Cyber breaches and GDPR

A recent Cyber Readiness report involving a study of more than 4,000 organisations across the UK, USA, Germany, Spain and the Netherlands, found major shortcomings in cyber security readiness at 73% of firms involved.

In the UK SME sector the failure rate was higher at 78%. Alarmingly, 45% of all businesses had been hit by at least one cyber attack in the last 12 months of which 27% were SMEs.

Of the SMEs attacked more than half were hit more than once in 12 months. Particularly worrying was how a cyber attack could damage day-to-day operations with 38% of SME businesses saying it took more than 8 hours to return to business as usual, (with 13% it took a week).

Beefing up your IT budget

Businesses recognised that they needed to invest more in IT security with the average business spending 10.5% of their IT budget on cyber security. Larger organisations were spending 12.2% with smaller firms at 8.9%.

With the arrival of GDPR businesses are having to meet this challenge head on, as financial and regulatory penalties are more likely for businesses that fail to adequately secure their client’s personal data. Businesses investment in security and insurance cover will need to increase, as data is the lifeblood of the digital world, and it is a business’s duty to take care of their customers data.

What can we do?

Breaches are inevitable and will happen. GDPR has brought it all into focus as businesses now have a duty to report it to the DPA (Data Protection Association) within 72 hours. So if name, address, date of birth, bank details, or any private or personal data about a customer is breached the organisation is obliged to tell those affected as well as the relevant regulatory body.

Investing in cyber and data risks insurance will protect your business and help you set up a cyber attack plan.

The key areas to include in your cover should be:

Ransomware -- Cyber Extortion. This is if a hacker tries to hold your business to ransom by corrupting your data.

Breach costs -- In the event of a data breach you will need cover for forensic investigations, legal advice, notifying customers or regulators.

Cyber business interruption -- This is compensation for the loss of income if a hacker targets your systems and prevents your business from trading.

Hacker Damage -- This covers the costs of repair, restoration or replacement if a hacker causes damage to your websites, software or electronic data.

Crisis containment – In the event of a data breach it is critical to minimise the damage to your company’s reputation. Having crisis containment cover will give access to external support e.g. public relations firm, provide you with support, help develop communications strategies or even run a 24/7 press office if needed.

The key is to find the right level of cover that suits your businesses. If you would like to chat about the sorts of level of cover your business needs call us on 01494 50 450 or email us at insure@jbennett.co.uk today.