Cyber security and insurance to become compulsory by 2017

UK companies of all sizes will be required to have cyber security and insurance in place as part of Network and Information Security (NIS) and General Data Protection (GDPR) legislation.

The decision comes after the increasing threat of cyber attacks with cybercrime costing global businesses around £200 billion annually. In 2014, 60% of small businesses experienced a cyber breach with the average cost of a breach being £75,000. (Source: The Insurance Times [1]) - however currently 90% of UK companies have zero cyber insurance in place.

What are the most common cyber attacks?

The biggest fear for a company is to have data or information breached and into the wrong hands. This can lead to a huge loss of revenue and potential lawsuits from clients for mishandling key information. The most common attacks include:

Malware - this is a software designed to perform unnatural and unwanted actions on the computer and it can gather and steal information without the user knowing.
Virus or Worm - this can be replicated and spread to several other computers and networks.
Trojan horse - this is a backdoor code which is hard to detect by the user and can steal, corrupt or destroy data.
Phishing - this is a dangerous link which is usually found in an email and it causes the computer to corrupt when clicked.
Human - this can be as simple as an employee sending the wrong information to the press, to a competitor or stealing sensitive information from the company.

How can cyber insurance help?

Cyber insurance is available ranging from £100,000 up to £5 milllion and even more depending on the size of the company. (Source: Be Wiser Business Insurance [2])

Insurance can be purchased for any eventuality including a loss of income due to a data breach, compensation in the event of a ransom i.e data is withheld by a hacker until payment is delivered.

Your insurance can offer legal cover in case you wish to take a competitor, employee or third party to court over a data breach.

Also, in the event of a crisis, your protection can be pay for any PR you need to repair your image after a data breach or pay for a specialist to fix your IT infrastructure.