09 Jun, 2017 |
Cybercrime and why it matters to your business
Following the recent spate of high profile cyber-attacks involving the NHS and Spanish telecom giant Telefonica, who own O2, (amongst others) the threat of cybercrime is more apparent than ever. So, what is Cybercrime? Cybercrime can be defined simply as crime that targets a computer – when applied to a business this could be anything from stealing customer data to online theft of a business’s funds through ransom demands.
In 2016, it is stated that companies in the UK lost £1billion to the effects of cybercrime. Other figures suggest as many as 34% of companies have been affected by cybercrime with the expectation that this will only increase over the coming years. Upcoming regulatory changes planned for May 2018 will see the current Data Protection Act (DPA) replaced by the General Data Protection Regulation (GDPR) which will place more onerous burdens on companies and individual Directors to protect themselves against cyber criminals. Coupled with this a recent report from the Federation of Small Businesses (FSB) suggests that SMEs are now more likely to be targets of cybercriminals than larger corporate entities. The reason behind this appears to be the idea that SMEs are easier targets given the lower level of resources they have to invest in technology to protect themselves.
Given these figures, and the ever-changing landscape giving rise to more and more sophisticated criminal behaviour within the online space, if as a business cybercrime is not on your radar then this is something you need to address. As with other crimes, it’s easy to think that cybercrime won’t impact you as a business but you are most likely wrong, cybercriminals can strike at any time - just taking the time to think about the potential risks to your business could help you take the necessary steps to protect yourself and identify where your online vulnerabilities may lie.
So how can you protect your business from these criminals?
Putting the correct procedures and policies in place to deal with IT security is key and if you don’t have the resources to do this yourself, working with a specialist company could be of benefit. For example, this may include having procedures around password strength and requiring all staff regularly update passwords, ensuring staff have access only to the information and systems they need to do their jobs and reviewing these permissions regularly can etc.
Staff awareness training
Ensure that your staff are aware of potential security risks and are given the right environment to feel they can challenge requests that don’t feel right. Staff should be trained on your security policies when they start with the business. If this isn’t in place across your company just some basic training could really help protect your business and staff. One expert advises that staff look out for requests that are unexpected and urgent as these can often be suspicious.
Like most risks to your business, a cybercrime event is something that you can insure against, however, currently very few businesses are taking advantage of this. One of the fastest growing strands of cybercrime involves ransomware, whereby data held on an infected computer is encrypted with criminals demanding payment to release the information. Under the new GDPR regulation incidents of ransomware will be considered a data breach so the costs to a business of one of these attacks could be significant. Once criminals come to understand that businesses can insure themselves against these types of crime, we may see a further acceleration of extortion related crimes. Is this something as a business you are willing to leave yourselves unprotected against?
At Anthony Jones, we help our customers choose the right cybercrime insurance that not only fits their budget but also matches their specific needs. Selecting the right protection could help cover loss of revenue due to disrupted business activity, ransom demands and extortion costs, crisis containment and brand protection and liability and defence costs for claims arising out of breaches in data security and privacy. Visit our Business insurance pages to find out more about how we could help you.