Business First December 2017 December BF Digital | Page 30

BEST PRACTICE
Protecting digital infrastructure
‘more important now than ever’
A
s individuals and businesses become all
the more reliant on computers to carry
out everyday tasks, the need to protect
those systems is increasingly important.
And yet, many firms are ill­prepared to deal
with the consequence of a breach of their
digital infrastructure, according to a leading
expert on the subject.
Leslie Dick is Management Risks Client
Director at Willis Insurance and Risk
Management (Willis IRM), which provides
insurance, risk management, employment
services and wealth management advice to
firms across all sectors.
He said despite the major repercussions
that could follow a cyber­attack, many
companies are not adequately covered to
cope with the fallout.
Leslie commented: “Firms are facing an
ever­increasing threat from cyber criminals.
However, it is not just a case of having the
right systems and firewalls in place as you
must always account for human error that
can be caused by your employees.”
The issue has grown in prominence this
year due to several high­profile breaches
including the WannaCry ransomware attack
which disabled thousands of computers
across the world including at NHS facilities
across Britain.
Meanwhile, Irish retail group Musgrave
sustained a major breach in October when
cyber criminals attempted to gain access to
the personal details of customers.
A breakfast event held by Willis IRM last
month brought together firms from across all
sectors to hear about the growing threat from
cyber criminals.
A survey of delegates at the event in Titanic
Hotel found only around 40 per cent of those
attending had taken out dedicated cyber
insurance policies.
Leslie said firms are open to various cyber
exposures but that traditional commercial
insurance policies were “extremely unlikely”
to offer the firms protection.
He added:
“Standard commercial policies are written
to insure against injury or physical loss and
will do little, if anything, to shield you from
electronic damages and the associated costs
they may incur.
“Exposures are vast, ranging from the
content you put on your website to stored
customer data. Awareness of the potential
cyber exposures your company faces is
essential to managing risk through proper
cover.
“A robust policy tailored to the particular
needs of each company can include 24/7
28 www.businessfirstonline.co.uk
Justin Bentley from JCB Consulting Services, Lindsey Nelson from CFC Underwriting and Leslie Dick from
Willis Insurance and Risk Management.
incident response; IT forensics; public
relations advice; legal advice; defence costs,
fines and penalties; costs associated to the
loss of data such as notifying the relevant
authorities; cyber extortion and business
interruption.”
Lindsey Nelson, a cyber security expert
from Willis IRM partners, CFC Underwriting
based in London and IT and data consultant
Justin Bentley of Lisburn firm JCB Consulting,
also spoke at the breakfast event.
Lindsey said:
“Cyber insurance has a major role to play in
mitigating clients’ exposures for their
intangible assets and human error is a key
element of the exposures that companies face
these days.
“A cyber policy is much more than just a
wording and is about being proactive and
responding when crises do occur.”
The seminar also heard about possible
costs resulting from breaches of personal
data with new regulations, known as GDPR,
set to come into force in 2018 along with
penalties of up to €20 million for non­
compliance.
However, Justin said firms needn’t be
alarmed: “There are a lot of myths
surrounding GDPR including that it only
relates to larger companies but the truth is
that all firms, not matter their size, must
comply with the regulations if they hold data.
“Realistically, that means that every
business must be GDPR compliant and those
that are should have nothing to worry about
when it comes to fines.
“No penalties will be issued to firms that
can prove they had all the correct measures
in place, because even with the most careful
planning, all business are still targets for
cyber criminals.”
The cyber insurance market is already well
established in the United States where 90 per
cent of firms have a policy in place, but only a
small proportion of firms in the UK are
covered.
A UK government survey put the average
cost of attacks to small businesses at between
£65,000 and £115,000 while for larger firms,
the cost is typically between £600,000 and
£1.15m.
MOREINFORMATION
For more information, or to
obtain a cyber insurance quote,
contact Leslie Dick today at
028 9032 9042.