Trident Insurance

Trident Insurance Logo
Trident Insurance Logo

Do we really need cyber insurance?

Do we really need cyber insurance?

There are many conflicting views and we have highlighted the fact before, that it’s not simply about adding on a policy and thinking all will be ok.

The whole basis of who is likely to be attacked is still unknown, but if, in short, you have the internet at home or in the office and you may hold credit card details in it, along with names and addresses neatly linked in an excel file, these silent criminal intruders know what to look for and remove it in nano-seconds  

It’s not like a burglary, where there are signs and markers showing a break in, possibly in your home or office leaving the place turned upside down. Cyber insurance problems really are multi-faceted   

First, there is no such thing as the perfect firewall or defence mechanism to protect your data. It just doesn’t exist, which is we are endlessly told to have different access codes for everything as a desperate plea not to make life too easy for hackers. 

Second, cyber criminals don’t give a fig about what they take. Data is king and useful data where money could be extracted reigns supreme, let’s not forget medical records will have intrinsic value to someone excluding you

Third, it may not be obvious for some time that your computer has been hacked, and the only way you will know is if clients or friends start call up asking if you have given their information out. 

In that event you would need to report the suspected hack-attack to the Insurance Company, who after some questions will decide if a forensic investigator is required. The investigator will be able to look at your computer and know very quickly if and when the attack took place. They will compensate form the date of the attack

Sadly we understand that hacking of companies comes mainly from within the company, by a member of staff who for whatever reason had a gripe.

Forth, the Security services GCHQ director Robert Hannigan said on 10-11-2015 that general standards are not as high as they need to be when it comes to Cyber Security. The reason being he felt was that ‘the global cyber security market is not developing as it needs to, and the usual drivers of change, from regulation through to insurance cover and legal liability are still immature’ and ‘there is no doubt significant cyber-attacks will become more common’  

Fifth, there is the ‘dark internet’, where a whole gamut of information appears to be floating about, and only security services appear to know how to access it, and even then; in crude terms, it takes a thief to catch a thief so given the security services may only think is a particular way they may still be on the back foot. Even cloud storage is not, as we have seen invincible.

So we have a scenario where we hear about cyber-attacks almost daily, yet security of data is not sufficient and insurance of an open ended problem is still, as mentioned in its infancy.

Problem, what the hell do we do?

Before you even entertain taking out a policy you need to look at what you are doing as an individual and business to minimise your potential risk. 



The following questions are most likely to be asked by your Broker or Insurance Company: 

Is all personal and confidential information removed from the premises at the end of the day? 

Is this information in an electronic or encrypted format?

Can you list what managed security services (firewall intrusion and anti-virus detection) you use?

Does your system regularly (at least monthly) update antivirus software and firewalls?

Do you have a business continuity plan in place and have you tested it?

Will your system be back up and running within 12 hours, if not when?

Is your Payment/Debit card system industry compliant?

Have you had an IT security audit and effected all recommendations?

What Cloud/Back up/ Web hosting entity do you use?

Who are your software providers?  

Who supplies your payment processing?

Who are your hardware suppliers?

Finally you will need to decide what limit of indemnity for the total costs you may suffer? 

The last question is a bit like asking the how long is a piece of string! 

But it really is trying to assess the cost of setting up almost afresh after an attack, along with the prospective cost/damage suffered through continued staff costs and the lack of profits.

It’s a lot to know and think about, but in today’s world you need to be able to supply the information to the Insurance Company before taking out a policy so they can see you are making efforts to do your bit to prevent something going wrong. 

In all sincerity if you don’t have the information to hand the odds are you won’t be offered cover at all. 

A poor grasp of your cyber insurance needs, is not going to help anyone. In fact it may in the worst case scenario, leave you and your business vulnerable

The broad spectrum of cyber-attacks means companies don’t even realise they are at risk, and today to make matters even worse it is more than possible to hack smaller companies in order to get at larger ones!!

With all the above it’s not surprising that with limited resources and a still difficult economic environment for many, that most are unwilling to guard against an intangible and still unknown risk.

But saying that, companies large or small internally from the top down, need to try to develop a cyber aware policy at the very least and for everyone to engage in.      

Yes, certainly financial entities would seem to be the most productive avenue for hackers to attack, but if you take or make payments on line you are unfortunately also at risk. 

 

It really is hard in a fully connected world to say, I have nothing they want so I’m ok. The trouble we don’t know fully what ‘they’ want, and I think when some people seem to get a kick out of hacking for the sake of it. We really will never know what ‘they’ want.  

One thing is for sure we are not here to scare the pants off you. However it’s hard not to be scared given we still aren’t sure what we are up against and this problem is not going to go away simply because we don’t understand enough. 

The style and nature of a hacking attack and who is susceptible is constantly changing adding insult to injury.

Saying all that, as a company and your Broker, we feel duty bound to try to bring to you all we know in a language that is not insurance gobble-de-gook, but in a day to day format

We hope in some way we have achieved that, and in some degree helped at least to enlighten you to a better grasp of the problems we all now face.

So in conclusion returning to the question: do we really need cyber insurance? 

The answer: given what we know and unfortunately don’t know, is can we really afford to be without it however inferior and under developed the present market place is? 

It’s more than possible that buying Cyber cover down the line will be as easy as buying travel insurance. But we are t there yet and this we would humbly suggest is something you have to think about now and not keep putting it on the back burner.

Also as a policy cyber cover is not particularly cheap and will change with each year as hopefully technology adapts.   

In the end, as is always the case it’s your choice, and it’s a tough call, but at least we hope you have more information now to think about 

Maybe pass this mail to your friends and colleagues and get their views. This problem really is with us for the foreseeable future and we are all going to have to change the way we think about it.

Please remember as your Broker, we are here to look after your best interests at all times, in all areas of Personal or Commercial insurance. 

 0800 038 9000