Inadequate Cyber Security Could Mean No Insurance for Businesses
Insurance companies in the UK are now reported to be considering a shift to a ‘must have’ and ‘evidence based’ model that could mean that inadequate cyber security measures by companies could result ineligibility for insurance. This shift in insurance models, which is already happening in the U.S. would lead to greater costs and the need to make changes to many aspects of their IT in order for companies to protect their insurance eligibility.
Getting Serious About Cyber Security
The complexity, unpredictability and increased frequency of cyber attacks are behind the new thinking of insurance companies, and the motivation to move towards the new insurance model in the UK can only be fuelled by recent high profile cyber security breaches like those at TalkTalk and JD Wetherspoon.
As an IT Support Company in Hertfordshire we have seen first hand the results and increasing frequency and sophistication of cyber attacks on businesses in and around Hertfordshire, Bedfordshire, Buckinghamshire, Essex, Cambridgeshire and London. This is why one of our increasingly necessary and popular services is the provision of IT security consultancy and services to businesses.
Future Changes To Your Insurance
The future changes to ‘cyber insurance’ look a though they could be focused on 4 main factors:
- The perceived value of your company as well as the outstanding shares, also known as the Market Cap.
- An online assessment to produce your company’s ‘Risk Profile’ i.e. your company’s likely ability to defend against cyber attacks.
- A gathering of your company’s ‘Targeting Profile’. This information, gathered from multiple cyber crime companies will show how often your company has been targeted and attacked.
- A judgement about how responsive your company would be to cyber security issues e.g. the speed at which breaches could be halted, attacker deterred, and control regained.
What Could This Mean For Your Business
It is likely that many or all of these things may affect your business in the not too distant future:
- Your company may be required to demonstrate a better cyber history receive better customised policy rates.
- If insurance companies decide that you have ineffective security practices they may refuse to pay for breaches that are deemed to have been caused by them.
- Models for the cost of a breach may be revised and improved and could have an influence on your premiums and any payouts.
- Insurance companies will take a greater variety of factors into account when assessing the risk for your industry sector and your organisation such as the value of your stored data, your company profile and culture, and the training of your employees in IT security best practice.
- Corporate networks may be monitored by 3rd parties for risky user behaviour.
- Insurance companies may become even more defensive when it comes to any decisions relating to online security.
- More investment in end-to-end security and defensive technology may be required.
- Insurance companies may carry out cyber audits and penetration tests, and proof of more due diligence may be asked for.
- It may become necessary to invest in more security personnel or professional cyber security services.