Cyber Risk to your Business

Download our Free IT Risk Management Checklist

Cyber Risk – What’s the issue?

• Cyber Crime has moved from a fringe risk to a mainstream concern
• The key US insurers involved in the sector have gone to The Biden Administration to set up a strategic task force at a cost of $10m
• Zero-day ransomware attacks are now a regular feature
• The risk has been heightened by systemic reliance on Azure, AWS and Google docs, and more significant scrutiny of data loss by regulators

What is the relevance to my insurance?

• A significant number of our clients still don’t buy cyber insurance
• For those that do, Insurer expectations on security, procedures and firewalls has significantly increased

What is it?

Cover for Cyber falls into 4 camps

1. Own system cleanup following a cyber event such as CryptoLocker – you may be covered by your IT support contract
2. Business Interruption – what loss of gross profit will your business incur whilst the systems are down?
3. Liability for breach of data or loss of Intellectual Property – Cyber Liability
4. Cyber crime – loss of funds or stock due to cyber phishing attack

What are the Regulations?

• GDPR (EU) 2018 – From 25 May 2018, the General Data Protection Regulation (GDPR) introduces a requirement for organisations to report personal data breaches to the relevant supervisory authority, where the breach presents a risk to the affected individuals. Organisations must do this within72 hours of becoming aware of the breach. Where a breach is likely to result in a high risk to the affected individuals, organisations must also inform those individuals without undue delay.
• Each state of the US has its own rules which carry financial penalties – this is relevant for those operating E-commerce facilities

What is the small print?

• At Castlemead we use the market standard implementation of risk management by the key 5 insurers we arrange Cyber cover with.
• Warranties and conditions have tightened significantly and 5 years ago this wasn’t an issue.
• Payments made to incorrect bank details following fraudulent emails, is Castlemead’s No 1 claim reported. This accounts for 60% of cyber losses.
• Insurers expect a check of bank details to be made independently by phone for each new or bank account change requested
• On the tech side Insurers now expect
  • MFA (Multi Factor authentication) for key email and business database systems
  • Data encryption in transit and at rest
  • Client work through firewalls and have endpoint protection for PC’s – this is very hard to achieve with significant teams working remotely
  • Daily backups that are ‘cold’ not available to be compromised. Key systems such as Office 365 don’t achieve this, and the Cloud lulls us into a false sense of security

What do I need to do?

• Castlemead have a risk management checklist, you should share with your IT support team. Download here. Use it to set a benchmark score.
• In our opinion, the threat level to our customers is now such that a robust cyber programme of insurance is worth the premium.
• For existing customers we can discuss these issues at your next review or contact your account manager for more information.
• If you are not currently a Castlemead customer – get in touch – we would be happy to review the pros and cons of such a programme with you.