According to the 2015 Information Security Breaches Survey, the Department for Business, Innovation & Skills reported that a staggering 90 per cent of large organisations had experienced some form of cyber breach during the last 12 months.
When reviewing the worst individual security breach for each company, the average cost per firm was between £1.46 million and £3.14 million.
While the data for small businesses is much more difficult to maintain as correct data breach records are not always kept, or made available, the report still highlighted 74 per cent of firms which have experienced a security breach in 2014. For small firms, the average cost of a breach was £75,000 and £311,000 for their worst breach. Without adequate Cyber Insurance, many small firms would not be in a financial position to recover from such losses.
All Firms Need Protection
Regardless of the size of your business, adequate cybersecurity and Cyber Insurance provides invaluable protection. To help your business develop thorough cyber risk management, the government has set out 10 beneficial tips.
- Keep any directors and officers informed in terms of the preventative measures which your business is taking to manage cyber attacks. This may include reports detailing current and new initiatives.
- Produce a user security policy for your staff that covers the acceptable use of your organisation’s IT systems. Additionally, establish a general staff training programme on how to manage cyber risks.
- Develop and manage a mobile working policy to protect data outside of the office.
- Ensure that any security patches are applied as soon as they become available, and ensure that the configuration of all information communications technology (ICT) systems is secure and maintained. Additionally, create a system inventory and define a baseline for all ICT devices.
- Create a secure policy for all removable devices & data media — such as thumb drives and external hard drives. Include the requirement that all media be scanned for malware before importing it onto business system.
- Establish online and cyber account manager processes and monitor user activity for potentially hazardous or malicious behaviour. Non-business sites and email use can be a common cause of malware.
- Develop a cyber incident response procedure and disaster recovery policy. This should include detailed testing incident management plans.
- Create a general employee monitoring strategy to identify potential malware and hazardous online behaviour.
- Establish anti-malware defences to protect against viruses and hackers.
- Protect your business desktop and laptop computers, together with online networks against external and internal attacks by managing the network perimeter and filtering out unauthorised access and malicious content.
By implementing these 10 tips, your business will reduce risk and identify any deficiencies in your cyber risk management scheme. However, best practice is to carry out a bespoke risk assessment which is tailored to your own business practices and current systems and processes.
FREE Business Insurance Review
Insync specialises in cover for SME businesses across the UK. We can review all of your specific requirements as well as arranging specialist Data & Cyber Insurance. Our Cyber cover not only provides cover for your legal liabilities following a data breach but also manages the process in terms of contacting impacting clients and associated public relations and media activity.