If you are a local business leader or owner, think of your business premises as if it they were your house or home. Whenever you moved into your home, one of the first things you had to take care of were your contents and buildings insurance, helping protect you, your possessions and the building itself should the worse happen.
Likewise, home insurance protects you against unexpected events such as burglary and theft. We all know though, that they only are worth having and would only pay out should you be able to prove you took all reasonable precautions, such as having good locks and perhaps a burglar alarm fitted.
Nobody should expect to be covered if they went away on holiday, posted news of that fact all over social media and left their front door wide open for all to see. But for all those businesses who tick a box on their annual commercial insurance for ‘Cyber Insurance’ protection are doing just that – if they haven’t actively taken precautions to protect their data, their systems and their business, they might not be aware that they aren’t really covered at all.
Many do not realise that by not patching systems, servers and users that are online – these same servers are constantly then broadcasting and advertising to hackers and criminals that they are easy to break into, and are the equivalent of leaving windows open and doors ajar.
Even more concerning is that many businesses do not even realise that they wouldn’t be covered or possibly would have their claim rejected if after a cyber attack it was discovered that the business chose to ignore software updates, knowingly used old, dated and unsupported technology, ignored security warnings or heeded advice from suppliers about improving their security – i.e. they did not help themselves to reduce the chance of a cyber ‘break in’. Insurers in these scenarios would do their best to make them therefore liable for the whole incident and choose not to payout.
We have met many businesses who have tried to do cyber security by themselves. But like buying a cheap DIY kit from a big out of town home improvement store, and fitting something yourself, you just shouldn’t expect the same quality of service or reliability as a professionally fitted and maintained security alarm system. Cyber security is like many things in life – you really do get what you pay for.
When it comes to cyber security and managing your ongoing risks, remember that if something is added to your normal insurance policy for free or is low cost – or maybe something you have downloaded and set up for free off the internet – then the value it might offer you in the worse case scenario could be the same – i.e. nothing.
Remember why your business does what it does. If you work in financial services, or work as a local solicitor or a local manufacturer – why should you also become a cyber security expert as well? We say stick to your knitting and do what you do best and focus on your customers. And our advice when it comes to cyber security, if ever in doubt – outsource.
So to save yourself significant money and headaches in the long run, take out a specific cyber insurance policy from a reputable insurance provider and broker to match and cover your needs. If you identify areas for security improvement when doing that, heed the advice and act on it.
Otherwise you could be wide open to both being compromised and worse still afterwards only discover that you are under-insured or uninsured and financially unable to recover your business.
And if you’ve been taken offline after a cyber attack – you needed to have planned ahead and invest in an effective cyber security strategy appropriate to your business size and budget for this accordingly, and not try and do this whilst the event is unfolding. Again think of the value of trying to fit a low cost smoke alarm or fire extinguisher to the kitchen wall whilst the house is still on fire – at that point it’s too late – you have to call in the fire service and accept the losses.
We help businesses and organisations plan for the future and mitigate their online risks. We are based in Wrexham and work with businesses and organisations throughout North Wales. We don’t charge for an initial consultation or meeting and always work to help you design a cyber security strategy with your business needs and budget in mind.