Running a business means managing risk as well as managing reward. It is no longer sensible to take a “this will never happen to us” stance. Especially in the area of IT. A changing landscape, overwhelming reliance on the internet and a growth in ‘hacktivism’ means businesses must look seriously at protecting themselves as well as insuring against the unknown.
Insurance can be a nasty word to many businesses. Especially when the premiums are due. After all, insurance is money spent that only delivers a return if something negative happens. But it is important for it to be there if you encounter one of those problems. Then you will be glad you had it.
Considering the speed of change in the world today, it is a pretty brave person who would say they are on top of everything in all areas of their business. Keeping across all the functional areas usually means hiring the best possible people you can afford to look after that for you. However, each area is a hotbed of change and the onus on teams to keep up with all requirements is becoming more challenging over and above their day to day roles.
IT security is no different. I am sure there were moments where the CIO of Sony or ebay thought - a privacy breach will not happen to us and it did. Those are two examples of large businesses with big departments and deep pockets to throw at this problem of security. Now consider your business. In most cases it is likely that you may not have a specialist IT security person, more so a generalist. How can you expect that person to be able to keep on top of every possibility while still ensuring the system is usable by all?
So, you face two choices: Keep your head in the sand? Or, take all possible precautions to avoid an issue?
A balanced approach is to do all that you can to protect your business and insuring against the unknown. This is the most prudent choice for most businesses.
Start with a secure base
Ensuring your IT is secure is the remit of experts in this field. Consulting with an IT expert is your first point of call. It is also important to consider that many of the biggest vulnerabilities for a business are via people. Your team needs to understand their role in minimising risks for your organisation. This begins by creating a risk aware culture in the workplace and accepting some potentially minor changes. There are many simple ways to make your business and its information more secure. Most of them cause little problems to manage and enforce.
Consider specific needs - why general insurance may not cut it
Even if you take all possible precautions, there is the chance of the unknown. The potential costs to a business through any degree of cyber attack could range from inconvenience through to a business closing. The impact depends on the type of attack the business faces. Cyber Insurance can cover your business against specific risks that are not generally covered under Property, General Liability, K&R or PI insurances.
Don’t drop the ball
Just like any form of insurance, it is important that you take responsibility for ongoing preparedness. Insurance by its nature is to protect you against unknowns, not known issues that you could protect against. This responsibility begins at the top. We hear stories weekly of business leaders who do not want the inconvenience of IT security. Too often risks may be increased through leaders who do not want the hassle of added security as they themselves are uncomfortable with technology. For individuals with access to often the most sensitive material, it is imperative that security begins at the top and is enforced throughout the organisation.
Should I consider it?
In order to determine whether you should consider cyber insurance, there is a free online health check at https://www.aoncyberdiagnostic.com/ that you can take. You can alternately discuss with your IT security team.
Insurance is not as cut and dried in todays technology led world. It is important that you consider specific insurances and well as specific policies to protect your business against the known and unknown threat out there.