Cyber

8 Reasons Why Your SME Needs Cyber Insurance
8 Reasons Why Your SME Needs Cyber Insurance 500 334 James Hallam

Cyber insurance is tailored cover for the risks associated with cyber breaches and other forms of cybercrime. A cyber insurance policy can cover for the costs related to data recovery, legal fees, customer notification, and public relations efforts. It can also provide some cover for business interruption, allowing you to manage your overheads while you deal with the issue.

Read our full guide to what cyber insurance is, and what it covers.

Too many SMEs seem to think that cyber insurance is a niche product that is only necessary if you operate in certain industries. Yet all businesses, regardless of their size or sector, should consider cyber insurance. In this post, we will list eight reasons why.

1: Cybercriminals actively target small businesses

Think your business is “too small” to be of interest to cybercriminals? Think again.

Cybercriminals will not overlook your business because of its size.

One study found that cybercriminals are three times more likely to target SMEs over larger businesses. Another suggested that around 96% of all cyberattacks target SMEs.

2: Many SMEs are powerless to resist cyber attacks

One reason why cybercriminals target SMEs is because they know that smaller businesses are less likely to have robust cybersecurity systems in place. This means that, if they target you with a ransomware attack, for example, you will have no choice but to pay.

3: Cyber threats are getting harder to spot

Phishing is a very common form of cyberattack in which cybercriminals send a fraudulent email that claims to be from a trusted source. This could be a bank, a shopping platform, a manager, or a colleague.

Phishing messages trick the individual into sharing sensitive information, such as login details. This can give cybercriminals access to your systems while leaving you vulnerable to other forms of cyberattack.

Fake phishing messages are getting increasingly difficult to spot. There’s a growing threat of cyber criminals using AI modules to create phishing emails that are so realistic that they could fool even the most seasoned of cybersecurity expert.

4: Cybercrime carries a huge cost

The UK government’s cyber security survey found that, for UK businesses, the average cost of a single security breach was between £1,100 and £4,960. Would your business be able to bounce back from such an expense?

5: Cybercrime is getting more expensive

IBM recently surveyed 604 organisations and 3,556 cybersecurity and business leaders who had been hit by a data breach. They found that the global average cost of a data breach in 2024 was $4.88m. This is the highest it’s ever been, and it represents a 10% increase over the previous year’s figures.

6: A cyberbreach will cost you more than you might think

Following a cyberbreach, your business will take a significant financial hit. But the blow to your reputation could be much more damaging.

How many current and potential customers would you lose if you create the impression that you cannot be trusted to handle sensitive customer information?

And what if, in the investigations following the cyber breach, it is found that your business did not do enough to secure your customers’ sensitive data? This could imply you are in breach of GDPR, which could carry further fines.

7: Businesses can feel the impact of a cyberattack for years following the breach

A 2023 government survey found that 88% of businesses hit by a cyberattack were able to restore their operations within 24 hours of the attack. A separate study found that the average amount of downtime following a cyberattack was 24 days.

Yet some cyberattacks are so severe that recovery takes years. The Scottish Environment Protection Agency was hit by a ransomware attack in December 2020. As of February 2024, they were still rebuilding their systems.

Plus, it might be rare, but it does happen – sometimes a cyberattack is so severe that it sinks a business completely.

8: Cyber insurance can determine how effectively your business recovers from the attack

The amount of time it takes your business to recover from a data breach will depend on the severity of the attack, along with how effectively you can respond.

While cyber insurance will not protect your business from cyberattacks, it will at least ensure that you will have the means in place to respond to a breach.

With cyber insurance, you can get comprehensive cover for the costs related to data recovery, legal fees, customer notification, and public relations efforts. A cyber insurance policy can also provide some cover for business interruption, allowing you to manage your overheads while you deal with the issue.

Without a cyber insurance policy, a data breach could ruin you. But get the cover you need today, and you will have peace of mind that you will be able to bounce back from even the most severe of breaches.

Get tailored cyber insurance for your SME

James Hallam is an independent Lloyd’s broker with access to a hand-picked selection of A-rated insurance providers. We can help you find the cyber insurance you need at the best possible price.

Get in touch for a free quote today.

James Hallam Open New Cyber & Technology Hub – August 2024
James Hallam Open New Cyber & Technology Hub – August 2024 1920 1284 James Hallam

Seventeen Group broking subsidiary, James Hallam, has opened a new Cyber & Technology Hub at Exeter Science Park. This extends James Hallam’s branch network in the South West to four, being Plymouth, Penzance, Torbay and now Exeter. It also brings a specialist team together to focus on the fastest growing area of the economy and the area of risk where clients require huge support. The team will work with a strongly supportive insurer panel, delivering specialist risk management and insurance solutions to clients across the UK.

Steve King, Director of Cyber & Technology Risks, comments: “This is a truly exciting prospect for myself and the team. Exeter has embraced the technology sector and supports the business community in so many ways. It felt right for us to be in the heart of it at Exeter Science Park, the South West’s centre for businesses in science, technology, engineering, maths and medicine (STEMM)”.

End of Press Release

For more information contact Jackie Knight Head of Marketing and Media

Email Jackie.knight@seventeengroup.co.uk

Tel 07824 486319

Reduce Data Exposure to Cyber Threats
Reduce Data Exposure to Cyber Threats 1920 1280 James Hallam

In our current world, protection against cybercrime is needed more than ever. Cyber criminals will be using COVID-19 to increase their activities to attack individuals and organisations. The National Cyber Security Centre has reported a rise in online scams exploiting the pandemic with the aim of obtain money from victims. It is critical for organisations to re-assess their data protection practices to cyber security and help protect themselves from experiencing data exposure and breaching GDPR.

Why is cyber security important?

• Damage to IT systems
• Loss or impairment of critical business data
• Loss or compromise of customer data
• Loss of use of customer facing websites
• Damage to brand or reputation and loss of public trust.

The increase in the number of individuals working from home poses even more risk to businesses as they become more reliant on their IT systems and employees often working on their own devices.

What steps can I take to be prepared for a cyber attack?

1. Protect data using strong passwords and encryption. Make sure you avoid using predictable passwords and provide secure storage for passwords.

2. Secure your computer, wireless network and mobile device. Often cyber criminals will gain entry by exploiting your software. To prevent this, ensure you keep all your applications and operating systems up to date.

3. Provide training against cyber treats. Your employees should know your cyber security policies and know how to report suspicious activity. Providing training on these topics should assist employees in reducing the risk of data exposure.

4. Consider having an offline back up. Back up your data regularly in more than one place and do not leave your backup connected to your device when not in use.

5. Understand phishing threats and how to respond. Phishing is a method cyber criminals use to gather information. They often send victims emails with links that will direct you to fraudulent websites, asking you to provide sensitive information. Providing real life examples through training can help employees understand what to look for and how to best deal with them.

6. Create an incident response plan. While cyber security programmes secure an organisations digital assets, an incident response plan provide steps in case a cyber attacks occurs. This will allow organisations to notify impact customers quickly and limit financial and reputational damages.

7. Use multi factor authentication. This adds a layer of security to protect against compromised credentials. Users must confirm their identity by providing extra information when attempting to access networks, e.g. phone number or security code.

What if my business becomes victim to a cyber attack?

Taking these steps can reduce the chances of you becoming a victim of a cyber-attack but it is impossible to eliminate the risk entirely. Cyber Insurance can help your business deal with and recover from any cyber attacks.

Cyber & Data Risks Insurance
Cyber & Data Risks Insurance 1920 1280 James Hallam

Each year when completing a review of their insurances, most businesses will look at uninsured exposures with their insurance broker. Most of these can be reasonably ignored following simple cost-benefit analysis, but cyber is more difficult in that the associated risks and their potential cost to a business are still developing. It is anticipated though that the frequency and severity of such incidents will continue to rise, mirroring the experience of North America where cyber risks are given a higher regulatory and boardroom prominence. In the US it is now estimated that over 75% of corporate businesses purchase cyber insurance.

  • Different businesses will be exposed to cyber risk in different ways; some are reliant on their website to drive turnover, some rely on a hosted accounting or billing system to operate whilst others hold sensitive client data or intellectually valuable data on their systems. There are a multitude of scenarios that leave a business exposed to internal and external electronic threat. The failure of an IT network could be debilitating and a good first step is to identify and take steps to mitigate external and internal IT risks. These include:
    data theft or data loss
  • hijacks where hackers gain control of a system and demand a ransom to restore service
  • bot scams where viruses are used to take over large numbers of computers
  • basic human error (internally generated risks should not be overlooked and continue to be the most common proximate cause to a cyber loss)

Notification costs following the loss of third party data is now a major concern for EU business following GDPR. Safekeeping of data is the responsibility of the customer facing entity, notwithstanding that a third party processing company may have been the party that lost the data and/or contractual terms making a third party responsible for notification. This means if you are hacked and lose your customer data (names, addresses, credit card numbers etc.) you will need to report the loss to the data commissioner, possibly pay PCI fines, pay the cost of notifying your customers that they are at risk, pay for advice to manage their risks and pay PR costs to manage the potential damage to your brand and reputation. All of these risks can be insured and cyber insurance will additionally cover fines and penalties associated with regulatory investigations due to a privacy event.
The other major threat to a business may be the loss of a website and a resultant loss of revenue. Again, this can be insured.

  • The cyber insurance market has been developing at a rapid pace over the past five years as experience has been gained by insurers. Areas of cyber-risk that can now be insured include:
    replacing, restoring or recreating data that has been corrupted or destroyed by network failure or first/third party intervention
  • loss of data and notification management costs
  • criminal threat or extortion to release sensitive information or bring down a network unless demands are met
  • loss of income and extra expenses resulting from when a network is interrupted by attack. Covers criminal hackers, malicious insiders and denial of service (DOS) attacks, (including extortion monies)
  • payment fraud (deception of the insured’s customers into transferring over funds)
  • public relations expenses and crisis management
  • disaster recovery activation costs
  • fines and penalties where insurable by law
  • use of leased / rented external equipment
  • use of third party services
  • additional staff expenditure and overtime payments
  • terrorism risk, including ideological risk (LulzSec, Anonymous etc)

James Hallam Insurance Brokers have been placing cyber risk in the London market for over fifteen years. We source cover to insure against all of the above threats and, in addition, we can protect against risks that the majority of cyber insurers omit. For example, our favoured market will also provide:

  • the provision of first party cover on an “each and every claim” basis, ensuring that policyholders aren’t restricted by a policy aggregate and that the full benefits of cover are available each time a crisis strikes, even if they experience multiple cyber incidents in the same policy period
  • full retroactive cover as standard, meaning that policyholders are covered for breaches they discover during the policy period, even if it first occurred long before. Symantec has reported that the average time to discover a breach is 205 days, making this a particularly important feature
  • an extensive in-house incident response capability to ensure that cyber incidents are dealt with quickly and efficiently in real time. Initial response services are offered with no deductible payable by the insured
  • broader cover for senior executive officers who are regularly targeted in cyber attacks, covering theft of personal funds of individuals as well as those of the company
  • if a suit is brought against directors and officers following a cyber attack, the policy provides affirmative cover in the event that their management liability policy doesn’t respond
  • incident response costs are provided in addition to the policy limit
  • no excess is applied to the initial reporting and investigation costs
  • full systems failure is covered, including resultant business interruption
  • full Supply Chain is covered, including Technology suppliers (and non-Technology suppliers if named)
  • Cryptojacking and Botnetting are included under the definition of Cyber Crime
  • Additional Extra Expense coverage is included for costs above the normal operating expenses of a business
  • Hardware Replacement coverage is included for computer hardware or tangible equipment damaged as a result of a cyber event

Some points to consider when discussing Cyber Risk with your clients

Dealing with a ransomware incident is rarely a simple matter of the ransom payment being made and the business in question automatically regaining access to their systems and data. Even after a ransom payment has been made, and assuming the system can be successfully decrypted, the ransomware can have the unintended side effect of severely impairing the functionality of one or more of a business’s vital systems.

The use of legacy systems can significantly increase the risk of a cyber loss. Generally speaking, legacy systems are not only far more vulnerable to attack, they are also much more susceptible to dysfunction following a cyber attack.

The importance of having data re-creation cover is becoming increasingly apparent. Many cyber policies only provide cover for the cost to recover or restore data from back-ups, but not the costs to re-create or re-enter lost data from scratch. The bulk of the costs to a claim can come from the labour costs associated with manually re-entering data, and brokers should be sure to check that their clients have this important cover in place.

Almost all modern businesses have some form of cyber exposure. Even if a policyholder does not solely rely on their computer systems to carry out work, they will still have an office function that playing a key role in the running of the business. When the computer systems in an office are affected by a cyber event it will almost certainly have a negative impact on the overall business operation and having a cyber insurance policy in place will provide a valuable safety net for the company.

James Hallam can place cyber insurance in the London Market for business domiciled almost anywhere worldwide so please feel free to get in touch if you would like us to assist you and your clients.

Cyber Security and Fraud in Travel
Cyber Security and Fraud in Travel 1920 1280 James Hallam

James Hallam to support ABTA’s Cyber Security and Fraud in Travel Seminar – Key James Hallam partners and clients receive a discount to attend

Andy Bugby (Lead Underwriter – Financial Risks, RSA) will be speaking at ABTA’s Cyber Security and Fraud in Travel seminar on behalf of James Hallam Travel and Tour and Touchstone Underwriting Limited, which will take place on 20 June 2018.

Click here to find out more

Third party cyber security: pay attention or pay up
Third party cyber security: pay attention or pay up 1920 1280 James Hallam

When ABTA, the UK’s largest travel association, had its webserver attacked, it hit the headlines. No wonder – it had the potential to directly affect 43,000 people, disclosing their email addresses and in a much smaller number of cases some personal data and financial accounts.

ABTA had outsourced the management of its website to a professional UK specialist agency and they in turn used a well-known third-party server space provider – which is where the vulnerability was identified. How do you protect yourself when you believe you have outsourced to experts the job of getting these things right and to prevent such issues in the first place?

It wasn’t just the fact ABTA had been compromised that rocked the industry, it was how: In this age of digital inter-connectivity no one organisation or entity is an island.

Our reliance on third party service providers, regardless of our own security protocols means we are all susceptible to being innocent victims of third party cyber-crime.

Unfortunately, the EU General Data Protection Regulations or GDPR which comes in to effect from May 2018 makes no distinction or allowances for how a breach occurs. A breach is a breach and according to GDPR regulations and you are potentially liable for some eye-watering fines of up to £15.8m for businesses who fail to comply.

Ignorance is no defence and GDPR regulations are far reaching with businesses having to show exactly how they are keeping in line with the law, and a requirement that data breaches are reported within 72 hours.

Wide open window

ABTA’s experience whilst regrettable was not in the event too damaging because it was handled very well. ABTA’s decision to invest in a comprehensive cyber insurance policy from specialist travel brokers Arnold Fisher was completely vindicated, with the hack being quickly contained and the necessary remedial actions and costs quickly resolved.

Last year, Google’s Gmail was hit by disguised malware on smartphones while the US Navy had a data breach involving over 130,000 personnel, believed to be from a laptop owned by a Hewlett Packard Enterprise employee working on a naval contract so don’t be complacent!

Arnold Fisher, the specialist travel broking division of James Hallam, advises on the very latest in third party cyber insurance. Established for over forty years with more than 400 UK travel business clients, they are at the forefront of incident security.

Vito Sepe, Senior Account Director at Arnold Fisher, believes “complacency about third party security is like going on holiday, leaving every window and door wide open and a note on the front door saying you’ll be back in two weeks!”

If you’re in any doubt about the consequences of a breach or how you can mitigate against an attack then give Arnold Fisher a call. An attack calls for immediate action and you’ll need all the technical, financial, legal and public relations support to minimise the damage.

Support includes: –

  • Legal costs
  • Post attack forensic team
  • Investigation team
  • Crisis management
  • PR & reputational management
  • • Call centre handling

Risky business?

Travel agencies keep a lot of private data including email addresses, credit card numbers and passport details, so they are increasingly the focus of third party hackers. The average cost of a cyber breach is as much as £1.15m for large businesses and £115k for SMEs. Recently:

  • China’s largest online travel company, Ctrip had web and app services interrupted
  • Sabre Corporation, a US travel company processing reservations for airlines and hotels was breached
  • Groupon customers had money stolen from their accounts after a third party gained access to password and log in details from other websites

For the business fraternity, thinking ahead and knowing what to do if the worst happens is key to cyber survival.

“We work closely with leading travel companies,” says Vito Sepe, “and create tailored plans to cover a range of cyber scenarios. There is no room for complacency, everyone should be sure their risk management register is up to date. Traditionally, travel companies have always focused on safety and that should apply online too.”

For more information, call 01923 298 410 or visit www.jameshallam.co.uk/travel

Editor’s Notes

Established for over 40 years, Arnold Fisher is the specialist travel broking division of James Hallam, providing insurance to over 400 UK travel businesses. Endorsed by ABTA and AITO, they are a dedicated insurance broker with close partnerships with Advantage, ABTOI and ITT. Clients include sole traders, small independents and large corporates with over 1,000 employees.

James Hallam Meridien House, 71 Clarendon Road, Watford, Herts WD17 1DS

01923 298 410 www.jameshallam.co.uk/travel LinkedIn: James Hallam Limited

Start Typing