– Sony Loses $100m in Cyber Attack
– Talk Talk Loses £3.5m in Cyber Attack by 15 Year Old
– Estimated Cost of Cyber Crime in 2016 $120.1bn
We have all read these headlines and there has been a lot of press recently regarding cyber liability and the exposures companies face on cyber threat.
So Is Website Risk Justified ?
In recent surveys of companies, cyber liability is always in the top 3 of risks they are concerned about so why don’t companies take more action to combat the threat? Perception is one answer, in the same study:
- 52% of CEO/CFOs believed they have some cover for cyber
- 20% of CEO/CFOs specifically addressed the issue at senior management or board level
- In reality on 10% of Companies actually had some form of viable cover
Another answer is they don’t know where to begin, however. Ignorance is not bliss and ignorance is one of the biggest threats to a company.
Ignorance And Cyber Liability Dangers
In an Irish Examiner poll on 4th May 2016, 4 in 10 companies had no formal cyber security strategy despite the majority of directors identifying this as an important issue. This apathy is even more pronounced in small companies with under 100 staff, where 68% have no strategy in place.This partly explains why some SMEs go to IT vendors who claim to provide an automatic solution, a one stop shop. Unfortunately, this does not exist and the company itself still needs to invest to protect itself. This needs to be done through education, training and practical guidelines for all staff. In fact, Cyber risk should not be approached any differently to any other risk, such as fire or theft. Companies would not ignore a fire risk on the premises and they would take action to mitigate or reduce the risk, the same frame work should be taken to combat cyber issues.
Understand the risk.
Make the action required to reduce the risk.
Make sure to educate and implement risk reducing measures.
So, what is the threat? Who could pose a threat? and how do we protect ourselves for cyber threats?
Threats Can Come From:
- Rogue Employees
- Negligent Employees
- Company Outsiders
- Social Networking
And this Can Lead To:
- Loss of intellectual property
- Business interruption – loss of profits
- Data Loss
- Network Failure
- Reputational Damage
The Aftermath of Failed Cyber Security
These attacks can be rapid and very damaging. Imagine losing all your records and data within 60 seconds, what do you do and what will your customers think? With the new EU data regulations you will have to advise all clients that you have had a breach when it happens, you will need to stand in front of them and advise what measures you put in place to try and prevent a breach.Some companies believe because they are compliant they are protected, unfortunately being compliant does not mean being secure. In fact, companies should be aiming for embedded security culture and not just a “tick the box “ exercise. Another problem companies have is they believe they have nothing of interest. Every company has something of interest even if it is just used as a gateway to a bigger prize.
Cyber Attacks Can Happen To Your Website
Cyber attacks can happen to anyone whether you are large or a small company. We have seen claims from sole traders to larger companies. So, all companies should be cyber aware and have a risk statagy to protect themselves. This will be a requirement with the new regulations and may also affect investment in companies, as we see more investors looking for confirmation that the company has a cyber risk policy prior to investment. One of these risk measures can be Cyber Liability Insurance which can be purchased at a reasonable cost, starting at €500, and can provide guidelines for protection.
About the Author:
Martin Adams ACII MIRM, is the Special Risks Director for Arachas Insurance. Arachas Insurance help you to prevent cyber attacks and to make sure that your site is safe.