The RISC Authority, with the support of the Cyber Risk and Insurance Forum (CRIF), has produced new guidance on Cyber, IT Risk and Insurance that will help insurers and business.
The guidance entitled ‘S28 Cyber crime: overview and sources of support’ provides information without jargon on the threats being faced by business and looks at the typical impacts seen.
The report warns that ignoring the risk is simply not an option for any organization, large or small. The incidence of criminal breaches is growing at an alarming rate and the ways in which they damage the organisation are becoming more varied ranging from disruption through loss of IP to extortion. It isn't just large firms that are victims either, SME's are being successfully targeted in huge number too.
The guidance urges Firms to act on improving their IT security, but also to review if their insurance adequately addresses the risk they are facing. With most of the common insurance policies purchased by business not designed to cover Cyber events it leaves firms exposed to not only the disruption from the breach, but also potentially serious additional, unplanned costs to overcome the problems faced and even the possibility of regulatory fines and other sanctions from service providers. With IT dependence now at the very heart on most businesses the combined financial impact can become very significant quickly.
There are already regulatory penalties for not acting on Cyber and IT across many sectors, but the pressure to improve the IT security is growing with new European General Data Protection Regulations coming that will oblige those in control of breached systems to report each incident to Data Protection authorities. This regulation is intended to fully harmonise data protection rules and enforcement throughout the EU and is likely to detail fines of €100 million or up to 5% of global corporate turnover.
Good security begins with basic precautions and the government has developed valuable resources firms of all sizes to help. Cyber Essentials
and the 10 Steps to Cyber Security
will help you understand and address the risks coherently that will substantially reduce your exposure. If you are in the UK you can even get financial help through the governments Innovation Voucher Scheme.
Checking your insurance will help identify what you are covered for and more importantly what you are not. Cyber Insurance cover is becoming more available and if you taken basic steps to secure your IT provides good value for money for most firms. The range and scope of cover available will be able to cover first and third party cover and can often be tailored to fit your exact needs.
Developing a responsible approach to your Cyber Risk will also likely benefit your organization in other ways as increasingly the ability to demonstrate good cyber risk practices is a requirement in tenders and for access to online services such as Credit Card Payment, Banking and your Customers systems.
To download the report please click below:
RISCAuthority is an annually funded research scheme supported by a significant group of UK insurers that conducts research in support of the development and dissemination of best practice on the protection of property and business.