Cyber-crime is growing at a phenomenal rate and is hardly ever out of the news. Unfortunately, there is a still a sentiment prevalent within some British businesses that “it will never happen to me”, although the reality is that many businesses are being targeted every single day.
When we asked one of our insurers for some examples that could explode this myth of immunity, we received three thought-provoking case studies – the technology business infected with malware, the optician held to ransom and the publisher who lost their passwords. Focusing on each of these highlights why cyber insurance is not just a good idea, but an absolute necessity.
The first case study victim, the technology firm, was alerted to a breach of its systems by a government department. Having cyber insurance in place, the business called in the insurer’s IT forensic experts who discovered a significant amount of malware on the servers. A containment plan led to all malware being removed, whilst legal and PR advice was also provided, under the terms of the insurance cover.
In the optician’s case, an employee clicked on a link which was supposedly going to take her to details of a speeding offence. Instead, this triggered an email from Russia advising that the Cryptolocker virus had now infected the business’s systems, which included locking patient records and software required to keep the business running. A ransom of £400 in Bitcoin had to be paid to receive a decryption key. The insurer approved the payment, but only 90% of the files were recovered and an IT contractor had to be called in, to recover the rest. Luckily, having had the foresight to buy cyber insurance, the optician was covered for business interruption and the costs of not being able to trade for a few days, nor get back up to speed for some weeks.
The bad news about a cyber breach was delivered to the publisher in our third case study by a ‘white hat hacker’, who was quick to point out that they had stolen user names and passwords for two websites. IT forensic experts had to be called in, who then confirmed that a hack had taken place. The insurance policy covered this expert advice and the actions needed to plug the security breach. It also provided legal advice relating to whether or not the publisher needed to notify those individuals whose data had been compromised.
Such is the need for cyber insurance that the insurer supporting these three clients has launched a GCHQ-accredited Cyber Clear Academy. This provides cyber awareness training for the employees of policyholders taking out cyber cover and potentially an excess policy reduction of £2500.
Training consists of nine different modules, with concise, relevant content that drives cyber messages home and equips trainees with the knowledge that can help combat the ever-changing cyber threat. This is particularly pertinent following the introduction of the new General Data Protection Regulation (GDPR), which requires businesses to protect the data they hold and process.
If this sounds like the sort of assistance you require in your battle against the unknown cyber criminals, who possibly already have your business’s Achilles heel in their sights, please get in touch with us.