Managing Data Risk

News stories of data security breaches and cyber-crime are becoming more prevalent and worrisome to organisations, business and individuals.

In 2015, the government joined forces with The City to set up a UK Cyber Taskforce. They worked with a global risk advisory firm to publish a report on cyber risks and encouraged organisations to purchase Cyber Liability insurance policies.

Statistics from the report make for sober reading:

81% of large businesses suffered a cyber security breach
60% of small businesses suffered a cyber security breach

With such a significant threat, it is essential that organisations consider the risk and take steps to minimise and increase their resilience. We advise businesses to review their cyber-security in terms of People, Systems and Risk Transfer, as outlined below.

People

We are probably the weakest link in the cyber-security chain- we write down our passwords, forget to lock our computer screen, use the same passwords for all our accounts – the list goes on. In fact, 65% of staff use a single password for all their applications, resulting in system vulnerability in the event of a password breach. These practices pose a significant threat to our cyber-security, and so the training and competency of IT users in an organisation is paramount. Staff need to understand the risks they face and how best to avoid them. Simple changes can have a massive impact. What are your policies? Are these clearly communicated to staff? Are they implemented? What changes do you have to put in place to improve your organisation’s cyber-security?

Company culture also has a significant impact on cyber-security. If employees are engaged and there is a culture of integrity, doing the right thing, sticking to the rules and checking people’s work through regular auditing, the chances of a data leak by an employee will be much reduced. What processes do you have in place to audit your employees data use? Is more accountability, training or monitoring required or advisable? What changes do you have to make to ensure more responsible security practices?

Talbot Jones Risk Solutions can help provide guidance on addressing these questions and developing policies and procedures appropriate to your organisation’s needs.

Systems

We all know that regular data backups are important, so it’s really important that we make sure we form a back up procedure and stick to it. In this way, we can be confident that we will be able to recover swiftly following a cyber-attack. How often do you back up data? Where is it backed up: a Cloud, an external hard drive or somewhere else? Is your external hard drive stored on or off-site? Are you confident that the Cloud is secure? Is your hard drive stored in a safe place?

Software, antivirus and malware detection programmes are also important. Do yours offer sufficient protection? Are they up to date? Software experts such as Amshire Solutions can offer advice and direct you to the products your organisation needs to keep safe.

Risk Transfer

Risk Transfer is when an organisation transfers their risk to an insurer in exchange for a premium- in other words, buying insurance!

Last year we noticed three different cyber-crime stories over a period of only a few weeks:

Online Cheating Site AshleyMadison Hacked
Morrisons employee Andrew Skelton jailed over data leak
East Sussex NHS Trust apologies over data breach

The diversity of how these breaches occurred is very interesting: AshleyMadison suffered a data breach due to hackers (perhaps the traditional idea of a data breach), Morrisons’ loss was due to internal fraud, and East Sussex NHS seems to have been the victim of simple carelessness.

With such differing exposures leading to data breaches, it is an important time for organisations to consider what risk transfer mechanisms they should put in place to supplement existing risk management strategies.

“Cyber Liability” cover may be just the extra security your business needs. This cover provides insured organisations with:

  • an indemnity for costs incurred notifying a breach to regulators (eg to cover investigations into the incident)
  • an indemnity for loss of revenue as a result of the breach or for additional costs incurred
  • assistance and support in setting up a call centre to contact affected individuals
  • PR crisis management
  • appointment of privacy lawyers
  • forensic IT investigation services
    (note all policies differ from each other so coverage will vary).

Talbot Jones Risk Solutions are very happy to provide a free insurance review of your cyber liability and help you decide if Cyber Liability Insurance is right for you and your organisation. Give us a call on 0191 438 79 77.

By | 2016-11-08T14:04:04+00:00 April 11th, 2016|Insurance, Risk Management Bulletin|1 Comment

One Comment

  1. Chris Orrick June 30, 2016 at 2:55 pm - Reply

    It’s a very worrying time for everyone in business. You can NEVER underestimate the amount of damage that this can cause and hope that each business can it’s own continuity plan in place.

Leave A Comment