UK Government estimate the cost of cyber-crime to the UK to be £27bn per annum.*
A significant proportion of this cost comes from the theft of IP from UK businesses, which are estimated at £9.2bn per annum. In all probability, and in line with our worst-case scenarios, the real impact of cyber-crime is likely to be much greater.
Cyber-crime has a considerable impact on citizens and the Government but, the main loser – at a total estimated cost of £21bn – is UK business, which suffers from high levels of intellectual property theft and espionage. Businesses bearing the brunt of cyber-crime are providers of software and computer services, financial services, the pharmaceutical and biotech industry, and electronic and electrical equipment suppliers.
Stockport based C&C Insurance Brokers, experts in advising clients in having the correct insurance in place ask: “Are you prepared for Cyber-attacks and do you have the correct insurance in place should this eventuality occur?”
The continued growth of the internet has transformed our lives and is an important part of our economy, but with the openness and dependency of the internet also brings vulnerability.
Malcolm Cooke, C&C’s explains further:
“Cyber Crime is one of the fastest developing exposures that all companies, whether large or small, now face; criminals are increasingly seeking to exploit security lapses in the internet and electronic systems at a cost to UK businesses.
“Theft of intellectual property, industrial espionage, extortion, direct online theft from company accounts and theft of customers’ data are all on the increase and the resulting financial loss is not covered by traditional commercial insurance policies.
“Accidental loss of your own or someone else’s data can prove very expensive to replicate or replace and can also lead to claims from customers and suppliers for breach of confidentiality, breach of contract and negligence, direct revenue loss, interruption to business and damage to reputation. There can also be additional work and expense in crisis containment and managing adverse publicity.”
Regulatory concerns also need to be given due consideration with the Information Commissioner Office allowed to impose sanctions of up to £500,000 for loss of personal data.
Below is an indication of the steps that should be followed and what Breach Management plans should include:-
Containment and Recovery – Limit the damage by establishing procedures to isolate the breach.
Risk Assessment – Rate the amount of lost information and its sensitivity by performing a risk assessment. Was the information intentionally targeted? Is it useable? Finally, your ability to mitigate the risks of harm.
Notification – It is your responsibility to notify individuals of the circumstances of the breach and the type of data accessed. Notifications should be made to the ICO (Information Commissioners Office and/or the appropriate regulatory body for your organisation.
Evaluation and Response – Investigating the cause of the breach and the effectiveness of your response is extremely important. Review your existing policies and procedures to establish where improvements can be made.
Finally a company has liabilities to consider in respect of its online activities. An incorrect, misleading, libellous or even illegal statement on a website, or in an email, can result in claims for compensation and reputational damage. Employees engaged in social networking could also result in liabilities for employers although this is more difficult to control than official business email.
For information on what cover is required to protect your business contact
C&C insurance Brokers on 0161 406 4800.