Historically a number of our customers have received cyber quotations and decided to self insure. The reasoning being that the chance of being hit by a significant loss is small, and reinstatement of data time modest. However, it is becoming increasingly apparently that backup, messaging applications and document sharing systems rely on small silos of key infrastructure that if affected, can result in a significant business interruption.
The Threat
In June we saw how Fastly, a content delivery network had a failure that took down Guardian Newspapers, .gov.uk, The White House and Hulu.
Just last weekend Kaseya, a software provider of server management and help desk tools have been hacked. Many IT support companies, including those based in the UK, subscribe to their software for remote monitoring, anti virus management, backup management, patch management and Office 365 backup. This software also contains login details for their customers servers at administrator level, together with their customers network infrastructure. The hacking of Kaseya resulted in the installation of ransomware on some 1m computers worldwide. Some companies backups have been contaminated with the same malware.
The ransom was $70m from the Gold Southfield threat using Revil, also known as Sodinokibi ransomware.
In our opinion, the threat level to our customers is now such that a robust cyber programme of insurance is worth the premium.
Cyber Insurance
Cyber insurance breaks down into 4 sections:
1) Clean up cost of own systems;
2) Business interruption – loss of margin on turnover or increased cost of working caused by the attack;
3) Cyber crime – loss of assets of money due to cyber attack; and
4) Loss of personal data – GDPR defence costs
If you are a Castlemead customer we can discuss these issues at your next review or contact your account manager for more information.
If you are not currently a Castlemead customer – get in touch – we would be happy to review the pros and cons of such a programme with you.
+44(0)117 945 3900