Download our Free IT Risk Management Checklist

Cyber Risk – What’s the issue?

  • Cyber Crime has moved from a fringe risk to a mainstream concern
  • The key US insurers involved in the sector have gone to The Biden Administration to set up a strategic task force at a cost of $10m
  • Zero-day ransomware attacks are now a regular feature
  • The risk has been heightened by systemic reliance on Azure, AWS and Google docs, and more significant scrutiny of data loss by regulators

What is the relevance to my insurance?

  • A significant number of our clients still don’t buy cyber insurance
  • For those that do, Insurer expectations on security, procedures and firewalls has significantly increased

What is it?

Cover for Cyber falls into 4 camps

  1. Own system cleanup following a cyber event such as CryptoLocker – you may be covered by your IT support contract
  2. Business Interruption – what loss of gross profit will your business incur whilst the systems are down?
  3. Liability for breach of data or loss of Intellectual Property – Cyber Liability
  4. Cyber crime – loss of funds or stock due to cyber phishing attack

What are the Regulations?

  • GDPR (EU) 2018 – From 25 May 2018, the General Data Protection Regulation (GDPR) introduces a requirement for organisations to report personal data breaches to the relevant supervisory authority, where the breach presents a risk to the affected individuals. Organisations must do this within72 hours of becoming aware of the breach. Where a breach is likely to result in a high risk to the affected individuals, organisations must also inform those individuals without undue delay.
  • Each state of the US has its own rules which carry financial penalties – this is relevant for those operating E-commerce facilities

What is the small print?

  • At Castlemead we use the market standard implementation of risk management by the key 5 insurers we arrange Cyber cover with.
  • Warranties and conditions have tightened significantly and 5 years ago this wasn’t an issue.
  • Payments made to incorrect bank details following fraudulent emails, is Castlemead’s No 1 claim reported. This accounts for 60% of cyber losses.
  • Insurers expect a check of bank details to be made independently by phone for each new or bank account change requested
  • On the tech side Insurers now expect
    • MFA (Multi Factor authentication) for key email and business database systems
    • Data encryption in transit and at rest
    • Client work through firewalls and have endpoint protection for PC’s – this is very hard to achieve with significant teams working remotely
    • Daily backups that are ‘cold’ not available to be compromised. Key systems such as Office 365 don’t achieve this, and the Cloud lulls us into a false sense of security

What do I need to do?

  • Castlemead have a risk management checklist, you should share with your IT support team. Download here. Use it to set a benchmark score.
  • In our opinion, the threat level to our customers is now such that a robust cyber programme of insurance is worth the premium.
  • For existing customers we can discuss these issues at your next review or contact your account manager for more information.
  • If you are not currently a Castlemead customer – get in touch – we would be happy to review the pros and cons of such a programme with you.

https://youtu.be/Gm6-seKa2J0