Author Archives: warwickadmin

Cyber is the biggest Insurance risk concern

Cyber is the biggest Insurance risk concern

Cyber risks are the top concern among businesses of all sizes.

Of the 1,200 business leaders who participated in an insurer-sponsored survey, 55% said they worry some or a great deal about cyber risks, ahead of medical cost inflation (54%), employee benefit costs (53%), the ability to attract and retain talent (46%) and legal liability (44%).

The Travelers Companies, which has been commissioning the 2019 Travellers Risk Index in 2014, said this is the first time in its survey’s history that cyber has been the top concern among businesses of all sizes.

As concerns about cyber threats have grown, a higher percentage of businesses reported taking proactive measures to safeguard against cyber risks; however, a sizable number have not implemented such preventive best practices. The steps taken by respondents include:

  • Purchasing a cyber Insurance policy (51% of survey participants, up from 39% last year).
  • Creating a business continuity plan in the event of a cyber attack (47%, up from 38%).
  • Taking a cyber risk assessment for themselves (49%, up from 45%) and their vendors (41%, up from 37%).
  • Updating computer passwords (74%, up from 71%).

Tim Francis, Enterprise Cyber Lead at Travelers, said that while more businesses are taking steps to prevent a cyber event, “it’s still alarming that nearly half don’t have the proper insurance coverage.”

Tim Francis, Enterprise Cyber Lead at Travelers, said that while more businesses are taking steps to prevent a cyber event, “it’s still alarming that nearly half don’t have the proper Insurance coverage.”

Given that a single Cyber attack can put a company out of business, Francis said “taking the threat seriously and implementing a risk management program that addresses possible exposures can help a company not only avoid an attack but also recover from one as quickly as possible.”

Since 2015, the percentage of small business respondents that have suffered a Cyber attack has tripled, from 4% to 12% this year. Increases are also being reported among medium-sized companies (10% in 2015 to 20% this year) and large businesses (from 19% to 33%).

“More companies are experiencing cyber attacks,” Francis said. “The cost of a single breach to a small business can easily reach a substantial amount of money on top of the time it takes to restore the business, so protecting a company’s assets with a Cyber Insurance policy is critical.”

For access to the full article by The Insurance Journal, please click here

5 Things to Know About Cyber Insurance

5 Things to Know About Cyber Insurance

More Businesses are recognizing the need for Cyber Insurance as part of an overall security strategy. Here are some key points to consider when Purchasing, and Relying on a Policy.

1. If Your Organization Doesn’t Already Have Cyber Insurance, It Will
Organizations are increasingly investing in Cyber Insurance simply because they have no choice. Clients are insisting their partners have insurance for compliance purposes and regulatory requirements. More and more, having cyber insurance is part of contractual requirements.

For smaller organizations that have not put a strong security program in place, cyber insurance is critical and makes financial sense.

Typical costs for cyber insurance are currently extremely reasonable. If you’re a CISO and you have a breach, what do you want to say?; ‘Whoops, sorry?’ Or, ‘We have a partner, let’s file a claim.’

2. Insurance Coverage Is Not a Substitution for a Security Program
Just like you wouldn’t drive recklessly in a car simply because you have auto insurance, Cyber Insurance should not serve as reasoning to tailor back on investing in security strategy and tools. Under no circumstances should a business purchase Cyber Insurance and assume it is covered without putting the time and investment into a solid security program.

While Cyber Insurance may reimburse costs, it cannot mitigate the reputational damage incurred by a breach or a security incident. Insurance will not reinstate trust from clients and customers post-breach.

3. Security Should Get Involved Early in the Insurance Process
While the conversation about insurance is often being led in other financial divisions of a company, such as at the CFO level, the security department should be involved at the outset to help evaluate policies and coverage levels.

Security staff or the CISO will understand the technical language and definitions in a way that others less tech-savvy and risk-informed cannot. Security is also more qualified to identify important exclusions that may be slipped into the policy and can advise accordingly. In order to ensure the policy has the right inclusions for your specific organization’s needs, security needs to be consulted on each step of the evaluation and purchasing process.

4. Ensure the Requirements of a Policy Are Fulfilled So Your Coverage Won’t Be Nullified
You’ve got a policy and now you’re covered, right? Think again. You are obligated to fulfil and have in place a number of requirements in order for that policy to cover you in the event of a breach or other security incident.

This brings us back to the importance of security’s involvement in the process and a thorough understanding of both the coverage and the policy details. What does your organization need to have in place that it may be overlooking? If the policy requires it, you will be out of luck on coverage in the event of a breach if you haven’t made the proper accommodations.

5. Some Elements of Your Incident Response Plan May Need to Change
Certain steps in an incident response plan may need to be tweaked once a Cyber Insurance policy is in place. This will include your breach reporting timeline because, as almost all policies have requirements about timely reporting.

Secondly, it is critical to develop your IT plan prior to having to use it – and test it out. While many organizations have an incident response plan in theory, a considerable number have not actually put it to the test. Are you sure yours is up to the challenge if a breach occurs?

For the full article by darkreading, please click here

Cyber Breaches result in Huge Regulatory Penalties

Cyber Breaches result in Huge Regulatory Penalties

Despite the constant reports of Cyber breaches, the risk seems to be generally accepted as part and parcel of using the internet and smart phones; in much the same way that motor accidents are an accepted price for the convenience of road transport. We just hope they don’t happen to us.

But perhaps that may change, particularly for companies and their insurers following the Information Commissioners Office (IFO) announcement that they intend to fine British Airways £183m, the largest fine so far under the new General Data Protection Regulations (GDPR).

This follows the much-publicised cyber incident last September when 500,000 customers had their data compromised. The ICO say the breach was down to poor security arrangements, although British Airways has issued a defence saying they faced a sophisticated, malicious criminal attack. It plans to defend the airline’s position ‘vigorously’, including making ‘any necessary appeals’.

Whatever the outcome, the message from the ICO was clear: “When you are entrusted with personal data you must look after it.” And they subsequently announced their intention to fine Marriott Hotel Group £99m. Marriott has also said it plans to appeal.

These draconian fines will be a warning to large companies, but may be a sign we are moving to a position of ‘strict liability’ where whatever security you put in place and however sophisticated the attack, you didn’t do enough. You would hope that smaller companies doing their best without large cyber security budgets will be given more leeway, but we will have to wait and see.

To access the full article by Worthing Herald, please click here

To discover the Commercial Insurance options available through Warwick Davis Insurance, please click here