastname@example.org.
Our Cyber Insurance cover includes:
- Breach Costs
- Practical support in the event of a data breach including forensic investigations, legal and regulatory advice in respect of customer notification, credit monitoring, system audit following breach.
- Cyber Business Interruption
- Compensation for loss of income caused by a cyber event. Additional cost of working incurred in rectifying the issue.
- Extortion / Ransomware
- Demand for money or the system will be or has been encrypted or infected to prevent use. Insurers will cover any money paid (with their permission) with the purpose of terminating the threat or to recover data. Insurers will provide guidance to manage this threat.
- Privacy Protection
- Pay and defend claims made by customers and third parties for failing to keep the data safe, including regulatory investigations and civil penalties where allowed.
- Hacker Damage
- The cost of repair restoration or replacement if a hacker causes damage to a website, programs or electronic data.
- Media Liability
- Protection in the event the company mistakenly infringes third party copyright or inadvertently libel a third party in email or electronic communication.
- Reputational Damage
- Loss of net income due to termination of services by clients or reduction in business and brands where the loss arises directly from a network event.
- Social Engineering
- Misrepresentation of fact or intentional, malicious, wilful or fraudulent act by a third party which mis leads an employee leading to money, securities or assets being transferred, paid, distributed, altered, corrupted or lost customers, money or assets from your account.
- Telecommunication Fraud
- Intentional malicious wilful misuse of telecom system by third parties.
Cyber risks are a fact of life in a world of information and information systems. Any company dealing with electronic data, whether it’s on mobile devices, computers, servers or online faces such risks.
So what is the threat & who could pose a threat?
Threats can come from:
- Rogue Employees
- Negligent Employees - Company Outsiders
- Social Networking
This can lead to:
- Loss of Intellectual Property - Business Interruption (Loss of Profits)
- Data Loss
- Network Failure
- Reputational Damage
GDPR and Cyber Insurance:
Unless you have been hiding under a rock you will by now know that we have a new set of data protection regulations - GDPR.
Current legislation - The Data Protection Act coupled with various additions/amendments are now being replaced by GDPR. This now has implications for your cyber insurance...
If your client's data becomes exposed you will need to...
- Notify authorities within 72 hours
- Identify and rectify the source and extent of the breach
- Have sufficient resource at you immediate disposal limit the financial, reputational and legal costs associated
Under GDPR every business is subject to fines and penalties for failing to secure digital data. Small businesses are not immune from large fines. Fines up to €20m or 4% of annual turnover – whichever is the greater.
Companies found not to have robust data protection policies in place, such as cyber response planning, can expect harsher penalties.
Cyber insurance is designed to deliver all the supports your business will need if and when the worst happens.
In 2016, 66% of small firms were victims of some level of cybercrime according to Federation of small businesses.. so it's not just about the big guys.
Who should be on the response team?
- Executive management. Again can I stress? This is a business issue not simply something to leave with IT
- After management, IT, both internal and external
- Public Relations
Most SME business will rely heavily on external supports, all of which can be provided by the Cyber risk insurer.
The plan should include operating procedures.
- Investigation and containment
- Impact assessment
Remember, you are not going to get 24 hours notice that a breach is about to occur. More likely than not you will find out at 5:30 on a Friday evening when you’re sitting in your car on your way home, so what do you do?
You have got to bring in expert forensic investigators as quickly as possible to advise and assist in determining:-
- Where did the breach occur?
- What’s the source?
- You need to establish what happened, where, when, who did it, how did they do it?
- Is the breach continuing?
- What needs to be done to stop the data leakage?
- What evidence needs to be collated or preserved?
- Do you have the in-house capability to do this?