Cyber Security Insurance, or Not to Cyber Security Insurance? – That is the Question
Reading Time: 4 minutes9th November 2022 | Modified: 13th January 2023Categories: Security
Not quite the opening line of Hamlet, Act 1 Scene 1. However, in Shakespeare’s version as Bernardo looks out from the misty battlements, high up on the outer walls of Elsinore castle, he calls out to his fellow soldier, Francisco ‘Who’s there?’ Francisco replies ‘Nay, answer me. Stand and unfold yourself’.
Protecting castles back in the day and protecting modern-day businesses, have a lot more in common than you might first think. A castle with its secure outer wall, protecting the inner sanctum, might use moats, drawbridges, a portcullis, murder holes and arrow loops, all to defend against the enemy trying to lay siege to the castle walls. The attacker would use battering rams, catapults, trebuchets, ladders and ballistae. Sometimes, they would even dig a tunnel underground, and then set off a charge, which would explode and bring the castle walls down. Sound familiar?
The names for defensive measures have changed over the
last 1000 years but their role is still the same – to protect
Today, we build slightly different structures to protect our business data. Business information has become the new riches that cyber-criminals will try to climb over your defensive structures, steal from you, or hold you to ransom. So, instead of pouring boiling oil over the ramparts; we now employ a blend of cyber-security breach detection measures, to protect our business castles.
- Patch management
- Cyber security certifications
- Network firewalls
- Endpoint detection and response (EDR)
- Thin and zero clients
- Malware protection
- Cyber security training
- Access control & admin privilege management
- Secure configuration
- Multifactor authentication
Modern-day cyber-attacks are becoming increasingly connected and international in their nature. So, the defensive measures needed to protect a business, need to be even more powerful than ever before. Businesses of the future are going to have to build an impenetrable digital wall of security around their digital assets, if they want to remain effective, as well as profitable.
The impact of a cyber-security breach has far-reaching consequences and all the problems that come with it: reputational damage, erosion of trust, loss of sales and reduction in profits for starters. So, what can you do? The measure of business success in the future might be a case of not just having sold more stuff, services etc. But by the fact, you have not been cyber-attacked, which means your business can be trusted with personal data.
Taking out Cyber Insurance
2021 saw 34% of British businesses undertake some form of cyber risk assessment. While 43% of businesses took out some form of cyber insurance. Yet, three out of ten businesses have a continuity plan considering cyber-security, and only 20% have tested their staff for Phishing exercises.
Cyber-insurance protection generally covers liability for a data breach; it can help to cover any financial losses that result from a cyber assault. But, like normal insurance, it will have specific provisions and, given that cyber-security is a new industry, the provisions are changing by the month, as cyber-criminals change the rules each month. So cyber-insurance providers are making sure that you, as a business, keep up with your security measures, in order to mitigate any risk. Because as we all well know, insurance companies don’t like to pay out.
When you fill in a cyber awareness risk assessment questionnaire for your business insurance, it evaluates whether you have everything you need in place, to protect your IT, and the premiums you’ll pay are priced accordingly, in line with your levels of protection.
For example:
- Do you encrypt all your mobile computing devices – that includes, tablets, mobile telephones, PDAs, laptops including your staff BYOD computers
- When was the last time you assessed your IT infrastructure for breaches that you may have had in the last 12 months?
- When was the last time your team had cyber-security risk training?
Dwell Time for a Cyber Attack
Dwell time is the length of time that a cyber threat can sit on your IT system. Twenty-four days is the average. Hackers don’t just rush in, steal something and run away. They sit and watch you, without making a move, they wait until they know you, and have discovered your vulnerabilities.
Here is what a cyber-criminal will potentially do, in the time they are sitting on your network:
- They will sit within your IT network and watch your business behaviour
- Untick the boxes that say yes to business back up’s (when you think you’re backing up)
- Extract important data
- Break into emails and request and adjust financial transactions
When a business notices something wrong, it is usually when a supplier has not received their payment and is calling you about their overdue payment. Your money and the cyber scammers will be long gone by that time.
There are UK government-endorsed schemes out there like, Cyber Essentials, that provide a strategy of best practice cyber-security measures that a business can employ. Which, when implemented, are designed to protect your business from about 80% of cyber-attacks. This will also help you more when you fill in your cyber-insurance application. Remember, do not let cyber-criminals inside your castle, ghost, or no ghost.
Protect your business with an IT security health check now. At CNC we have several Security Services that help our customers protect their businesses from Cyber criminals. Please do not hesitate to contact us on 01273 384100 for further details or email sales@cnc-ltd.co.uk.
