Insights

Reduce Data Exposure to Cyber Threats

Reduce Data Exposure to Cyber Threats 1920 1280 James Hallam

In our current world, protection against cybercrime is needed more than ever. Cyber criminals will be using COVID-19 to increase their activities to attack individuals and organisations. The National Cyber Security Centre has reported a rise in online scams exploiting the pandemic with the aim of obtain money from victims. It is critical for organisations to re-assess their data protection practices to cyber security and help protect themselves from experiencing data exposure and breaching GDPR.

Why is cyber security important?

• Damage to IT systems
• Loss or impairment of critical business data
• Loss or compromise of customer data
• Loss of use of customer facing websites
• Damage to brand or reputation and loss of public trust.

The increase in the number of individuals working from home poses even more risk to businesses as they become more reliant on their IT systems and employees often working on their own devices.

What steps can I take to be prepared for a cyber attack?

1. Protect data using strong passwords and encryption. Make sure you avoid using predictable passwords and provide secure storage for passwords.

2. Secure your computer, wireless network and mobile device. Often cyber criminals will gain entry by exploiting your software. To prevent this, ensure you keep all your applications and operating systems up to date.

3. Provide training against cyber treats. Your employees should know your cyber security policies and know how to report suspicious activity. Providing training on these topics should assist employees in reducing the risk of data exposure.

4. Consider having an offline back up. Back up your data regularly in more than one place and do not leave your backup connected to your device when not in use.

5. Understand phishing threats and how to respond. Phishing is a method cyber criminals use to gather information. They often send victims emails with links that will direct you to fraudulent websites, asking you to provide sensitive information. Providing real life examples through training can help employees understand what to look for and how to best deal with them.

6. Create an incident response plan. While cyber security programmes secure an organisations digital assets, an incident response plan provide steps in case a cyber attacks occurs. This will allow organisations to notify impact customers quickly and limit financial and reputational damages.

7. Use multi factor authentication. This adds a layer of security to protect against compromised credentials. Users must confirm their identity by providing extra information when attempting to access networks, e.g. phone number or security code.

What if my business becomes victim to a cyber attack?

Taking these steps can reduce the chances of you becoming a victim of a cyber-attack but it is impossible to eliminate the risk entirely. Cyber Insurance can help your business deal with and recover from any cyber attacks.

The Insurance Landscape and Covid -19

The Insurance Landscape and Covid -19 1920 1280 James Hallam

Staying Covid-19 Secure

Staying Covid-19 Secure 1920 1280 James Hallam

Navigate a safe return to work with our Staying Covid-19 Secure guide. Please click here to download our guide.

Advice: Are your business premises Covid-19 Secure?

Advice: Are your business premises Covid-19 Secure? 1920 1280 James Hallam

Vito Sepe, divisional director of James Hallam Travel and Tour, outlines considerations identified by James Hallam Risk Management for travel firms as they look to reopen business premises. Read more here on the Travel Weekly.

Hospitality Industry – Planning to Reopen Guidance

Hospitality Industry – Planning to Reopen Guidance 1920 1280 James Hallam

Please click here to download our Hospitality Industry – Planning to Reopen Guidance. Download the supporting checklist here.

Wording of Some Insurance Policies May Allow Claims on Coronavirus Closures

Wording of Some Insurance Policies May Allow Claims on Coronavirus Closures 1920 1280 James Hallam

Businesses have been advised to seek advice if they think their insurance policy could cover the enforced closure caused by the coronavirus outbreak.

David Noble, director of hospitality and leisure, explained that insurers will not have intended to cover the current situation, but that the writing of some policies may produce circumstances where a claim can be pursued.

He explained: “It was not the intention of the insurance industry to cover the Covid-19 pandemic that resulted in the closure of the UK hospitality industry. Insurance companies had suffered large losses during the Sars outbreak, so policy wordings were written to try and limit insurers’ exposure to global pandemics. If they had priced for such an event, insurance premiums would not have been affordable.

“It was, though, insurers’ intention to cover, where purchased, business interruption losses for outbreaks of infectious diseases on the premises or in close proximity to the premises. The government making Covid-19 a notifiable infectious disease triggered this cover in some policies. However, there were very few reported losses of this nature because shortly after the government closed hotels, restaurants, bars and pubs.

“While this triggered possible claims in some policies that extend to cover ‘non-damage denial of access’ to premises following the ‘closure by a public authority’, most policies contain a version of a pandemic exclusion. The words differ from one insurer to another and, in some cases, from one wording to another with the same insurer. For example, an insurer might have a specialist scheme arrangement for a particular class of business.

“Some wordings suffer from poor draughtsmanship, so it can be argued that the [pandemic] exclusion is not obvious, and in some cases it has been missed out completely. In these circumstances, it will be difficult for insurers to repudiate claims, despite what some have been saying in the press.

“My advice is, in the first instance, speak to your insurance broker. They can advise you on what cover you have. If you are not satisfied, seek a legal opinion, but if that is not a viable financial option at the moment, speak to a loss assessor. The good ones will give you an honest opinion on your cover and only charge on success.”

Read the full article by Emma Lake in The Caterer here.

Be Aware – 18th Edition IET Wiring Regulations Launched

Be Aware – 18th Edition IET Wiring Regulations Launched 1920 1280 James Hallam

Last year saw the publication of the 18th Edition IET Wiring Regulations. The regulations apply to the design, erection and verification of electrical installations; and additions and alterations to existing installations.

Also known as BS 7671:2018 Requirements for Electrical Installations, these changes were issued on 2nd July 2018 and came into effect on 1st January 2019. The period between publication and application gave a 6-month window for electrical contractors and others responsible for installing and maintaining electrical installations to become familiar with the new regulations.

Whilst there are many small changes from the previous 17th Edition, some of the significant updates in the new 18th Edition cover include:

  • Protection Against Electric Shock – changes to regulations relating to protective equipotential bonding and those relating to disconnection times.
  • Protection Against Thermal Effects – of particular relevance to fire, a new regulation has been introduced recommending the installation of arc fault detection devices (AFDDs) to mitigate the risk of fire in final circuits of a fixed installation due to the effects of arc fault currents.
  • Protection Against Voltage Disturbances – stipulating that transient over-voltage protection has to be installed when (amongst others) the consequences caused by over-voltage results in interruption of commercial or industrial activity.
  • Inspection and Testing – this has been revised to align Inspection and Testing requirements to other revisions within the 18th Edition.
  • Energy Efficiency – recommendations for the design and erection of electrical installations with local production and storage of energy to optimise the use of electricity. These are listed in a new appendix.

This doesn’t mean that existing electrical installations installed in accordance with earlier editions of the wiring regulations are now unsafe or require upgrading, but any new installations, alteration or additions made from 1st January 2019 onwards will need to comply with the new regulations.

It is always recommended to hire contractors who are members of a trade body such as NICEIC when choosing an electrical contractor to inspect and test electrical installations within your premises. Many commercial insurance contracts contain a fixed wiring electrical inspection condition and generally stipulate use of an NICIEC contractor.

For more information, please contact us on 01923 298435.

Cyber & Data Risks Insurance

Cyber & Data Risks Insurance 1920 1280 James Hallam

Each year when completing a review of their insurances, most businesses will look at uninsured exposures with their insurance broker. Most of these can be reasonably ignored following simple cost-benefit analysis, but cyber is more difficult in that the associated risks and their potential cost to a business are still developing. It is anticipated though that the frequency and severity of such incidents will continue to rise, mirroring the experience of North America where cyber risks are given a higher regulatory and boardroom prominence. In the US it is now estimated that over 75% of corporate businesses purchase cyber insurance.

  • Different businesses will be exposed to cyber risk in different ways; some are reliant on their website to drive turnover, some rely on a hosted accounting or billing system to operate whilst others hold sensitive client data or intellectually valuable data on their systems. There are a multitude of scenarios that leave a business exposed to internal and external electronic threat. The failure of an IT network could be debilitating and a good first step is to identify and take steps to mitigate external and internal IT risks. These include:
    data theft or data loss
  • hijacks where hackers gain control of a system and demand a ransom to restore service
  • bot scams where viruses are used to take over large numbers of computers
  • basic human error (internally generated risks should not be overlooked and continue to be the most common proximate cause to a cyber loss)

Notification costs following the loss of third party data is now a major concern for EU business following GDPR. Safekeeping of data is the responsibility of the customer facing entity, notwithstanding that a third party processing company may have been the party that lost the data and/or contractual terms making a third party responsible for notification. This means if you are hacked and lose your customer data (names, addresses, credit card numbers etc.) you will need to report the loss to the data commissioner, possibly pay PCI fines, pay the cost of notifying your customers that they are at risk, pay for advice to manage their risks and pay PR costs to manage the potential damage to your brand and reputation. All of these risks can be insured and cyber insurance will additionally cover fines and penalties associated with regulatory investigations due to a privacy event.
The other major threat to a business may be the loss of a website and a resultant loss of revenue. Again, this can be insured.

  • The cyber insurance market has been developing at a rapid pace over the past five years as experience has been gained by insurers. Areas of cyber-risk that can now be insured include:
    replacing, restoring or recreating data that has been corrupted or destroyed by network failure or first/third party intervention
  • loss of data and notification management costs
  • criminal threat or extortion to release sensitive information or bring down a network unless demands are met
  • loss of income and extra expenses resulting from when a network is interrupted by attack. Covers criminal hackers, malicious insiders and denial of service (DOS) attacks, (including extortion monies)
  • payment fraud (deception of the insured’s customers into transferring over funds)
  • public relations expenses and crisis management
  • disaster recovery activation costs
  • fines and penalties where insurable by law
  • use of leased / rented external equipment
  • use of third party services
  • additional staff expenditure and overtime payments
  • terrorism risk, including ideological risk (LulzSec, Anonymous etc)

James Hallam Insurance Brokers have been placing cyber risk in the London market for over fifteen years. We source cover to insure against all of the above threats and, in addition, we can protect against risks that the majority of cyber insurers omit. For example, our favoured market will also provide:

  • the provision of first party cover on an “each and every claim” basis, ensuring that policyholders aren’t restricted by a policy aggregate and that the full benefits of cover are available each time a crisis strikes, even if they experience multiple cyber incidents in the same policy period
  • full retroactive cover as standard, meaning that policyholders are covered for breaches they discover during the policy period, even if it first occurred long before. Symantec has reported that the average time to discover a breach is 205 days, making this a particularly important feature
  • an extensive in-house incident response capability to ensure that cyber incidents are dealt with quickly and efficiently in real time. Initial response services are offered with no deductible payable by the insured
  • broader cover for senior executive officers who are regularly targeted in cyber attacks, covering theft of personal funds of individuals as well as those of the company
  • if a suit is brought against directors and officers following a cyber attack, the policy provides affirmative cover in the event that their management liability policy doesn’t respond
  • incident response costs are provided in addition to the policy limit
  • no excess is applied to the initial reporting and investigation costs
  • full systems failure is covered, including resultant business interruption
  • full Supply Chain is covered, including Technology suppliers (and non-Technology suppliers if named)
  • Cryptojacking and Botnetting are included under the definition of Cyber Crime
  • Additional Extra Expense coverage is included for costs above the normal operating expenses of a business
  • Hardware Replacement coverage is included for computer hardware or tangible equipment damaged as a result of a cyber event

Some points to consider when discussing Cyber Risk with your clients

Dealing with a ransomware incident is rarely a simple matter of the ransom payment being made and the business in question automatically regaining access to their systems and data. Even after a ransom payment has been made, and assuming the system can be successfully decrypted, the ransomware can have the unintended side effect of severely impairing the functionality of one or more of a business’s vital systems.

The use of legacy systems can significantly increase the risk of a cyber loss. Generally speaking, legacy systems are not only far more vulnerable to attack, they are also much more susceptible to dysfunction following a cyber attack.

The importance of having data re-creation cover is becoming increasingly apparent. Many cyber policies only provide cover for the cost to recover or restore data from back-ups, but not the costs to re-create or re-enter lost data from scratch. The bulk of the costs to a claim can come from the labour costs associated with manually re-entering data, and brokers should be sure to check that their clients have this important cover in place.

Almost all modern businesses have some form of cyber exposure. Even if a policyholder does not solely rely on their computer systems to carry out work, they will still have an office function that playing a key role in the running of the business. When the computer systems in an office are affected by a cyber event it will almost certainly have a negative impact on the overall business operation and having a cyber insurance policy in place will provide a valuable safety net for the company.

James Hallam can place cyber insurance in the London Market for business domiciled almost anywhere worldwide so please feel free to get in touch if you would like us to assist you and your clients.

Credit Insurance Can Be Essential To Your Business

Credit Insurance Can Be Essential To Your Business 1920 1280 James Hallam

2019 is set for a significant increase in business failures since those following the Global Financial Crisis of 2008.

Insolvencies will occur for reasons not seen before such as stress on cash flow due to stockpiling, delivery delay and failure to recognise the effect of tariff and regulatory changes.

  • All business sectors are likely to see margins and their ability to pay promptly squeezed
  • Several high profile insolvencies have occurred in 2018 and companies in many sectors are issuing profit warnings – even the on line retailer ASOS
  • The Office for National Statistics quarterly release shows insolvency  increases in Q3 2018 of +8.9% sequentially on Q2 and +19.3% on Q3 2017
  • This demonstrates a fragile economy with definite potential for more business failures in 2019

Suppliers of goods and services need up to date financial information to ensure customers are able to pay their invoices and the security of knowing unpaid debt is covered by insurance. Not only does a credit insurance policy provide debt collection and indemnity for non-payment following insolvency or protracted default but also REAL TIME FINANCIAL INTELLIGENCE

A ‘buyer’ of goods and services failing to meet debt obligations or with a weakening financial position will be alerted to credit insurers in advance of information becoming public. This critical data enables a credit insured company to review their exposure with vulnerable customers and minimise potential for bad debt

Credit Insurance offers a solution – let our experts speak to you about the benefits this can bring to your business

Be Aware- Selection and Control of Contractors

Be Aware- Selection and Control of Contractors 1920 1280 James Hallam

There are many examples where failure of the client-contractor relationship has caused fire or other damage to property, or a significant accident resulting in injury to others. The impact of such an incident on a business can be significant, resulting in loss of revenue, damage to reputation, uninsurable fines and in the worst cases the prosecution of both parties and/or imprisonment where severe injuries or fatalities have occurred.

Even if contractors visit you regularly, a high turnover of staff may mean that some of their workers are visiting you for the first time and therefore unfamiliar with the premises, unprepared for the hazards, or unaware of any safety measures they should take. They may have had no health and safety training at all.

What Do I need To Consider?
A policy for the selection and control of contractors;
Approved contractor status for those in regular use;
Obtain confirmation in advance of the work that the contractor holds adequate public liability insurance. The policy must cover the activities undertaken on your behalf i.e. hot work, or working at height etc.
Ensure a risk assessment is completed for each job and the contractor is involved
Put clear risk control measures in place and ensure supervision of contractors is effective.

What Key Actions Do I need To Take?
Introduce a Control of Contractor Policy and a Permit to Work system, authorise contractors using a questionnaire as part of a formal selection process, agree a formal risk control procedure including method statements where appropriate.
Ensure your managers and staff understand your control of contractors policy and their specific and general health and safety responsibilities when contractors are on site.

Where Can I Get Further Information?
The HSE provide information on a wide range of topics via the HSE Books website. For example:
‘Essentials of health and safety at work’
INDG417 Leading health and safety
HSG159 Managing contractors
INDG368 (Rev 1) Use of contractors: a joint responsibility
HSG250 Guidance on permit-to-work systems
Health and safety passport schemes

Advice and Support?
Please contact Marc Brennan if further guidance or advice is needed

Tel 07879 49356