Thursday 20th January
Building resilience to a cyberattack
Cyber security is essential to the health and resilience of any organisation. Businesses rely on technology for everything from online trading and digital communications to employee homeworking through the pandemic. This reliance on technology exposes organisations to the increasing threat of cyber-attacks such as email phishing scams, computer viruses, malware, ransomware, hackers, and human error.
Cybercrime: A growing problem
Managing an unexpected cyberattack should not be underestimated. Businesses can expect to lose valuable trading time, customer data, and data breaches, to name a few. With the government’s cyber security agency reporting that ransomware attacks in the UK have surged in recent years, tackling cybercrime should be a strategic priority for all businesses. The National Cyber Security Centre’s (NCSC) 2021 annual review* identified three times as many ransomware attacks – where hackers extort organisations in return for stolen data – in the first quarter of 2021 than in the whole of 2019. The report also warned that high levels of home working prompted by the Covid-19 pandemic meant criminals could increasingly use ‘off-the-shelf ‘malware to exploit weaknesses in businesses’ software and VPNs to access sensitive data.
Tougher penalties
Since 2015, cybercrime has made the list of CEOs’ top concerns in PricewaterhouseCooper’s (PwC) Annual CEO Survey. In 2020, cyber threats ranked second – topped only by pandemics and other health crises – after sitting in the number four position the previous year. But in North America and Western Europe, cyber is number one. In the UK, the General Data Protection Regulation (GDPR) and high-profile media coverage on the impact of cyber incidents have also raised the awareness of the seriousness of this issue amongst business leaders, shareholders, customers, and the wider public. The General Data Protection Regulation (GDPR) 2018 put greater responsibilities on organisations that experience a cyber-attack to demonstrate they are adequately protecting the data they hold on individuals. GDPR requires all businesses to report an attack to the Information Commissioner’s Office (ICO) within 72 hours of discovering the breach, or they could face severe penalties.
Dean Calaz, Regional Managing Director, Kerry London said, “Good cyber security protects a businesses’ ability to function and ensures organisations can focus on the opportunities that technology brings. Cybercrime accounts for nearly 50% of all crimes in the UK*** – cybersecurity is a priority that no one can ignore. Board members are pivotal in tackling this risk by proactively improving their organisations’ cyber security to minimise future incidents.”
Kerry London has partnered with cybercrime experts One IT Consulting and Cloud Digital to provide protection that covers the cost of a cybercrime incident and future proofs your business against cyberattacks. You can select one or all three options, which include insurance cover to cover the cost of a cyber incident, IT risk management to reduce the risk of future cyberattacks and IT strategy consultancy to get the best results on your IT investments.
Alex Clixby, Director at One IT Consulting, comments, “We have helped businesses to reduce their cyber risks by conducting a full review of their cyber security vulnerabilities and implementing measures such as Security Incident and Event Management (SIEM) solutions and intrusion prevention systems. We have also introduced measures such as multifactor authentication and conditional access controls to improve business security for remote workers during COVID-19 lockdown, where security is more vulnerable.”
Jonathan Palmer, Co-Founder, Cloud Digital, said, “It’s inevitable that all organisations will become the victim of some form of cybercrime at some stage. Cybercrime is a rapidly evolving threat, so most businesses are now moving from cyber-prevention strategies to cyber-resilience by creating a difficult environment for hackers to attack. We encourage businesses to have these processes in place because it will enable them to recover quickly and successfully from a cybersecurity incident.”
Download the Cyber Security Toolkit
The Government’s National Cyber Security Centre (NCSC) has designed a Cyber Security Toolkit to help board members get to grips with security:
References
*https://www.ncsc.gov.uk/files/NCSC%20Annual%20Review%202021.pdf
** https://www.mcafee.com/enterprise/en-us/assets/reports/rp-hidden-costs-of-cybercrime.pdf
Kerry London is authorised and regulated by the Financial Conduct Authority. The company is a leading UK independent and Lloyd’s accredited broker which means that we work with a wide range of niche and major insurers.
“This note is not intended to give legal or financial advice, and, accordingly, it should not be relied upon for such or regarded as a comprehensive statement of the law and/or market practice in this area. In preparing this note we have relied on information sourced from third parties and we make no claims as to the completeness or accuracy of the information contained herein. You should not act upon information in this bulletin nor determine not to act, without first seeking specific legal and/or specialist advice. We and our officers, employees or agents shall not be responsible for any loss whatsoever arising from the recipient’s reliance upon any information we provide herein and exclude liability for the content to fullest extent permitted by law.”
Categories: Uncategorised,
