Building cyber resilience
28th June 2016
UK cyber attacks have risen 40% in a year and the UK is now the European country targeted most by cyber criminals.
As valuable information is increasingly transferred to digital networks, organisations are becoming more aware of their exposure to cyber risks.
A small family business in Cambridgeshire recently lost more than £26,000 after falling victim to a sophisticated email fraud, and UK charity, the National Childbirth Trust, apologised to 15,000 new and expectant parents after their registration details were accessed in a data breach. These scenarios demonstrate the varying nature of cyber threats and the associated risks.
While organisations are increasingly aware of their cyber vulnerabilities, evidence suggests they are not always doing as much as they could to build cyber resilience and prepare for a cyber incident.
The Global Economic Crime Survey 2016 found that while 53% of organisations believe the risk of cyber crime has increased over the past year (compared to just 5% who think it has declined), only 37% of organisations have a cyber incident response plan.
As organisations transfer more and more of what they value on to digital networks, they should be thoroughly evaluating the assets they may be putting at risk, and setting up measures to protect them.
The cumulative impact of cyber risks
Organisations must also understand the cumulative impact of cyber incidents, and their potential to disrupt every aspect of their operations and infrastructure.
For example, a data breach that results in somebody gaining unauthorised access to sensitive or personal information could affect an organisation in a variety of ways. In such a scenario, an organisation would have to:
1. Take swift action to prevent any further unauthorised access to the sensitive information.
2 Notify the victims of the data breach promptly.
3. Assess whether any further vulnerabilities exist in their systems and take appropriate action to remedy them.
4. Educate their people on how to prevent future breaches.
All of these steps would use up precious time and resources, particularly if the breach resulted in a need to restore the organisation’s reputation.
To mitigate the cumulative impact of cyber risk, organisations must make it a board-level priority, and ensure that it is not just seen as an IT issue.
Once it is a priority, organisations’ cyber strategies should be focused not simply on identifying individual risks, but on developing resilience and protection as a key focus.
In order to develop cyber resilience, organisations can follow these five simple steps:
1. Map critical data.
2. Explain the importance of data security to employees.
3. Develop a cyber incident response plan, ensuring regulators (such as the ICO) are notified where applicable.
4. Review partners’ cyber security measures.
5. Work with policy makers and regulators.
To discuss cyber liability insurance please contact Horner Blakey Insurance Brokers on 020 7929 0108