February 20, 2015
Are you exposing yourself?
“There are only two types of companies: those that have been hacked, and those that will be” Robert Mueller, FBI Director, 2012
Rapidly changing technology is now a fact of life, and cyber threats will increase as technology develops and more business is done online. As threats grow, so does your need to protect and mitigate against those risks and reduce your exposure to cyber crime.
The 2014 Information Security Breaches Survey found that 60% of small businesses suffered a cyber security breach in the past year. The resulting cost to businesses has nearly doubled since 2013.
Mark Minton believes cyber insurance should not absolve businesses from their responsibility to manage their risk of cyber attack, but should be seen as part of a multi-layered approach to cyber risk management. “It’s vital for all businesses to evaluate their risk, manage it effectively, ensure they have the right cover in place – and also understand it.”
He adds, “All businesses are different when it comes to cyber risks. The key is to identify the unique risks your business faces to ensure your cyber policy is tailored to meet those needs, and understand where they overlap with existing cover such as business continuity.”
In addition to risk analysis to establish exposure and meeting the costs and consequential losses of cyber breaches, cyber insurance can provide specialist support that could be critical to minimising the impact of a breach. Mark added “SMEs may not have the people or experience to manage a cyber breach. It is important to understand the support you receive as part of your cover too.”
Huw Davies, IT Network and Operations Manager at Wilsons, has seen the rate of attack growth first hand. “The number of ways your IT systems can be compromised can seem scary, including users, endpoints (computers/tablets/phones), software and files, networked devices (your network can be compromised through a printer!) content filters, firewalls and routers. All these are paths for attacks on your business or paths for your data to get out.”
A good starting point for assessing and managing all of this can be found at:
This information source covers:
- Securing your IT systems
- Protecting your network
- Managing your users access to systems
- Educating your users about risks
- Managing a security incident
- Preventing malware/viruses
- Monitoring IT systems
- Controlling the use of removable media
- Dealing with home and mobile working
When the risks have been assessed, it’s important for the business to discuss the issues they find with their IT people, whether internal or external, and involve third party providers where necessary to effectively manage the risks.
Huw also suggests that when looking to implement any IT based solution for managing cyber risks, businesses remember these two key points:
- Always buy business grade security solutions, not domestic/retail solutions
- There is no IT solution to a people problem!
For further information, please contact Mark Minton