Cyber risks – What does it all mean?

14th June 2017

Ransomware. Phishing. Spearphishing. GDPR. The ICO. Personally Indentifiable Data. Cyber Insurance. Do you know the lingo?

What does the above mean to you as a business owner? If the above phrases aren’t on your radar, they need to be. Fast.

Modern business is often based on having an online presence, with the majority of businesses stating that their biggest and most important asset is their data. But what steps are business owners taking to adequately protect that data? The most recent government cyber risk survey found that 69% of businesses say their senior management consider cyber security as a very or fairly high priority, however, only just over half of those surveyed had done anything about identifying the risks.

Changing regulations coming into effect in May 2018 will most likely put cyber risk on the radar for those who aren’t already thinking about it. GDPR (the General Data Protection Regulation) is an enhanced version of the current Data Protection Act, with greater emphasis on processes and the adequacies of the steps taken to protect consumer data. Failure to demonstrate that you have taken these adequate steps can lead to the ICO (Information Commissioners Office) imposing highly punitive fines – up to EUR 20million or 4% of worldwide turnover, whichever is the greater. Irrespective of the fines however, in an increasingly litigious society where consumers are more and more aware of their rights, you could find yourself being sued by third party data subjects, and the reputational harm to your business can be catastrophic if you fail to protect consumer PII (Personally Identifiable Information). PII includes names, a DOB, addresses and email addresses, bank details, National Insurance numbers – the list goes on.

You therefore need to analyse your cyber risks and security on a 2-tiered basis. The first step is the mitigation of the risk, and the second step is the transfer of the risk, namely, cyber insurance. The principles are the same as protecting your building – you install locks and security, place sprinklers throughout your building in case of a fire, install an alarm – but you also purchase insurance to protect yourselves in the worst case scenario.

Let’s look at some key steps you can take to mitigate your cyber risk. You will need to demonstrate under GDPR that you have taken these steps, but it is also good business practice to establish what data you are holding and how to protect it.

This then leads us on to the next stage of protection – cyber insurance. Unfortunately, even the best protected systems can suffer from a breach as cybercrime continues to evolve quicker than the systems put in place to protect against it – risk transfer is then the fundamental next step of the process. Cyber insurance kicks in ‘post breach’, although many policies have useful tools which can be accessed throughout your policy period to provide you with risk advice, or helplines staffed by security professionals/lawyers who can advise if you have any concerns regarding your data. Some of the headline coverage areas offered by the majority of providers include:

It is important to get the ball rolling now to allow you sufficient time to prepare your business for GDPR. Talk to us for further advice in regards to cyber risk mitigation and transfer.

Share this story:Email this to someoneShare on FacebookTweet about this on TwitterShare on LinkedInPin on PinterestShare on Google+
We use cookies, just to track visits to our website, we store no personal details. ACCEPT COOKIES What are cookies?