Staying Cyber Safe

We are all familiar with the term ‘cyber risk’, but it’s important to be aware of how it relates to your own business, says Brian Mullins, managing director, Brian Mullins Insurance Brokers

Cyber attacks are making headlines on a daily basis, and whether or not your business has already been affected, you should make sure it’s always prepared for one. Our top tips on cyber security are:

1 Establish governance and organisation. Identify roles and responsibilities, agreeing what your cyberstrategy will be, and develop policies that will encourage and enable reporting within your business.

2 Identify what matters most. Map your business objectives/products/services to identify and categorise your people, processes, technology and data infrastructure. Rank each by their importance to your business.

3 Define your risk appetite. Understand what the potential cost would be toyour business should you become thevictim of a cyber attack. This will enableyou to draw up a risk management process, and assist you in making the necessary decisions as to how much it willcost you to offset some of this risk.

4 Focus on training and awareness. Establish an education and training programme, ensuring all of your team can identify a cyber attack, and are aware of the role they play in defending your business against one.

5 Implement basic protections. Secure your business by putting in place basic protections, including secure configuration, firewalls, anti-malware,removable media controls, remote access controls and encryption.

6 Be able to detect an attack. Establish a security monitoring capability thatcan detect an attack through monitoring activity at various levels within yourbusiness. This could be a basic system, whereby an alert is generated and emailed when suspicious activity isdetected on a firewall.

7 Be prepared to react. Establish a formal cyber incident team who havebeen trained in your documented plan,and continue to test this plan annually.

8 Build a recovery plan. Establish this(including comprehensive back-ups)for all processes and supporting technologies that are critical to your business.

9  Challenge and test regularly. Carry out a cyber incident simulation exercise to test your response to a significant cyber attack on a regular basis.

Cyber insurance 

Specialist insurance products have been designed to specifically cover cyber risk in a range of areas, such as:

■ Phishing scams, website spoofing, ransomware and malware.

■ Electronic theft, computer fraud and telecommunications fraud.

■ Network extortion, including ransom demands.

■ Social engineering – this is the term used for a broad range of malicious activities accomplished through human interactions.

■ Reputational damage – cyber attacks can damage the reputation of your business and erode the trust your customers have in you.

■ Rogue employees – they are a major cause of data breaches.

■ Breach of privacy law and the disclosure of protected and personal information.

Types of claims 

The following are some of the scenarios that can be covered by insurance:

■ A cyber crime gang takes over your hard drive and threatens to encrypt it unless you pay a ransom. Cyber insurance can cover this ransom cost.

■ Cyber criminals gain access to your accounts system, which contains all your clients’ personal information, including all of their payment details. With cyber insurance, you will be covered for the costs associated with informing your customers, any subsequent legal defence costs and any damages you are liable to pay to other parties.

■ Hackers take down your website and you are no longer able to take or confirm bookings. With cyber insurance, you will be covered for the cost of restoring or reinstating the data to get your website back up and running, and you may also be covered for the potential loss of net profit to your business. 

For more information visit bmib.ie or tel: +353 (0)71 9141030.