Risky business
Many small business owners are taking advantage of online business tools. However, this increase in usage also brings new and more complex risks into the equation.
Every day, throughout the UK, attacks on security and IT systems aim to steal private information or disrupt businesses. According to a recent survey carried out by the Department for Digital, Culture, Media & Sport in the past 12 months breaches had occurred in 43 percent of businesses and 19 percent of charities, yet only nine percent of businesses and four percent of charities had a specific cyber-risks insurance policy in place.
While it’s almost impossible to prevent all risks, basic security practices can help with the majority.
Common types of attacks: Cyber-attacks typically target your business’s information and IT-based services and equipment. Information commonly stolen includes: client lists, transactions, databases, financial details, pricing information and personal data. This can occur through theft or unauthorised access of equipment, remote attacks on the IT system or your website, and attacks on information held on third-party systems, such as those stored in the Cloud.
Sources of attacks: Cyber-attacks don’t just come from outside parties, such as criminals or competitors, they also come from current or former employees. Confidential information can be compromised by accident, negligence or with malicious intent; even leaving a laptop unattended for a few minutes can pose a threat.
Consequences of attacks: As well as causing reputational damage, one attack could cause significant disruption and have a detrimental impact on turnover and profit. There are also significant costs incurred with a successful cyber-attack, including cleaning up and restoring equipment, IT systems, networks and websites. Also, the Information Commissioner’s Office may fine you for non-compliance under the Data Protection Act, not to mention the damage to other companies such as suppliers or business partners.
Managing your risks: Cyber-risks can be managed in three simple steps and questions to ask for each step include:
1. Planning
What information assets are critical to your business? What type of risks could they be exposed to?
What legal and compliance requirements is your business subject to?
How could you continue to do business if you were attacked and how could you manage these risks on an ongoing basis?
2. Implementation
Do you have the right security controls in place to protect your information, equipment, IT systems and outsourced services?
Does your staff know what their responsibilities are? Are they aware of best practices?
How will you deal with an attack of threat? How will you get your business running again? Who can you turn to for assistance?
3. Review
Are you reviewing and testing the effectiveness of your control measures?
Are you actively monitoring and acting on the information received?
Are you keeping up with the latest cyber risks and threats?
Be aware that a traditional commercial insurance policy is unlikely to protect you against most cyber-exposures. So, you should consider Cyber-Risk Insurance; after all what have you got to lose?
David Collins is Client services Director at Pound Gates For more information on cyber-risk insurance call the team on 01473 346046, or visit poundgates.com/cyber-risk-insurance-explained/ and try Pound Gates’s free cyber-risk calculator
