Cyber Liability & Financial Crime

During the last five years there has been a dramatic increase in the number of cyber attacks and financial fraud to businesses throughout the UK.

From “ransomware” attacks, to fraudsters impersonating suppliers, banks and even the Managing Director, companies are increasingly vulnerable and need to consider insurance as a way of helping to mitigate these risks.

At the same time, the General Data Protection Regulation (GDPR) was adopted with the purpose of extending the scope of EU Data Protection Law for all companies. This regulation comes at a cost of strict data protection compliance with severe penalties up to 4% of worldwide turnover and companies must be accountable for losses.

It is important to note that cyber attacks and financial crimes are treated differently by insurance companies with separate policies and covers. A business should consider both in order to maximise protection to themselves.

Cyber Liability Insurance

As businesses become ever more reliant on technology, the risks in suffering a loss relating to problems on their computer systems or holding sensitive customer data continues to grow.

Loss of a laptop, a website being hacked, credit card data being stolen, a denial of service attack, or a file of sensitive information being left on a train; these can all have an impact on your business from loss of revenue, damage to reputation and legal regulatory costs.

The media continues to report on large companies being affected, but they rarely mention small and medium companies being attacked and from recent statistics, a “ransomware” attack occurs at least once a day.

There is a misconception that small companies will not be affected. Every company that holds sensitive customer information or is reliant on a computer system, has a website and is subject to the Payment Card Industry (PCI) merchant services agreements are vulnerable to a data breach. Though business owners are mindful and wary of risks to the business, a “spam” email may be opened by a junior employee which can paralyse a computer system and impact the business.

Suffering a cyber-attack is one thing, but the time it takes a business to recover can make the difference between long term business success or failure. Learning the lessons from a cyber-attack should be seen as an important part of any business’s cyber strategy but hackers are always one step ahead and with the changing economic climate everyone is vulnerable to attack. For UK businesses with 99 or fewer employees, the average estimated cost of their largest cyber incident over the last 12 months was £25,736, compared to £62,712 for UK businesses with 100 or more employees. Yet these amounts only reflect the immediate direct costs, and don’t include the longer-term impact on business reputation and consumer confidence.

A Cyber Liability Insurance policy provides various covers including:

Practical Support in the Event of a Data Breach:

Includes forensic investigations to find out what went wrong and whose data has been at risk, legal advice, notifying the regulator and customers and offering support to clients who have been affected.

Payments of Costs Associated with Regulatory Investigations:

If the regulator makes a claim against you for failing to keep customers data secure, an insurance policy will assist the policyholder.

Reimbursement for Costs of Repairs following Restoration or Replacement:

A hack to your website or network can cause damage and costs to repair / restore can be significant.

Loss of Income:

Damage to your website can result in a loss of revenue which could take weeks, if not longer to rectify.

Brand and Reputation:

Your company’s reputation is very important and notifying customers that their data has been compromised can have a significant impact, so it is important to act quickly, and we reassure the public the damage is minimal.

Extortion:

Insurers in some cases will look to pay the Ransom in order to minimise long term costs.

We understand the cyber risks to your business and can assist in addressing your concerns. It is your responsibility as a “data controller” to understand all the risks, including the “Outsource Service Provider” who may hold your data. From experience, an OSP’s contract omits any consequential loss should they be hacked resulting in a loss of your data. This is an emerging risk and poses a threat to any business using an Outsourced Service Provider for any part of the business.

Financial Crime and Fidelity

Though a Cyber Liability policy will assist your company should data be stolen, what happens if there is a financial theft?

Recent statistics say that 34% of companies have experienced a financial crime during the last two years, from employees stealing to fraudsters impersonating suppliers. One in ten of these companies incurred losses of over £3m and with the ever-increasing reliance on technology, it is believed that these statistics will only increase.

A Financial Crime or Fidelity policy provides cover for theft from the insured by anyone, whether employed by them or not, including cheque and security fraud, telephone hacking fraud and employee dishonesty.

As a business owner or director, you should continually monitor the processes of finance and insurers would expect an element of risk management. An insurance policy will also provide peace of mind should a mistake be made resulting in a fraudulent act being committed.

To find out more and to discuss your needs, please contact us on 01274 515 747 or email us at mail@lwood.co.uk