w

The risk of fire epitomises the need for insurance.

Serious fires are fortunately rare, but the harrowing images of Grenfell Tower fully ablaze showed that when they do occur, they can be catastrophic and deadly. Occasionally, I hear comments like ‘metal doesn’t burn’ (it buckles and can melt), however, most people and companies accept the need for fire insurance.

However, the threat of internet related cyber risks has yet to evoke such emotions and the need for insurance. Most companies accept there is a risk, but many think that it either won’t happen to them or if it does, it won’t be too bad. In fairness, virtually all the headlines about cyber-attacks relate to big companies or Government institutions, rather than SMEs.

I thought the turning point may have been the ‘Heartbleed’ virus (when hackers broke into the cyber equivalent of Fort Knox) and recently many thought the cyber-attack that crippled the NHS may increase demand. But perhaps the General Data Protection Regulations (GDPR) will change attitudes. Cyber-crime, including the theft of data is reaching pandemic proportions and we are likely to see the magnitude of cyber-attacks on small companies, once new notification rules kick in.

GDPR will replace the Data Protection Act (1998) on 25 May 2018. They are EU regulations, but will become U.K. Law before we leave the EU and the general consensus is that they are unlikely to be changed dramatically, if at all, post Brexit.

The new regulations are basically the Data Protection Act ‘and then some’ and will toughen up rules relating to how data is kept and processed, the need for privacy notices stating how data will be used and erasure rights. There will also be more stringent rules on obtaining consent from the data subject, particularly for higher risk categories such as children and perhaps most significantly, the compulsory notification of security breaches to the data subject, if it involves a high risk to their rights or freedoms, as well as to the authorities (the Information Commissioner).

There will be costs involved in simply dealing with the new notification rules, a risk of reputational damage and data subjects will have the right to compensation. The authorities will also have powers to apply fines, potentially up to 4% of turnover, subject to a maximum 20m Euro, for the worst offences.

Insurance is available for the cost of dealing with data breaches, along with compensation awards and the fines (if insurable at law ie is not against the public interest,). In general terms, this means that if the fine results from negligence or an omission they can be insured, but not if they arise from a fraudulent or dishonest act, having said that, most insurance policies exclude claims from fraudulent or dishonest acts anyway.

You would be advised to check how the new regulations will affect your company and make sure you are ready. Ensuring your systems are as secure as possible is a given, but consideration of insurance protection should also be a priority.

A factsheet on the Cyber Insurance available can be found on the Nsure website www.nsureinsurance.co.uk

Cyber crime can’t be ignored

The risk of fire epitomises the need for insurance. Serious fires are fortunately rare, but the harrowing images of Grenfell Tower fully ablaze showed that when they do occur, they can be catastrophic and deadly. Occasionally, I hear comments like ‘metal doesn’t burn’ (it buckles and can melt), however, most people and companies accept the need for fire insurance.

However, the threat of internet related cyber risks has yet to evoke such emotions and the need for insurance. Most companies accept there is a risk, but many think that it either won’t happen to them or if it does, it won’t be too bad. In fairness, virtually all the headlines about cyber-attacks relate to big companies or Government institutions, rather than SMEs.

I thought the turning point may have been the ‘Heartbleed’ virus (when hackers broke into the cyber equivalent of Fort Knox) and recently many thought the cyber-attack that crippled the NHS may increase demand. But perhaps the General Data Protection Regulations (GDPR) will change attitudes. Cyber-crime, including the theft of data is reaching pandemic proportions and we are likely to see the magnitude of cyber-attacks on small companies, once new notification rules kick in.

GDPR will replace the Data Protection Act (1998) on 25 May 2018. They are EU regulations, but will become U.K. Law before we leave the EU and the general consensus is that they are unlikely to be changed dramatically, if at all, post Brexit.

The new regulations are basically the Data Protection Act ‘and then some’ and will toughen up rules relating to how data is kept and processed, the need for privacy notices stating how data will be used and erasure rights. There will also be more stringent rules on obtaining consent from the data subject, particularly for higher risk categories such as children and perhaps most significantly, the compulsory notification of security breaches to the data subject, if it involves a high risk to their rights or freedoms, as well as to the authorities (the Information Commissioner).

There will be costs involved in simply dealing with the new notification rules, a risk of reputational damage and data subjects will have the right to compensation. The authorities will also have powers to apply fines, potentially up to 4% of turnover, subject to a maximum 20m Euro, for the worst offences.

Insurance is available for the cost of dealing with data breaches, along with compensation awards and the fines (if insurable at law ie is not against the public interest,). In general terms, this means that if the fine results from negligence or an omission they can be insured, but not if they arise from a fraudulent or dishonest act, having said that, most insurance policies exclude claims from fraudulent or dishonest acts anyway.

You would be advised to check how the new regulations will affect your company and make sure you are ready. Ensuring your systems are as secure as possible is a given, but consideration of insurance protection should also be a priority.

A factsheet on the Cyber Insurance available can be found on the Nsure website www.nsureinsurance.co.uk

 

Need help?

Click here and we'll be in touch

Need help?

Click here and we'll be in touch