International Data Protection Day falls on 28th January and serves as a reminder of the importance of protecting individuals’ privacy and sensitive data. In a digital age, where information is a valuable asset, businesses face increasing challenges in safeguarding data from cyber threats and ensuring compliance with privacy legislation.
You may be curious as to how vulnerable your business is to a cyber-attack?
Here are some questions to help you to identify your level of risk.
- Do you send or receive wire transfer payments?
- Do you collect or store personally identifiable information?
- Do you store business critical information on your computer systems? Contracts, plans, stock levels etc.
- How long can your business operate without access to computer systems?
- Do any of your employees work remotely and are you confident that you or your employees will never make a mistake?
You will already be aware of attempted scams to get your money mainly perpetrated through unknown persons sending you texts, emails or phone calls looking for your personal data and ultimately your bank account and credit card details.
These criminals are spending even more time and effort looking at how to attack your business! Cyberattacks, data breaches, and other cyber threats are becoming increasingly common and sophisticated. Businesses of all sizes and industries are vulnerable, and a single cyber incident can lead to significant financial losses, reputational damage, and legal liabilities for your business.
According to Grant Thornton’s cost of cybercrime report in 2022, one in three small to medium businesses in Ireland fell victim to cybercrime between May 2021 and April 2022. A third paid the cybercriminals, with the average payout at €22,773. Cybercrime cost an estimated €9.6 billion.
A 2022 Cyber Crime Report by Market Dynamics carried out on behalf of LHK Group found that only 18% of Irish businesses had adequate Cyber Insurance cover in place. Colm Kelleher, Managing Director of LHK Group, said in response to these findings “This research is a big wake up call to all of us in business. Standard commercial policies typically do not provide cyber liability cover and many business owners don’t realise this. This survey shows that we must act immediately”.
Most of these cyber-attacks never make the news, whilst a small few dominate the headlines for days. In May 2021 cyber criminals attacked the HSE IT system and caused chaos that lasted for months as tens of thousands of medical procedures had to be postponed (all in the middle of a Covid crisis). In October 2017, the Musgrave Group who operate Super Valu, Centra and Daybreak brands were the victim of a cyber-attack. Back in 2013 SuperValu was a client of Loyaltybuild, which fell victim to a major cyber-attack. This involved the breach of personal data of 1.5m individuals including 376,000 people whose credit card data was compromised. The Data Protection Commissioner subsequently placed a prohibition order on Loyaltybuild that temporarily stopped it from operating in Ireland.
This evidence that cybersecurity threats are real, makes it vital for businesses (large and small) to be adequately protected by having cyber insurance cover in place.
So, what does Cyber Insurance cover?
Financial Protection: Cyber insurance provides financial protection in the event of a cyber incident. It can cover costs such as data recovery, legal fees, notification costs, and regulatory fines. Without insurance, these expenses could be crippling for a business.
Third-Party Liabilities: If a cyber incident affects your customers, clients, or partners, you could be held liable for damages. Cyber insurance can help cover the costs of legal claims and settlements related to third-party liabilities.
Regulatory Compliance: There are regulations in place in Ireland mandating data protection and breach reporting. Cyber insurance can help you comply with these regulations and can cover many of the costs associated with a breach.
Reputation Management: A cyber incident can severely damage your business’s reputation. Cyber insurance often includes cover for public relations and communication expenses to help manage your reputation in the aftermath of an incident.
Business Interruption: Cyberattacks can lead to business disruptions, downtime, and loss of income. Cyber insurance can provide cover for income loss during the recovery period.
Contractual Requirements: If you work with partners, suppliers, or clients, they may require you to have cyber insurance as part of your business relationship. Some may not let you quote them unless you have cyber cover in place. Having cyber insurance can help you meet these requirements and maintain important business relationships.
Peace of Mind: Knowing that you have a financial safety net in case of a cyber incident can provide peace of mind for business owners and stakeholders.
Customised Cover: Cyber insurance policies can be tailored to your business’s specific needs and risks. You can choose cover limits, excesses (the amount that you can bear in the event of a claim), and specific types of cover that align with your business and IT strategy.
Risk Management: The process of obtaining cyber insurance often involves a risk assessment of your business’s cybersecurity practices. This can help you identify vulnerabilities and improve your overall cybersecurity posture.
It’s important to note that cyber insurance is just one component of a comprehensive cybersecurity strategy. Businesses should also invest in robust cybersecurity measures, employee training, incident response plans, and regular assessments to minimise the risk of cyber incidents. The decision to purchase cyber insurance via an insurance broker should be based on a thorough evaluation of your business’s risks and individual requirements.