The worldwide WannaCry cyber-attack wreaked havoc, spreading rapidly to infect 230,000 organisations in 150 countries. The impact was significant and costly, and has led many businesses to question what more they can do to protect their data.
From an IT perspective, there are many steps an organisation can take to protect itself from cyber-attacks, but should the worst happen, there is one safeguard that is often overlooked. At Robison & Co, we have received a number of enquiries since the attack, regarding a relatively new type of insurance policy pertaining specifically to cyber insurance, which offers protection from the costs relating to damage to or loss of information from IT systems and networks.
Simon Gubbins, Managing Director at Robison said: “Regardless of the size of your business, your IT infrastructure is the backbone of daily operations and if something goes wrong, you could be exposed to large losses in income, reputational damage and expensive staff downtime. While existing policies such as professional indemnity insurance exist and may provide some elements of cover against cyber risks, we’ve found that increasingly businesses are choosing to take out specialised cyber insurance policies.”
Cyber risk policies fall into first party and third party risks and businesses can choose a policy that covers either or both. First party covers loss of or damage to digital assets, business interruption, ransomware attacks, theft of money and reputational damage. Third party policies cover the assets of your customers, including loss of data and security and privacy breaches.
However, although a robust cyber insurance policy will help your business survive an attack, it is not a panacea and prevention begins with understanding and managing the risks as part of your everyday business culture and process. To this end, there are many precautions organisations should implement to minimise the risk of ransomware entering your network:
• Enrol on the Government’s Cyber Essentials Scheme. This scheme provides a framework of steps to protect your business and awards Cyber Essentials certification, offering assurance and peace of mind to your customers.
• Update your network security.
• Run the Windows security update released by Microsoft in March and turn on auto-updates, if available.
• Install and regularly update anti-virus as well as anti-malware software on your organisation’s computers.
• Provide your employees with basic cyber security training or guidance. This should include advice on how to recognise a cyber-attack and phishing email scams.
• Back up your documents regularly onto a separate drive.
• Ensure cyber-attacks are provided for in your Disaster Recovery plans, and consider comprehensive cyber insurance to ensure that your organisation can survive a cyber-attack.
To find out how exposed your organisation is to cyber-attacks, download our Cyber Risk Exposure Scorecard
For further information see our Technology Insurance services. For a free audit on your existing policy, or to discuss taking out a cyber insurance policy, contact Robison & Co on (0)1730 265500. We’d be happy to discuss your requirements to ensure you’re getting the right level of cover for your business.
