There are many reasons why: cost, they trust their IT providers to protect them, they’re unaware of the developing risks, confused by terminology, it’s too big & scary to contemplate doing anything about it or even because the IT Director feels threatened or criticised.
Aston Lark Birmingham held a great session with Catherine Aleppo this week who explained every business is vulnerable, it’s a boardroom risk and luck isn’t a strategy!
Attacks can be motivated & intentional, criminal or accidental e.g. trusted employee in a hurry with a growing Inbox clicks on wrong attachment. The headlines are external threats but don’t forget malicious or negligent insiders.
To try & keep it simple, here’s a couple of short lists to consider.
The first is main type of attacks:
A. Malicious Software – virus, malware, spyware etc
B. Phishing – social engineering, using email as a weapon
C. Ransomware – encryption to prevent systems operating or (as back-ups get better) exfiltration of data for double extortion to steal your information &/or threaten to release it publicly
D. Distributed Denial of Service [DDoS] – targeting your systems & overloading them
E. Advanced Persistent Threat [APT] – getting access to your systems and watching undetected until the best time to strike, perhaps when CEO is on holiday or a major transaction is happening
Policies vary and have different “bells & whistles” including personal cover etc but to keep it simple here’s the 5 main elements of cyber insurance cover:
1. Incident Response – so it’s happened, what are you going to do now & next? This is the emergency service including cyber forensics, crisis management, PR support, managing GDPR notification etc.
2. System Damage – the cost to repair or replace hardware & software
3. Third Party Liability – defence and damages for transmitting the problem upstream &/or downstream in your supply chain
4. Business Interruption – loss of profit/revenue or increased cost of working during cyber incident
5. Cyber Crime – fraudulent misappropriation of funds
It might be worth asking your IT provider which of 1. to 5. are they going to pay for? Or how much could the potential cost be?
If they can’t or won’t answer, I suggest you have a chat with us: jim.stevenson@astonlark.com
Suddenly a cyber insurance policy isn’t so complicated or expensive.