Cyber Security is an increasingly widespread issue in all businesses globally, both large and small.
The new digital era has created more opportunities for cyber-criminals, as increasingly business is undertaken online. Conveyancing firms are proving particular targets due to the large amounts of money they transact and sensitive data they hold; The Council for Licensed Conveyancers (CLC) recently revealed that out of 212 firms they regulate, 11 were victims of fraud in the past year and a further 37 said they have prevented frauds.[i]
With this in mind, we want to raise awareness to our clients with the support of the CLC, to the benefits of a Cyber policy and highlight that although you have PII policy in place, it is not designed to respond to your own first party losses such as incident response, reputational harm or loss of revenue due to business interruption.
So, why buy cyber Insurance?
- In the event of an Incident, or suspected incident, a Cyber liability policy will provide you with the critical first response of IT forensics, legal, Crisis management and support required to investigate, control, mitigate and remove threat.
- A Cyber Liability policy will help you to adhere to the requirements of GDPR within the time frame required – which can assist with the ICO’s decision in line with fines and your general reputation to clients and vendors.
- You are a target of cyber-crime and a Cyber Liability policy will provide a sub-limited amount for social engineering losses.
- Even if your data is stored in the cloud; that does not remove all of your responsibility as data controllers under GDPR – the impact to your business can still be felt.
Recently reported Conveyancer issues:
The rise of email modification fraud
Criminals are impersonating you and using your digital sign off at the critical point of funds transfer. They do so by watching email traffic on unsecured networks and if possible obtaining access to your or your client’s emails, allowing them to falsify a request that funds are transmitted into a new account because bank details have been changed. This fraud is often committed at pressurised times in a property deal when time is limited.
Hackers will continuously try and gain access to your systems using a variety of methods. You hold a gold mine of Personally Identifiable Information which allows them to extort money from you or sell the information on-line for dark web users to target. The legal and reputational implications and resources needed to deal with such an incident are high.
Cloud data storage is becoming increasingly popular. There is a common misconception that the cloud vendor takes liability in the event of an attack. Whilst you can contractually implement terms to protect your company, GDPR still ensures that you have responsibilities as the ultimate data controller.
Hiscox have stated that 67% of cyber claims in 2017 involved human error[ii], and this figure is expected to rise as technology and the cyber threat landscape advances. Simple errors such as sending emails containing personal data to the wrong recipients or falling for Phishing emails and clicking on malicious links are just some examples. If an employees password is 123456 there is a strong possibility that your systems have already been breached based on information provided by the National Cyber Security Centre[iii].
The key risks for businesses which suffer a breach
- Loss of reputation: Increased public and media awareness around the importance of personal data means that customers are far more careful about who they can trust to look after their data. If a business suffers a breach the effect this has on their reputation can be damaging long-term not just by a loss of custom but also a loss of suppliers.
- Threat of fines: GDPR threatens administrative fines of up to 20m Euros or 4 per cent of a business’ annual global turnover for non compliance. The first response and management of breaches can reduce or negate these fines enforced by the information Commissioners Office.
- Income losses: Breaches and cyber-attacks can lead to loss of revenue, incurring costs for business interruption, as well as the costs associated with loss of management’s time that is spent dealing with the issues following a breach.
Howden’s Cyber Insurance Policy.
Our cyber policy with Hiscox includes the following benefits and cover:
- Access to a 24/7 Incident Response Line to help get your business back up and running as soon as possible
- Hiscox CyberClear Academy – a suite of online interactive suite of cyber security training modules for policy holders and their employees.
- Legal/Regulatory Costs, IT Security & Forensic costs, Crisis Communication Costs & Privacy Breach Management Costs
- Business Interruption to protect your income (including Reputational Harm)
- Network Security & Privacy Liability
- Media Liability (Defamation/IP Infringement)
- Cyber academy to provide employee training – (some info in the attached)
For more information feel free to call one of our experts on (0)207 623 3806.
Edward Donne is Director at Howden Professional Indemnity