What Is Cyber Risk
Cyber risk is a risk that affects any business in any industry from government to not for profit organizations to manufacturers, online retailers, the energy sector, and really any other business services. If you have a computer and are connected to the internet, if you have employees that are connected to an internet, you have a cyber risk. Cyber risk is emerging as the number one operational risk to information and technology assets.
The operational risk is the damage that it causes to your system, the loss of profits from downtime, and the cost of restoring data and getting back online. Cyber criminals are looking for financial gain, whether that is directly by holding you to ransom or leading you to click on a link to transfer funds and drop false pretense or stealing information that is of value.
The major issues faced by small to medium size businesses is ransomware.
Cyber Risk By The Numbers
No doubt you would have heard about WannaCry in the news recently, the other things are social engineering, fishing, freaking, and cyber fraud. 23% of recipients open fishy emails and 11% of them actually click on the attachments. These are great strike ratios for criminals. The other part of cyber risk is a data bridge incident.
This is theft or unauthorized viewing or unauthorised disclosure of personal and sensitive information. 34% of data bridges are caused by hackers and what will surprise you more is 29% of data bridges are caused by employees and that may be in the form of disclosing personal information on company websites or not disposing of sensitive information in the correct manner. As a business owner or a director of an organization, you are responsible for protecting that data.
The theft of personal information has become such an issue that the federal government has been quick to pass legislation to protect consumers and put pressure on organizations to protect the data that they hold. New mandatory data bridge notification law is coming to effect in February next year. I’m not going to go into that now, but you need to know if that law applies to your company.
Cyber insurance will help you with the cost associated with a cyber-attack. It will provide you with access to a team of IT, forensic consultants, forensic accounts, lawyers, and other consultants such as public relations consultants. It will cover the cost of these consultants. It will also cover business interruption, which is the loss of profits and any cost associated with that. It will provide credit monitoring services.
It will cover the cost of notifying your customers if their data has been stolen. It will also provide cover for legal representation and any regulatory investigations that may arise. In summary, in some cases, having a cyber insurance policy is a difference between your business surviving a cyber-attack, or losing it altogether.