As technology becomes increasingly important for successful business operations, the value of a strong cyber liability insurance policy will only continue to grow.
The spiralling volume of information stored and transferred electronically has resulted in an increase in the potential exposures facing businesses. Regulations, such as the General Data Protection Regulation (GDPR), must also be considered, because a loss of sensitive personal information may subject you to fines and sanctions from the Information Commissioner’s Office (ICO). Under the GDPR, businesses risk fines of up to £17 million or 4% of annual turnover (whichever is higher) if they suffer a data breach.
We live in an age where a stolen laptop or hacked account can instantly compromise the personal data of thousands of customers. Therefore, it is just as important for a business to protect itself from cyber liabilities, as it is from the more traditional exposures that are covered under a general commercial liability policy.
Why Cyber liability insurance?
A traditional commercial insurance policy is extremely unlikely to protect against most cyber exposures. Standard commercial policies are written to insure against injury or physical loss and will do little, if anything, to shield you from electronic damages and the associated costs they may incur. Exposures are vast, ranging from the content you put on your website to stored customer data. Awareness of the potential cyber exposures your business faces is essential to managing risk through appropriate cover.
First Response and Disaster Recovery
Not only does a cyber policy provide you with essential cover as described below, it also compliments your Disaster Recovery Plan. It provides 24/7 access to top professionals including Breach Coaches, IT Forensics, Extortion Advisors and Legal, PR and Communications Experts. Many policies also include access to risk management tools to mitigate your cyber risk.
Possible exposures covered by a typical cyber liability policy may include:
Data breaches – Increased online consumer spending has placed more responsibility on companies to protect clients’ personal information, affected parties can sue you as a result.
Business/Network Interruption – If your primary business operations require the use of computer systems, a disaster that cripples your ability to access or operate your systems could cause you, or a third party that depends on your services, to lose potential revenue. From a server failure to a data breach, such an incident can affect your day to day operations for weeks, or even months. Time and resources that normally would have gone elsewhere will need to be directed towards the problem which could result in further losses. This is especially important as denial of service attacks by hackers have been on the rise. Such attacks block access to certain websites by either rerouting traffic to a different site or overloading an organisation’s server.
Intellectual property rights – Your company’s online presence, whether it be through a corporate website, blogs or social media, opens you up to some of the same exposures faced by publishers. This can include libel, copyright or trademark infringement and defamation, among other things.
Damages to a third-party system – If an email sent from your server has a virus that crashes the system of a customer or the software your company distributes fails, resulting in a loss for a third party, you could be held liable for the damages.
System Failure – A natural disaster, malicious activity or fire could all cause physical damages that could result in data or code loss.
Cyber Extortion – Hackers can hijack websites, networks and stored data, denying access to you or your customers. They often demand money to restore your systems to working order. This can cause a temporary loss of revenue plus generate costs associated with paying the hacker’s demands or rebuilding if damage is done.
Cyber liability insurance is specifically designed to address the risks that come with using modern technology; risks that other types of business liability insurance will not cover. The level of cover your business needs is based on your individual operations and can vary depending on your range of exposure.
It is extremely important to work with a broker that can identify your areas of
risk, so a policy can be tailored to fit your unique situation.
How can you protect your Business?
As well as purchasing cyber liability insurance, there are other ways that you can protect your business from a cyber- attack or data breach:
1. Backing up your data
All businesses, regardless of their size, should undertake regular backups of all important data. Firstly, you need to identify what data is essential in keeping your business running. The type of
data you should back up can include: customer details, quotes, important documents, emails, and so on.
It is important to remember to keep your backups separate to your computer and ensure that they have restricted access. This will protect your essential data from the potential threat of natural disasters, physical damage or theft.
2. Be vigilant with smart phones and laptops
Employees are more likely to lose/ have their phone or laptop stolen when they are away from the office. You should ensure that all company-owned electronic devices have software that allows them to be tracked, monitored and wiped – if stolen.
You can also encourage your employees not to store work-related emails and documents on their personal devices, and to not work on laptops when using public transport.
3. Use strong passwords to protect your data
In accordance with the previous point, protecting your business’ electronic data can also be done effectively with password protection. A password, pin, or face/finger recognition are all good examples of strong password protection. You could also utilise “two-factor authentication” for important data, which can include setting up security questions, or sending an authentication code to another device.
Passwords should contain a mixture of upper and lower-case letters, numbers and symbols. Remind employees to avoid “predictable” words and to vary passwords between different systems/ programs. Alternatively, you can regularly request employees to change their passwords on a monthly/quarterly basis.
4. Recognise, and avoid, phishing emails
A “phishing email” is typically a fake email sent by hackers with the purpose of asking for sensitive information (e.g. bank details), or with links containing bad viruses. Check who the email has come from, if the email is personalised to the receiver and if there are any spelling/grammar mistakes. Many companies now state that they do not ask for sensitive information over the phone/email.
Email filtering systems should filter these emails into your junk/spam inbox automatically, however you should always be vigilant when opening emails on a work device and report all attacks if they do occur.
5. Train your staff
Gov.uk provide free online training courses to help businesses protect
themselves against cyber threats and online fraud. You can also discuss best practice with your employees when setting up new passwords, backing up documents and data, and how to avoid phishing emails.
As reliance on technology continues to increase, new exposures continue to emerge. As your business grows, make sure your cyber liability cover grows with it.
As reliance on technology continues to increase, new exposures continue to emerge. As your business grows, make sure your cyber liability cover grows with it - Miles Smith Insurance Group: Cyber Liability Insurance Click To Tweet
For any further information, please contact your Miles Smith Insurance Solutions Account Executive directly, or contact the team on 020 7977 4800.