ITB - IT Solutions for the next generation
linkedin logo twitter logo facebook logo google+ logo

4 Cyber Risk Insurance questions every organisation should ask themselves

2nd August 2017
4 Cyber Risk Insurance questions every organisation should ask themselves

Back in July 2016 it was reported by krebsonsecurity that cybercrime had overtaken all other forms of crime in the UK. They even went as far as stating
that the figures could be even worse than first feared with many crimes going unreported.

In fact, it is thought that over 3 million British businesses were compromised by cyber-attacks last year costing over £29.1 billion.

It no surprise then that as with traditional crime, many businesses are taking out insurance to mitigate the risk. This should NOT however be a substitute
for good system protection practices and should be an additional safeguard against financial losses in the event of a breach.

An important point to raise here is that when taking out Cyber Risk Insurance your insurer may ask several key questions before supplying a quotation and
if the criteria isn’t met then getting insurance will be difficult. Many of the questions Insurers ask, act as a good guideline when it comes to ensuring
your organisation is doing what it can to stay safe.

Some questions insurers may ask…

  • Has the insured taken steps to implement fraud guidance measures, such as those provided by relevant professional bodies?
  • Has the insured trained all staff involved in handling funds on effective methods of verifying the identity of clients and bank account details, and
    does this include a two-stage ID process (such as calling a client on a known telephone number to verify e-mail instructions)?
  • Does the insured ensure that all security software, including anti-virus, anti-spam, and firewall software, is regularly reviewed to ensure the detection
    of malware and is all software regularly ‘patched’?
  • Does the insured exclude liability for fraudulent or malicious email that purports to come from them, and make their clients responsible for ensuring
    that all e-mails from the insured are genuine before acting or relying on them?

CILExJournal – The Journal of Chartered Institute of Legal Executives

All the points above are key to consider, not only when taking out a Cyber Insurance policy but from a best practise perspective. If they are met, and
you can prove so, then this will mitigate risk and will give you a good standing in time for GDPR to rear its head in May 2018.