Cyber attacks have become a key risk for businesses. The impact of these attacks on businesses can be severe, even catastrophic in some cases. Vulnerabilities in a company’s infrastructure can compromise both their current financial situation and their reputation. A number of recent incidents have emphasised how vulnerable businesses can be at the hands of hackers, such as the recent Ransomware attacks on a number of big businesses around the world, and in the UK; where we saw its crippling effects on the National Health Service.
With Lloyds of London confirming that the insurance market saw a 50% increase in cyber liability insurance in 2016 and forecast further growth in 2017, it is clear that businesses are increasingly looking to insurance companies to mitigate the risks of having to make huge pay-outs as a result of cyber attacks.
As businesses look to insurance, it is important to note that availability of a Cyber Liability Insurance depends on your controls within the business, importantly encryption.
Encryption will save you costs in the long run
Insurers would expect you to take all reasonable measures to prevent an event arising with any failure reducing or even extinguishing their liability to indemnity you under a policy.
Your business will be in a much stronger position to negotiate an insurance policy if you have data security measures in place, such as encryption.
Cyber insurance companies will also look more favourably on organisations that have achieved Cyber Essentials certification.
It’s no secret that the GDPR will see fines of up to €20 million or 4% of a businesses global annual turnover for a data breach. Under the GDPR, businesses will have to report a data breach, which will highlight that they failed to put appropriate safeguards in place to protect data. The ICO have made it very clear that even following a data breach, businesses will have to instate appropriate measures to secure personal data. Do it once. Do it right. Protect your data now.
Cyber Insurance Policy conditions
Jane Legg, Senior Account Executive at Finch Commercial Insurance Brokers says:
“When managing cyber risks for your business it is important for you to evaluate the first and third party risks associated with your IT system and Network. Assessing the potential events that could cause first or third party risks to materialise and analysing the controls that you currently have in place and where they need improvement is vital for compliance with a Cyber Liability insurance policy.
Insurers would generally require that you have at least encryption on mobile and portable devices, a defined process implemented to regularly patch your systems and applications, use anti-virus software, maintain a firewall and back up files at least weekly.
Once you have these processes in place, you will be ideally suited to the advantages and peace of mind that Cyber Liability insurance policies can provide you and your business.”
Do I need Cyber Liability Insurance if I have Encryption?
There are many ways to mitigate the risk of cyber threats, including encryption, as well as enforcing a robust cyber security plan across your business. However, even the most prepared and security conscious businesses can be exposed to a cyber-attack. Cyber Liability Insurance covers associated costs of an attack and we suggest using Cyber Liability Insurance cover together with defence mechanisms, such as encryption.
What you need to do
We at MFG Managed Encryption offer a wide range of encryption products and services to suit the particular risks your business faces, including a fully centralised encryption system for all your devices. Contact MFG for more information on Encryption and Cyber Essentials.