We are here to help you get the best value from your insurance
0121 321 4600
Newsletter Signup
twitter Social Icon linkedin Social Icon
One in three companies have experienced a cyber incident in the past 12-months, according to Bridging the Cyber Risk Gap, the latest research from insurer Chubb.

As a direct consequence of this, a significant majority realised they were less prepared than they had hoped. In many cases, that lack of preparation will not have been around companies’ digital defences, instead the problem will have been with their own people.

Few firms in the UK understand or address effectively the human element of their cyber risk. Around 70% of cyber security breaches result from phishing attacks, and a growing number from broader social engineering by criminals.

This does not include the number of cyber breaches that result from simple human error, without malicious intent. Here are a few easily recognisable scenarios:
  • Cyber_Risks_from_employeesthe employee who emails important data to someone they did not intend;
  • the employee who falls for a scam email;
  • the employee who opens a link in an email without verifying the sender’s address;
  • the employee who goes online and inadvertently downloads malware onto a company computer;
  • and the employee who accesses company information from their own device and introduces malware.
The above are a combination of simple human error, ignorance or – more worryingly – sophisticated attacks known as ‘spear-phishing’ in which information gleaned from social media or a company’s own website is used to dupe an employee into doing something or following a link which exposes the company to risk.

All firms should undertake a holistic audit of their cyber exposure. In each area, pre-loss planning can minimise the likelihood or effect of an attack. The areas are: awareness, protection, detection, response, and resilience.

Awareness involves understanding in detail the business environment, what risks exist and what regulation applies to a firm in the event of a cyber breach.

For protection, companies need to implement a ‘best-in-class’ cyber hygiene, including proper datahandling protocols, identifying a responsible information security officer, implementing technology or buying protection against identified risks.

Detecting intruders as quickly as possible is key to limit the damage attackers can do. This includes both technology-led solutions and offering incentives to staff to raise the alarm quickly if they see or do something unusual.

Companies need a 24-hour response system that allows rapid action, including notification of those affected after an attack, as well as cleansing the system of malware.

Often referred to as business continuity, resilience is about the long-term protection of revenue, and includes communication to clients about resumption of business, rapid restart planning, and pre-planning to find alternative routes to market in the event of a complete shutdown.

Cyber-crime and fraud prevention can seem complicated, but they needn’t be. Start by putting simple, everyday steps in place to ensure you and your customers are well protected.

If you are uncertain about how to protect your business from cyber-crime, contact us on 0121 321 4600 or send your enquiry to info@clarisksolutions.co.uk

Thanks to Post Magazine; Lauren Webb, London cyber underwriting managerand Nick Bellamy, principal cyber risk engineer and technology industry practitioner at Chubb.
Cyber_Security_and_GDPRCyber crime is evolving so rapidly that the law is scrambling to keep up. The General Data Protection Regulation (GDPR) harmonises all the data protection laws across Europe.

The EU has finalised its new data protection legislation to close some of the loopholes that have allowed so much cyber crime to go unreported.

The new directive comes into effect from 25th May 2018. It applies to any business that holds personal data or processes data for a client firm.

It requires your firm to demonstrate you have appropriate data-processing controls in place, to notify the authorities if you have a breach and make sure you have consent for all the data you hold.
Your business can be fined up to 4% of annual global turnover or €20 Million for breaching the regulation.

All companies and firms like yours will need cover. This is already leading to increased interest in cyber insurance and without GDPR compliance, your cover may not be valid.

Key points
One of the main points in the GDPR is the way companies collect and gain consent to use a person’s information such as name, a photo, an email address, bank details, posts on social networking websites, medical information or a computer IP address.

“Consent must be clear and distinguishable from other matters and provided in an intelligible and easily accessible form, using clear and plain language. It must be as easy to withdraw consent as it is to give it. Explicit consent is required only for processing sensitive personal data - in this context, nothing short of “opt in” will suffice. However, for non-sensitive data, “unambiguous” consent will suffice.”

*Taken directly from the GDPR website.

Cyber risk insurance
Any company storing information electronically faces the very real prospect of a hacker or even an employee gaining unauthorised access to their data.

Whether information is stored on a company server, individual PC, in the cloud, or on your company website, if a breach occurs, you will need the protection that cyber security insurance can offer to counter the impact this can have on your business.

You can mitigate the risks by taking out cyber insurance. However, you would be wise to improve risk management and comply with the GDPR to keep premiums as low as possible and ensure your cover remains valid.

CLA have also teamed up with Ilicomm who can provide a complete vulnerability assessment that can reveal as yet undiagnosed problems and highlight any weaknesses. They provide a free scan, subject to qualification, so that you can test drive their service for yourself.

What does cyber insurance cover?
Cyber insurance is designed to provide the support and protection you will need from some of the financial consequences of a cyber attack and includes:
  • Mitigation of the financial impact of data leaks
  • Advice and support for your IT department
  • Managing the risk of any adverse publicity
  • Protection from third party claims against the company
  • Regulatory fines for data breaches
  • Loss of profits while recovery is taking place
  • Professional fees
  • Breach coaching
The support is provided by a cyber incident response team and policy holders can also benefit from assistance after a data breach, to help restore systems and firewalls.

If you would like to arrange a free scan from Ilicomm, please contact one of our team on 0121 321 4600.
Cyber-securityCyber security may sound like a technical problem, but as we saw recently with the NHS attacks, preventing it is a management challenge.

It starts with carrying out a risk assessment and answering, ‘how would our business cope if we came in one morning and our computers didn’t operate?’ ‘What is our backup plan and who could we rely on to help us fix it if we had an attack?’

When you have a grip on your operations, remember your business has a responsibility to staff and customers to secure the data they use in the organisation too. The Data Protection Act requires personal data is secured and used appropriately.

Why should you do this? Because the threats from cyber criminals, hackers and identity theft are very real. When you understand the extent to which your business will be affected and what it could cost you, it becomes easier to justify the resources you’ll need to put in place now to prevent it.

Computer security for small businesses should be multi-layered, using desktop security products such as anti-virus, anti-spam and firewalls, and network intrusion detection, and hardware technologies such as security tokens, disk encryption and biometric fingerprint recognition.

But above all, it is about management. Define and train your staff on a security policy, including using strong passwords that include numbers and letters; not sharing or displaying passwords; and only opening email attachments from reliable sources. Encourage your staff to use the web responsibly, and stay vigilant when outsiders are in the office. Monitor access to the network, including memory sticks and other plug-in devices, which can be used to steal company information.

Protecting your business against phishing, vishing and smishing
  • Be cautious of how much information you reveal about your company via social media platforms
  • Do not assume a caller is genuine because they know information about you or your company – fraudsters are skilled in collecting enough information to sound convincing
  • Do not open emails that you suspect could be spam
  • Never enter any personal or security information on a site accessed through a link in an email
  • Never open attachments from senders you are unsure of
  • Be cautious of callers who attempt to gain information from you – “I want to check a payment you made today”. Rather than, “I want to check a payment of £5,000 you made today in favour of XYZ Ltd”. The former may be trying to get you to divulge information that can be used against you later.
  • If you are suspicious, terminate the call
  • When ringing back to verify the contact, use your usual contact number, not one provided in the suspect correspondence
  • On sites that require you to input sensitive information, look for “https” in the website address – the “S” stands for “secure”
  • Ensure there is a padlock symbol in the URL address bar – this shows that your selection is secure
  • Remember that your bank may ask you for some information, but will never ask for your full password or PIN, provide you with details to make a payment, or request that you grant them access to your systems or PC
  • Familiarise yourself with what your bank will and won’t ask you if they wish to verify payments
Protecting your business against invoice fraud
  • Make your staff aware of this threat
  • Check notifications and invoices received carefully to see if the document looks like a counterfeit
  • Check that the email address the message comes from does not look odd, such as by ending in”.org” when it should end in “.com”.
  • Always call your supplier, using contact details you have on file (not those supplied in the message – that will be the fraudster) to confirm any changes before effecting them. Ensure that you validate the exact bank detail changes you should be making, in full
  • Consider setting up single points of contact with the companies you pay regularly
  • Consider adopting dual control procedures for any changes in payment information
  • Use leveraging technology that ensures invoices are matched with purchase orders, flagging any rogue invoices
  • Regularly conduct audits on your accounts
Cyber risk insurance
Insurance is an essential part of your cyber security strategy to help you to recover quickly after a breach and cover the costs involved such as:
  • Bringing in experts to support your team
  • Managing any negative press coverage and crisis containment
  • Third party liability
  • Repairing and restoring systems following an attack
  • Extortion costs you may have to pay following a ransomware demand
  • Legal advice
  • Business interruption costs
Vulnerability assessment – preventing an attack before it happens
CLA have partnered with cyber security specialists Ilicomm, who can offer a vulnerability assessment.

Their vulnerability assessment programme will not only reveal as yet undiagnosed problems, but will highlight weaknesses and recommend the explicit technical controls required to mitigate the risk to an acceptable level.

To find out more about cyber security and how to protect your business please call, or request a call back and one of our account executives will contact you.
Business-threats-2017Allianz has produced their Risk Barometer for 2017 which identifies top three corporate perils for UK businesses.

The figures are based on the responses of more than 1,200 risk experts from 50+ countries.

At the top of the list in the UK is cyber incidents with 48%. The toughening of data protection regulation put this at the forefront of risk experts’ minds, as penalties for non-compliance will be more severe.

Second was business interruption (BI). Physical perils such as fire and explosion are top causes of BI that businesses fear most, but non-physical or non-damage causes are becoming a much bigger issue; for example, supplier failure or cyber incidents.

Macroeconomic developments moved up from sixth position last year to third.

Cyber insurance
It is no longer a case of, if your business suffers a cyber-attack, but when. Cyber-crime has moved to the top of Allianz’s barometer with hardly a week passing without the media reporting a high-profile case of hacking or ransomware attack. And this does not include smaller businesses where breaches go unreported.

Cyber insurance can provide the cover that could be the difference between the survival or bankruptcy of your business.

Business interruption insurance
Disruptions can be caused by a wide variety of risks; fire, flood or a leaking pipe. Your commercial insurance policy will cover the material losses, but if your business is forced to close following an incident, this is when business interruption insurance is invaluable.

The policy will cover loss of income following an insured incident.

Macroeconomic
It is not surprising this has moved up the Risk Barometer in 2017, with more uncertainty, driven by growing concerns over political, legal and regulatory developments globally.

Allianz possess strong underwriting and risk management capability which means they can offer cover and access to business specific risk guidance ensuring that businesses are properly protected.

To protect your business from business risks in 2017, talk to one of our account executives at CLA to find out more.
Have you reviewed your business insurance recently? Does it provide adequate cover to secure the future of your business should events take a turn for the worse?

Commercial-business-insuranceBusiness is constantly changing and risks need to be evaluated every year to ensure new threats to your business are covered. Fortunately, insurers are continually introducing new insurance products to meet these future business challenges. If you use an insurance broker, they should be making you aware of these new products and recommending updates to your policy. However, if you rely on simply renewing your existing insurance online without the support and advice of a broker, you may find that over a period of time, your insurance policy is insufficient to cover these new threats.

Your commercial business insurance will cover you for insured risks such as fire and theft, but you may need to check you are covered for more specific threats.

Cybercrime insurance
Statistics published by the government in 2014 stated that an estimated 81% of large companies and 60% of small businesses suffered a data breach. With an average cost of £600,000 to £1.15m for large businesses and £65,000 to £115,000 for smaller ones, cybercrime is no small problem.

Technology now connects millions of people both in business and socially due to the rise of connected devices and access to information. This trend has in turn led to a rise in the number of hackers who have the ability to launch cyber-attacks. These can arise from a number of sources both internally (unhappy staff, lost devices, poor data encryption) and externally (hackers, third party suppliers losing data).

Often clients assume cybercrime is covered under general liability. It’s not.

Liability Insurance
  • Professional indemnity
Providing professional advice as a freelance Consultant can be risky. If you were to accidently provide incorrect advice or omit to pass on relevant information, you could be liable to legal action against you or your business.

Professional Liability insurance cover is designed to meet your individual requirements and will pay for the legal costs of defending an action against you.
  • Directors and officers
Specifically developed for senior personnel and management. Directors and Officers insurance provides protection from legal action that could result in a claim against Director’s homes, possessions and investments.

Having legal expenses and PI cover in place is simply not enough, for example a PI policy does not provide cover against actions pursued by shareholders or employees.

Frequently taken out by larger companies, SME’s are sometimes slow to realise the potential benefits of a Directors and Officers policy. The fact is, a smaller business could be more vulnerable because it may have less stringent corporate governance procedures in place and therefore it is even more important to consider this cover.

Insurance against bad debt
Non-payment of your invoices can be a significant risk for small companies. You can protect your business against this risk by purchasing bad debt protection. Bad debt policies are tailored to each individual company, taking into consideration the type of industry, years in business, equity position, existing assets and liabilities, payment records and revenue.

According to “Company Check” more than half of small businesses have had to write off money owed to them as a bad debt in the past 12 months. If this was applied to the UK as a whole, the Federation of Small Businesses state that this would have affected a staggering 2.8 million companies.

In 2015 more than 7,000 trade credit insurance policies were taken out by small businesses. The Association of British Insurers figures show that £149 million was paid out, the equivalent of £3m per week to support businesses when a customer defaulted on payment.

Future protection
No one knows what insurance cover will be needed in the next few years. Change is happening at a faster rate and technology is advancing every year. One thing is certain, insurers will be developing new products to meet the demands of their customers and the first to hear about these new products will be your insurance broker.

Keep in touch with your broker regularly and they can advise you of the most suitable and affordable insurance for your company to ensure your business is protected into the future.