If, like me, you have been reviewing insurance renewals recently, you will probably have seen the increasing recommendation to protect your business with cyber liability insurance, if you haven’t already taken this cover. Cyber insurance products have evolved significantly in recent years and offer genuine protection to a business, but you must be sure of your own security controls for the policy to be effective.
Cyber insurance has seen a 50% surge in policy uptakes during 2016 and 2017, with a similar growth rate expected for 2018; driving this growth is the frequency of large cyber-attacks, such as ransomware (350% in 2017).
With more modern business conducted online, the economic impact is also higher. Modern cyber premiums often cover the cost associated with non-physical acts such as network or system failures, data-breeches, forensic examination, reputation management and business interruption.
With the market size of cyber-insurance increasing, the UK insurance regulator (PRA) has become more involved; consulting on rules of measurement, policy management and how policies are underwritten. Policy holders must ensure they are mindful of the requirements placed on their business, to ensure compliance with policy terms for cyber risk management. For example, the expectation that policyholders are cyber-resilient, and that reasonable measures and precautions have been taken to prevent an event occurring, are often a prerequisite for the insurance to be valid; failure to have these measures in place can often be classed as a ‘pre-existing problem’.
Reasonable measures and cyber-resilience start with a standard or baseline. A resilient approach can be broken down into 4 phases; prepare, absorb, recover and adapt.
There is no silver bullet, no matter how much you spend on cyber security hardware, software and training, all you are doing is lowering the probability of becoming a target, or minimising the damage if you are successfully targeted. A prepare, absorb, recover and adapt strategy will help to minimise the impact on your business. If you find that you are the victim of a cyber-attack, a prepare, absorb, recover strategy will allow your business to recover more quickly.
The UK Government’s Cyber Essentials scheme is a great starting point for businesses that don’t have a cyber security standard or strategy. Cyber Essentials identifies 5 basic technical controls to protect your business. The scheme is not definitive but does provide an indication of areas that merit further attention within a business. Should you choose, your business can become accredited in recognition of the security controls in place. Depending on the nature of your business, some accreditation’s automatically include cyber indemnity of £25,000 for UK small and medium sized organisations.
DCS are an IT business systems provider, specialising in business security audits, scenario planning, recovery and training. By partnering with us you are taking the first step in ensuring that your business has a resilient and robust cyber security strategy in place. We work closely with you to ensure that you have the necessary processes and systems ready, for if you ever are a victim of a cyber-attack.
Learn more about our Cyber Essentials courses here.