Cyber Security is not just about Technology Defences
81% of large businesses and 60% of small businesses all suffered a cyber-security breach in 2014.
Most days, we read stories about Cyber Security Breaches, but it is rarely understood what a Cyber Breach is. The following list helps to demystify the threats faced:
- Theft of intellectual property/commercially sensitive information
- Business interruption
- Data and software deletion/destruction
- Direct financial loss
- Theft of funds
- Third party liabilities (customers, employees, shareholders)
- Network liability, supporting or failing to prevent third party damage
- Disclosure of third party data
- Regulatory actions
- Data Protection Act/Information Commissioner
- PCI Security Standards Council (debit/credit card payment regulator)
- Reputational damage
- Investigation/response and repair costs
- Physical damage
- People and physical assets
Businesses (and especially SMEs) may not fully understand Cyber Risk. More worryingly, a recent report also found that 85% of insurance brokers do not feel confident talking to their clients about Cyber Risk protection.
Recent government research found that 22% of small businesses “don’t know where to start” with Cyber Security.
52% of CEOs believe they have Cyber cover, whereas in fact less than 10% do.
This is a real challenge facing the insurance industry. On one hand there is a very clear need for a Cyber Risk transfer solution (insurance) yet on the other hand, we have a distribution market (insurance brokers) that is not confident in talking to clients about this product and the benefits.
As usual, Profile PI is breaking the mould by taking the issue of Cyber Risk protection very seriously. We have developed a ‘life-cycle’ solution to help prevent, protect and repair should a firm suffer a Cyber Breach, that also compliments existing IT and tech defences. It addresses HR policies on managing data, insurance to cover defence costs and claims, and will provide emergency response to manage and mitigate a data breach (should the worst happen).
All businesses face the growing threat of Cyber Attacks, with SME businesses particularly vulnerable as they rarely have the sophisticated technology defences of large organisations.
Why Cyber is not just Tech
There is a long standing assumption that a company’s Cyber Security policy is based on utilising technology. The reality is that technology (anti-virus, firewalls etc.) are just one part of an overall Cyber Security solution. A Cyber Breach does not always originate from a technology source. Paper records are still stolen from filing cabinets, even in 2015!
Having a Cyber Security Policy should encompass technology defences, as well as people policies, and insurance in case the first two fail.
There were some excellent software companies exhibiting at InfoSec this year, all working on new technologies to keep pace with ever changing threats (visit www.infosecurityeurope.com to learn more about their work). Whilst prevention is always better than cure, the reality is that 81% of large businesses are still suffering Cyber Breaches. A solution to a breach when they happen, is essential.
“A data breach isn’t always a disaster. Mishandling it is.”
For example, did you know that an employee is far more likely to be the perpetrator of a Cyber Attack, rather than an external hacker? External defences such as firewalls will not prevent an employee, with access to company files located within your network, carrying out a Cyber Attack. An employee can easily send an email containing sensitive data to an unintended recipient.
< Back to News