MAY 2019 | 43
Cyber Security
Proud sponsors of the
Cyber Security feature
WORRIED ABOUT THE FINANCIAL IMPACT
OF DATA BREACHES? YOU SHOULD BE
Despite the rising cost of
data breaches most organisations
are unprepared to deal with the
financial and reputational re-
percussions. The current cyber
landscape is chaotic including
state-sponsored hackers, financial-
ly motivated cybercrime gangs and
simple negligent data loss. Risk
is everywhere and liabilities are
high. Cyber threat remains one of
the most significant and growing
risks facing organisations today
and too few are prepared.
Interestingly, locations that
experienced the most expensive
data breaches include the US and
the UK, where notification costs
are nearly five times the global
average. It is clear the problem
isn’t going away. Although cyber
security most often makes it into
the headlines because of large
breaches, the most frequent threat
is actually to SMEs.
Becoming
‘ more
resilient
to cyber risks in
an age of digital
disruption means
understanding
the full scope of
cyber governance
responsibilities
’
Becoming more resilient to
cyber risks in an age of digital
disruption means understanding
the full scope of cyber governance
responsibilities. Here are five rea-
sons why every business, regard-
less of size or ownership, needs
cyber insurance:
1. Cyber-crime is growing
exponentially – an overwhelming
majority of businesses are reliant
on online services, which exposes
them to cyber security risks. The
2018 Cyber Security Breaches
Survey, conducted on behalf of
the UK Government, revealed that
43% of UK organisations surveyed
had experienced a cyber security
breach or attack in the last 12
months. With highly sophisticated
attacks now commonplace, busi-
nesses need to assume that they
will be breached at some point
and have coverage to mitigate the
risk.
2. Data breaches are costly – as
mentioned before, in Ponemon In-
stitute’s 2018 Cost of Data Breach
Study, the average cost of a stolen
or lost record is $148, while the
overall cost of a data breach is
nearly $4 million. This is irrespec-
tive of the fines and sanctions
under the new General Data Pro-
tection Regulation (GDPR) within
the EU and California’s Consumer
Protection Act, which comes into
effect on 1st January 2020 and will
surely add to those costs. Howev-
er, the real expense of an attack
against an organisation is not just
the financial damage suffered or
the cost of remediation, a data
breach can also inflict untold
reputational damage. Suffering a
cyber-attack can cause customers
to lose trust and spend their mon-
ey elsewhere. Additionally, having
a Page 2 reputation for poor se-
curity can also lead to a failure to
win new business or government
contracts.
3. Organisations can be held
legally and financially liable if
third party data is compromised
in a breach – emerging regu-
lation as announced by the US
Department of Defence (DoD)
and the EU’s GDPR, places the
responsibility on organisations to
only appoint third parties who
can provide sufficient guarantees
that the requirements of NIST
800-171 and GDPR will be met.
Both the DoD and the UK’s In-
formation Commissioner’s Office
(ICO) will hold liable, and may,
fine any organisation that has not
carried out due diligence to en-
sure third parties are compliant.
Regulatory fines have become
synonymous with data breaches
and the fact that cyber risks are
now global, makes complying
with various regulatory respons-
es across different geographies
all the more challenging.
4. Standard insurance policies
do not cover cyber risk - cyber
insurance is specifically designed
to cover the unique exposure of
data privacy and security and
can act as a backstop to protect
a business from the financial and
reputational harm resulting from
a breach. While some categories
of losses might be covered under
standard policies, many signifi-
cant gaps often exist, and cyber
events can impact numerous
lines of insurance coverage.
5. Improved cyber awareness
and risk management – insur-
ance is just one piece of the puz-
zle. Given that the single greatest
cyber risk is social engineering;
employees voluntarily but un-
knowingly allowing an attack to
occur, it’s critical that organisa-
tions get the basics right, such as
putting every employee through
training on how to avoid and rec-
ognize cyber threats. Organisa-
tions need a comprehensive risk
management plan that details
how the company will respond
in the face of a cyber-attack, that
includes unknown threats.
Given the complexities and
ever-changing threats it is impor-
tant to be proactive as possible.
Cyber Essentials is a UK gov-
ernment-backed and industry
supported scheme that guides
organisations on how to protect
themselves against the most com-
mon cyber threats. Undertaking a
certification route will help organ-
isations, especially SMEs which
may not have a dedicated cyber
security specialist, to coordinate
all security practices in one place,
consistently and cost-effectively.
www.cysure.net
Call 0113 394 2259/07584 489555, email [email protected] or visit jelf.com