We are here to help you get the best value from your insurance
0121 321 4600
Newsletter Signup
One in three companies have experienced a cyber incident in the past 12-months, according to Bridging the Cyber Risk Gap, the latest research from insurer Chubb.

As a direct consequence of this, a significant majority realised they were less prepared than they had hoped. In many cases, that lack of preparation will not have been around companies’ digital defences, instead the problem will have been with their own people.

Few firms in the UK understand or address effectively the human element of their cyber risk. Around 70% of cyber security breaches result from phishing attacks, and a growing number from broader social engineering by criminals.

This does not include the number of cyber breaches that result from simple human error, without malicious intent. Here are a few easily recognisable scenarios:
  • Cyber_Risks_from_employeesthe employee who emails important data to someone they did not intend;
  • the employee who falls for a scam email;
  • the employee who opens a link in an email without verifying the sender’s address;
  • the employee who goes online and inadvertently downloads malware onto a company computer;
  • and the employee who accesses company information from their own device and introduces malware.
The above are a combination of simple human error, ignorance or – more worryingly – sophisticated attacks known as ‘spear-phishing’ in which information gleaned from social media or a company’s own website is used to dupe an employee into doing something or following a link which exposes the company to risk.

All firms should undertake a holistic audit of their cyber exposure. In each area, pre-loss planning can minimise the likelihood or effect of an attack. The areas are: awareness, protection, detection, response, and resilience.

Awareness involves understanding in detail the business environment, what risks exist and what regulation applies to a firm in the event of a cyber breach.

For protection, companies need to implement a ‘best-in-class’ cyber hygiene, including proper datahandling protocols, identifying a responsible information security officer, implementing technology or buying protection against identified risks.

Detecting intruders as quickly as possible is key to limit the damage attackers can do. This includes both technology-led solutions and offering incentives to staff to raise the alarm quickly if they see or do something unusual.

Companies need a 24-hour response system that allows rapid action, including notification of those affected after an attack, as well as cleansing the system of malware.

Often referred to as business continuity, resilience is about the long-term protection of revenue, and includes communication to clients about resumption of business, rapid restart planning, and pre-planning to find alternative routes to market in the event of a complete shutdown.

Cyber-crime and fraud prevention can seem complicated, but they needn’t be. Start by putting simple, everyday steps in place to ensure you and your customers are well protected.

If you are uncertain about how to protect your business from cyber-crime, contact us on 0121 321 4600 or send your enquiry to info@clarisksolutions.co.uk

Thanks to Post Magazine; Lauren Webb, London cyber underwriting managerand Nick Bellamy, principal cyber risk engineer and technology industry practitioner at Chubb.
16th October 2017

GDPR - are you covered?

Cyber_Security_and_GDPRCyber crime is evolving so rapidly that the law is scrambling to keep up. The General Data Protection Regulation (GDPR) harmonises all the data protection laws across Europe.

The EU has finalised its new data protection legislation to close some of the loopholes that have allowed so much cyber crime to go unreported.

The new directive comes into effect from 25th May 2018. It applies to any business that holds personal data or processes data for a client firm.

It requires your firm to demonstrate you have appropriate data-processing controls in place, to notify the authorities if you have a breach and make sure you have consent for all the data you hold.
Your business can be fined up to 4% of annual global turnover or €20 Million for breaching the regulation.

All companies and firms like yours will need cover. This is already leading to increased interest in cyber insurance and without GDPR compliance, your cover may not be valid.

Key points
One of the main points in the GDPR is the way companies collect and gain consent to use a person’s information such as name, a photo, an email address, bank details, posts on social networking websites, medical information or a computer IP address.

“Consent must be clear and distinguishable from other matters and provided in an intelligible and easily accessible form, using clear and plain language. It must be as easy to withdraw consent as it is to give it. Explicit consent is required only for processing sensitive personal data - in this context, nothing short of “opt in” will suffice. However, for non-sensitive data, “unambiguous” consent will suffice.”

*Taken directly from the GDPR website.

Cyber risk insurance
Any company storing information electronically faces the very real prospect of a hacker or even an employee gaining unauthorised access to their data.

Whether information is stored on a company server, individual PC, in the cloud, or on your company website, if a breach occurs, you will need the protection that cyber security insurance can offer to counter the impact this can have on your business.

You can mitigate the risks by taking out cyber insurance. However, you would be wise to improve risk management and comply with the GDPR to keep premiums as low as possible and ensure your cover remains valid.

CLA have also teamed up with Ilicomm who can provide a complete vulnerability assessment that can reveal as yet undiagnosed problems and highlight any weaknesses. They provide a free scan, subject to qualification, so that you can test drive their service for yourself.

What does cyber insurance cover?
Cyber insurance is designed to provide the support and protection you will need from some of the financial consequences of a cyber attack and includes:
  • Mitigation of the financial impact of data leaks
  • Advice and support for your IT department
  • Managing the risk of any adverse publicity
  • Protection from third party claims against the company
  • Regulatory fines for data breaches
  • Loss of profits while recovery is taking place
  • Professional fees
  • Breach coaching
The support is provided by a cyber incident response team and policy holders can also benefit from assistance after a data breach, to help restore systems and firewalls.

If you would like to arrange a free scan from Ilicomm, please contact one of our team on 0121 321 4600.
Cyber-securityCyber security may sound like a technical problem, but as we saw recently with the NHS attacks, preventing it is a management challenge.

It starts with carrying out a risk assessment and answering, ‘how would our business cope if we came in one morning and our computers didn’t operate?’ ‘What is our backup plan and who could we rely on to help us fix it if we had an attack?’

When you have a grip on your operations, remember your business has a responsibility to staff and customers to secure the data they use in the organisation too. The Data Protection Act requires personal data is secured and used appropriately.

Why should you do this? Because the threats from cyber criminals, hackers and identity theft are very real. When you understand the extent to which your business will be affected and what it could cost you, it becomes easier to justify the resources you’ll need to put in place now to prevent it.

Computer security for small businesses should be multi-layered, using desktop security products such as anti-virus, anti-spam and firewalls, and network intrusion detection, and hardware technologies such as security tokens, disk encryption and biometric fingerprint recognition.

But above all, it is about management. Define and train your staff on a security policy, including using strong passwords that include numbers and letters; not sharing or displaying passwords; and only opening email attachments from reliable sources. Encourage your staff to use the web responsibly, and stay vigilant when outsiders are in the office. Monitor access to the network, including memory sticks and other plug-in devices, which can be used to steal company information.

Protecting your business against phishing, vishing and smishing
  • Be cautious of how much information you reveal about your company via social media platforms
  • Do not assume a caller is genuine because they know information about you or your company – fraudsters are skilled in collecting enough information to sound convincing
  • Do not open emails that you suspect could be spam
  • Never enter any personal or security information on a site accessed through a link in an email
  • Never open attachments from senders you are unsure of
  • Be cautious of callers who attempt to gain information from you – “I want to check a payment you made today”. Rather than, “I want to check a payment of £5,000 you made today in favour of XYZ Ltd”. The former may be trying to get you to divulge information that can be used against you later.
  • If you are suspicious, terminate the call
  • When ringing back to verify the contact, use your usual contact number, not one provided in the suspect correspondence
  • On sites that require you to input sensitive information, look for “https” in the website address – the “S” stands for “secure”
  • Ensure there is a padlock symbol in the URL address bar – this shows that your selection is secure
  • Remember that your bank may ask you for some information, but will never ask for your full password or PIN, provide you with details to make a payment, or request that you grant them access to your systems or PC
  • Familiarise yourself with what your bank will and won’t ask you if they wish to verify payments
Protecting your business against invoice fraud
  • Make your staff aware of this threat
  • Check notifications and invoices received carefully to see if the document looks like a counterfeit
  • Check that the email address the message comes from does not look odd, such as by ending in”.org” when it should end in “.com”.
  • Always call your supplier, using contact details you have on file (not those supplied in the message – that will be the fraudster) to confirm any changes before effecting them. Ensure that you validate the exact bank detail changes you should be making, in full
  • Consider setting up single points of contact with the companies you pay regularly
  • Consider adopting dual control procedures for any changes in payment information
  • Use leveraging technology that ensures invoices are matched with purchase orders, flagging any rogue invoices
  • Regularly conduct audits on your accounts
Cyber risk insurance
Insurance is an essential part of your cyber security strategy to help you to recover quickly after a breach and cover the costs involved such as:
  • Bringing in experts to support your team
  • Managing any negative press coverage and crisis containment
  • Third party liability
  • Repairing and restoring systems following an attack
  • Extortion costs you may have to pay following a ransomware demand
  • Legal advice
  • Business interruption costs
Vulnerability assessment – preventing an attack before it happens
CLA have partnered with cyber security specialists Ilicomm, who can offer a vulnerability assessment.

Their vulnerability assessment programme will not only reveal as yet undiagnosed problems, but will highlight weaknesses and recommend the explicit technical controls required to mitigate the risk to an acceptable level.

To find out more about cyber security and how to protect your business please call, or request a call back and one of our account executives will contact you.
Business-threats-2017Allianz has produced their Risk Barometer for 2017 which identifies top three corporate perils for UK businesses.

The figures are based on the responses of more than 1,200 risk experts from 50+ countries.

At the top of the list in the UK is cyber incidents with 48%. The toughening of data protection regulation put this at the forefront of risk experts’ minds, as penalties for non-compliance will be more severe.

Second was business interruption (BI). Physical perils such as fire and explosion are top causes of BI that businesses fear most, but non-physical or non-damage causes are becoming a much bigger issue; for example, supplier failure or cyber incidents.

Macroeconomic developments moved up from sixth position last year to third.

Cyber insurance
It is no longer a case of, if your business suffers a cyber-attack, but when. Cyber-crime has moved to the top of Allianz’s barometer with hardly a week passing without the media reporting a high-profile case of hacking or ransomware attack. And this does not include smaller businesses where breaches go unreported.

Cyber insurance can provide the cover that could be the difference between the survival or bankruptcy of your business.

Business interruption insurance
Disruptions can be caused by a wide variety of risks; fire, flood or a leaking pipe. Your commercial insurance policy will cover the material losses, but if your business is forced to close following an incident, this is when business interruption insurance is invaluable.

The policy will cover loss of income following an insured incident.

It is not surprising this has moved up the Risk Barometer in 2017, with more uncertainty, driven by growing concerns over political, legal and regulatory developments globally.

Allianz possess strong underwriting and risk management capability which means they can offer cover and access to business specific risk guidance ensuring that businesses are properly protected.

To protect your business from business risks in 2017, talk to one of our account executives at CLA to find out more.
Have you reviewed your business insurance recently? Does it provide adequate cover to secure the future of your business should events take a turn for the worse?

Commercial-business-insuranceBusiness is constantly changing and risks need to be evaluated every year to ensure new threats to your business are covered. Fortunately, insurers are continually introducing new insurance products to meet these future business challenges. If you use an insurance broker, they should be making you aware of these new products and recommending updates to your policy. However, if you rely on simply renewing your existing insurance online without the support and advice of a broker, you may find that over a period of time, your insurance policy is insufficient to cover these new threats.

Your commercial business insurance will cover you for insured risks such as fire and theft, but you may need to check you are covered for more specific threats.

Cybercrime insurance
Statistics published by the government in 2014 stated that an estimated 81% of large companies and 60% of small businesses suffered a data breach. With an average cost of £600,000 to £1.15m for large businesses and £65,000 to £115,000 for smaller ones, cybercrime is no small problem.

Technology now connects millions of people both in business and socially due to the rise of connected devices and access to information. This trend has in turn led to a rise in the number of hackers who have the ability to launch cyber-attacks. These can arise from a number of sources both internally (unhappy staff, lost devices, poor data encryption) and externally (hackers, third party suppliers losing data).

Often clients assume cybercrime is covered under general liability. It’s not.

Liability Insurance
  • Professional indemnity
Providing professional advice as a freelance Consultant can be risky. If you were to accidently provide incorrect advice or omit to pass on relevant information, you could be liable to legal action against you or your business.

Professional Liability insurance cover is designed to meet your individual requirements and will pay for the legal costs of defending an action against you.
  • Directors and officers
Specifically developed for senior personnel and management. Directors and Officers insurance provides protection from legal action that could result in a claim against Director’s homes, possessions and investments.

Having legal expenses and PI cover in place is simply not enough, for example a PI policy does not provide cover against actions pursued by shareholders or employees.

Frequently taken out by larger companies, SME’s are sometimes slow to realise the potential benefits of a Directors and Officers policy. The fact is, a smaller business could be more vulnerable because it may have less stringent corporate governance procedures in place and therefore it is even more important to consider this cover.

Insurance against bad debt
Non-payment of your invoices can be a significant risk for small companies. You can protect your business against this risk by purchasing bad debt protection. Bad debt policies are tailored to each individual company, taking into consideration the type of industry, years in business, equity position, existing assets and liabilities, payment records and revenue.

According to “Company Check” more than half of small businesses have had to write off money owed to them as a bad debt in the past 12 months. If this was applied to the UK as a whole, the Federation of Small Businesses state that this would have affected a staggering 2.8 million companies.

In 2015 more than 7,000 trade credit insurance policies were taken out by small businesses. The Association of British Insurers figures show that £149 million was paid out, the equivalent of £3m per week to support businesses when a customer defaulted on payment.

Future protection
No one knows what insurance cover will be needed in the next few years. Change is happening at a faster rate and technology is advancing every year. One thing is certain, insurers will be developing new products to meet the demands of their customers and the first to hear about these new products will be your insurance broker.

Keep in touch with your broker regularly and they can advise you of the most suitable and affordable insurance for your company to ensure your business is protected into the future.

In early 2016 the discovery of a piece of plastic in a Snickers bar in Germany triggered a recall that saw manufacturer Mars withdraw its chocolate bars from the shelves of retailers across a staggering 55 countries.

On investigation, it transpired that the offending piece of plastic was part of manufacturing machinery originating from its factory in the Netherlands. Even though only a single foreign object was found it was enough to cause a health and safety recall costing the confectionary giant millions of pounds of lost sales.

Most companies plan for a loss scenario of a couple of day’s product manufacture that may be affected before the problem is identified, however in the case of Mars it was six months! It can be argued that smaller companies do not have multiple manufacturing sites and therefore the risk is somewhat minimised.  But should an incident arise, it is not just the cost of the products that have to be recalled but the negative publicity that comes with it and possible legal costs.

The challenges are not limited to incidents occurring within the supply chain. There is of course the threat of damage to property with nearly 10% of the largest fire losses in the UK being in the food and drink sector (Allianz), of that material damage is usually around 50% and 27% is the business interruption loss. As well as the risk of fire, the threat of flooding continues to affect businesses across the UK.

Before you open the factory doors, it would be wise to check you have all of the adequate insurance policies in place and for the correct amounts of cover.

At CLA Risk Solutions we are on hand to offer free advice and a review of your insurance cover to ensure that you obtain the most relevant insurance policies for your business.

Commercial-Insurance-1For example, CLA can offer a comprehensive policy designed to run in conjunction with your Commercial Combined or other primary insurance. Designed for UK registered private companies with a turnover of up to £50m and charities, clubs or associations with up to £2m income.

Cover includes:
  • Directors’ and Officers’ or Trustees’ Liability up to £5,000,000 limit any one claim on a worldwide jurisdiction basis
  • Company Legal Liability up to £5,000,000 limit any one claim
  • Pollution clean-up costs included up to £25,000
  • Cyber Liability included
  • Employee Dishonesty cover included for £100,000 limit any one period of insurance
  • Employment Practices Liability up to £5,000,000 limit any one claim as an optional section
  • Professional Negligence cover included (for charities and associations only)
  • Access to Employment, Legal and Regulatory advice
  • Crisis public relations advice helpline
Call one of our Account Managers for more information.
At a glance
  • Phishing attacks result in victims being tricked into clicking on a fraudulent email link or attachment
  • While companies are investing heavily in technology to fight these attacks, human error makes all businesses vulnerable to phishing
Phishing attacks in particular require a combination of an effective human response and a technological solution.

Here, we examine why phishing can be a huge problem and the strategies that can be deployed to fight off phishing attacks.

phishingThe scale of the phishing threat
Successful phishing attacks can give hackers access to a treasure trove of data, which they can use for financial gain.

There have been numerous high-profile attacks in the UK, including one that led to the theft of £1.2 million from hundreds of students, and the recent £20 million Dridex Trojan attacks, which targeted British banks and government agencies.

Phishing attacks work because they target human vulnerabilities that exist in every business.
Janet Roberts, Zurich’s Head of Security Awareness, Group Information Security, says: “Cyber criminals rely on the possibility of human error when planning a phishing attack. Perhaps the person is in a hurry while reviewing emails and does not check before clicking on a link. Or perhaps they have not been educated about phishing and the risks it poses.

“Criminals may try to infiltrate a firewall or other system, but a company with robust technology can often prevent these types of attacks. Companies are investing heavily in preventative technology, which is good, but they need to remember that without educating their people, employees remain a weak and obvious target.”

Fighting off phishing attacks requires a three-pronged approach: detection, reporting and technology.

1. How to detect a phishing email
Many fraudulent emails share common characteristics, such as:

A generic greeting, e.g. “Dear customer” – in most organisations where people interact via email, they would be addressed by their name
  • A threat to take action – banks, credit card companies or internet service providers wouldn’t notify somebody that their account was in danger via an email threat, but cyber criminals might
  • Requests for personal information – e.g. passwords, PINs or log-in details
  • Spelling/grammatical errors – cyber attacks originate from all over the world and English is often not the attackers’ first language. Although some criminals are now employing proof-readers to check for spelling errors. Other grammatical or syntactical errors may give cause for suspicion
  • Addresses that don’t match up – one of the most basic, but important, phishing defences is to hover the mouse over a link (without clicking). The website URL will then appear on screen. Comparing this URL with the typed address will give a good indication as to whether the link is genuine.
2. Importance of reporting phishing attacks
Companies should establish clear mechanisms for staff to report suspicious emails to their IT department straightaway.

If an employee has clicked on a link they suspect contains malware (unwanted/hostile software), prompt reporting will help the company to stop it from spreading. Even if the employee has not clicked on the suspicious link or attachment, reporting the incident will allow the company to investigate whether any other employees may have done so. The time it takes to detect and respond to an attack is critical.

Verizon’s 2015 Data Breach Investigations Report highlights how, in a majority of cases (60%), attackers are able to compromise an organisation within minutes of a successful data breach.
One study found that while 80% of companies have a process for employees to report phishing, more than half (52%) of companies say their staff report fewer than a quarter of the suspicious emails they receive.

It is therefore vital that companies foster an environment in which employees understand their role in preventing phishing, and that employees are updated regularly on the latest phishing lures being used.

3. Importance of regular updating of technology
Cyber criminals are continually adapting their methods to make their phishing lures harder to spot. Therefore, while a human line of defence can complement a technological solution, it cannot replace it.

As cyber security company Proofpoint observes in The Human Factor 2015 report on phishing: “While an important tool, user education cannot be the last line of defence: organisations should deploy automated defences capable of detecting and blocking threats that do not look or behave like previously known threats.”

Proofpoint’s research highlights that on average, one in 25 malicious messages is clicked on, and that this ratio remains almost exactly the same regardless of an organisation’s size or how many malicious messages it receives.

Cyber criminals realise if they keep attacking, they will find a soft target sooner or later. However, companies that have built a human line of defence to back up their IT solutions will be best placed to minimise the risk of becoming the criminals’ next victim.

18th July 2016

Cyber insurance

These days we all rely heavily on our computers and computer systems. Whether you are an individual with one laptop or a multi-national business with a global network, any incident that disrupts our computer usage can be devastating. Incidents include:
  • An employee opening an email containing a virus
  • Employees losing removable media such as a memory stick or laptop
  • Server infiltration by hackers
  • Home and mobile working reducing security levels
These incidents may be more prevalent than you think; 60% of small businesses suffered a cyber security breach in 2014*

Cyber-crime-insuranceCyber risks come from a range of threats which can be covered by suitable cyber risk insurance.

You may think you are covered by your commercial insurance for some of these incidents, such as loss or damage to hardware, but a specific cyber insurance policy will cover much more and provide proper support when you need it most, for example, a typical scenario could be:
  1. A successful attempt has been made to infiltrate your computer systems and data has been stolen or corrupted. You will need help from experts who can provide immediate support and advice.
  2. The stolen data is sensitive and could cause serious damage to your company’s reputation. You need legal advice and public relations support to minimise any adverse publicity.
  3. The data accessed contained personal details and financial information. Claims for damages could follow and you need to cover your legal costs and any compensation.
  4. Your IT department or external consultant will have to restore the information that was lost or stolen. You need to cover the resulting costs.
  5. However, your IT department may lack the resources or the knowledge to resolve and fix the breach. You will need the support of a team with the skills and experience to protect your business as soon as possible.
  6. Disruption to your business, while you resolved all of the issues, resulted in loss of sales and revenue. You will want compensation for those losses.
There are many other implications to consider when thinking about protecting your computer systems and infrastructure and every business will have different risks.

This is where an insurance broker can help. They will be able to assess your exact needs and find the most suitable policy for your business.
*HM Government & Marsh UK Cyber Security Report March 2015
27th April 2016

Cyber security insurance

Many small businesses think they are too small to be targeted by cyber criminals however, recent statistics show that 74% were affected by a security breach in 2015. More worrying is the fact that it can take an average up to 231 days before the company is aware of being hacked. A lot of damage can be done during this period.
£65 - £115K is the average cost of a security breach to a small business*

Cyber_risk_insuranceAs we rely more upon technology, the risk of a cyber-attack increases. Most businesses hold information about customers, employees and banking details on their computer systems that are the backbone of their business management. The result of a security breach could damage the viability of the entire business.

The government backed Cyber Essentials scheme (see link below) provides useful information to help protect your business against hacker attacks. However, as they say in their document “You can never be totally safe, but most online attacks can be prevented or detected with basic security practices for your staff, processes and IT systems”.

For peace of mind and to limit the financial implications of an attack, you may want to consider an insurance policy.

What does cyber security insurance cover?
Cyber and data risk insurance will provide support and help to protect your business from some of the financial consequences of a cyber-attack if a hacker gains access to your computer systems.

It provides you with comprehensive cover and a trusted partner to help reduce the effects of a security breach:
  • Mitigation of the financial impact of data leaks
  • Advice and support for your IT department
  • Managing the risk of any adverse publicity
  • Protection from third party claims against the company
  • Regulatory fines for data breaches
  • Loss of profits while recovery is taking place
  • Professional fees
  • Breach coaching
  • Costs involved with limiting damages and recovery of data
  • Theft of hardware or system access codes
  • Data breach by an employee
  • Legal advice and professional fees

The support is provided by a cyber incident response team and policy holders can also benefit from assistance after a data breach, to help restore systems and firewalls.

For a full breakdown of the cover available and to discuss your requirements with one of our Account Managers, please contact us on 0121 321 4600 or complete our enquiry form.

* https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/412017/BIS-15-147-small-businesses-cyber-guide-March-2015.pdf

Business_InsuranceAt a glance
  • Underinsurance, online reputation management and cyber security are likely to be key issues for many businesses in 2016
  • CLA is committed to offering you new ways to help manage these three key risks
We understand that our business customers face a unique set of challenges. We realise, too, that your needs can be complex, with risks that need to be carefully understood before they can be managed appropriately.

Underinsurance is a significant challenge for businesses. Inadequate sums insured frequently arise in relation to business interruption (BI) policies and commercial property valuations. It is estimated that 40% of businesses underinsure their business interruption cover and up to 80% of commercial properties could be underinsured.

Many businesses also set insufficient indemnity periods, often misjudging the time it could take to replace specialist materials and machinery following a loss.

Online reputation
Up to 75% of an average corporation’s value is now based on its intangible assets – including its brand name and reputation.

Here are more reasons why online reputation is so important:
  • The average adult in the UK spends more than four hours a day using computers, tablets, smartphones and other digital media
  • 61% of customers read online reviews before making a purchase
  • 50% of potential sales are lost because customers cannot find the information they are looking for online
  • Customers that are happy with the response they receive to an enquiry on social media are 43% more likely to recommend that company to family and friends

Companies without a strong online presence, or those that fall foul of negative online reviews, risk losing ground to competitors or suffering reputational damage.

Cyber Risk
Cyber crime is a growing threat to UK businesses with official government figures showing that 90% of larger businesses have suffered a cyber breach in the past year. The average cost of the worst single cyber breach suffered by each large UK business last year was more than £3 million.

More than 1,000 UK businesses have adopted Cyber Essentials, a government scheme that sets out five technical controls to protect businesses against the most common online threats, including viruses, malicious software and hacking.

Employees can be encouraged to play their part, for example by spotting potential phishing scams and alerting them to their company’s IT department.

However, even with robust technology and a workforce that has been educated on how to detect certain cyber threats, it is impossible for companies to completely eliminate the risk of a cyber breach, which is where the role of insurance comes in.

How CLA can help
We can offer you new ways to manage the risks outlined above.

Our services cover six key trade sectors; manufacturing, food and beverage, wholesale and retail, sports, leisure and entertainment, professional business services & technology and communications.

Call us to find out more.

Data_protectionHow many UK SMEs will be “caught with their IT pants down” when new EU regulation on data protection arrives next year?

According to one recent survey, only 10% of businesses said that they understood the changes that they needed to make in order to be compliant with the new regulations. Many others complain that the European Commission’s proposal for a General Data Protection Regulation will be hard to implement.

Yet “on paper” it looks straight forward. The regulations allow British citizens the right to have their data forgotten. This means unless there is a compelling reason to keep data, it has to be erased.  The regulations also make it easier for people to access their own data.

Even though the regulations may take up to two years to become legislation, non-compliance could still lead to hefty fines. Staff training and improved IT systems are needed in preparation, alongside clear accountability. Who is responsible for data in your business? What procedures do you have in place for data breaches?

It would also be an excellent time to work with your local independent insurance brokers to ensure that your have insurance in place to cover all aspects of data storage, use and control. And just to be sure, professional indemnity, insurance against legal costs and other “belt and braces” policies should be considered, to protect you if your business does fall foul of legislation.

We can look at the full picture with you, providing national insights, conducting sector wide research, but also providing in-depth analysis of your individual business risks and insurance needs.

21st August 2014

Cyber risk insurance

You_have_been_hacked_messageMost information is stored digitally these days on a variety of devices. The financial repercussions of recovering from a security breach can soon mount up. For example, your IT support team will be working overtime to control the damage and fix the breach. Clients may be making claims for damages. You may need legal advice and there may be costs involved in managing adverse publicity.

Taking out insurance to cover these risks will not only mitigate your financial losses but with the right insurance cover in place, you will also have access to the support needed to get your business up and running again as quickly as possible. Following a cyber attack, you will be able to call on professional advice for IT, media and legal issues that may arise.

Globally cyber crime is on the increase, not only from external sources but from within a company’s own employees. Virus attacks on companies computers soared in the last year from 11,523 to 22,315 according to Detective Superintendent Pete O’Doherty, head of the National Fraud Intelligence Bureau. There were 494 cases of companies saying that their computer servers had been hacked.

Research from the FSB (Federation of Small Businesses, The Voice July/August 2014) concluded that 60% of small firms experienced a security breach in 2013, compared to 64% in 2012. However, costs have increased from previous years. In 2012, the worst security breaches cost between £35,000 and £65,000 whereas in 2013 costs were between £65,000 and £115,000.

These costs could be catastrophic for a business. For ultimate peace of mind, taking out a cyber risk insurance policy will cover you for a wide range of costs and provide the support you need to minimise the damage to the company and its reputation.