Cyber attacks are becoming an increasingly serious threat for many businesses, and they are something that can devastate an online business or one that relies extensively on the web for sales teams, remote workers or communications. More and more companies are taking out an insurance policy in Miami against cyber attacks, but is a specific policy necessary?
The answer really depends on the type of business you are doing and the insurance you already have. If you have some general ‘business continuity’ insurance, then you should read your policy carefully to find out what is covered by it. Some policies may include things such as cyber attacks – but many will not. The terms of policies are being updated all the time and it’s important that you understand what your policy covers.
Losses from cyber crimes are approaching £300 billion per year worldwide – this is a terrifying figure, and it’s clear that if you rely on a website or online dat store for your business, you need to protect yourself and you need to have something in place to ensure that you don’t lose your data, or have it fall into the wrong hands.
Regulations Catching Up With Reality
The law moves slowly and is not yet up to date with what is happening in the real world. This means that the law doesn’t always reflect what real businesses face. Right now, cyber liability insurance is not required for the average business – but just because it is not required that does not mean that it is not good to have. Think about how your business works and what you would do if you lost a lot of your computerized data. Do you have paper backups? Could you trade using your old systems? Would your business survive the bad PR that it could face if your customer data got leaked onto a password sharing website, or if your customer’s credit card details were fraudulently acquired?
If a cyber attack would cripple your business or destroy your reputation, then that’s reason enough to take out insurance. The good news is that there are some good deals out there. Cyber Liability Insurance is not actually a new thing – there have been policies out there for more than ten years that tackle a lot of the likely impacts of a cyber attack. It’s true that they are still niche – and that the policies are not as exhaustive as they could be given the amount that even the average business relies on servers and data these days – but they do exist, and you do have options.
Finding Affordable Cyber Security Options
Cyber Liability Insurance Cover will usually be broken down into separate policies for data loss, data breaches, extortion, network security and multimedia cover. So, you could get a policy to cover you if your website is defaced or if visitors are unable to access it because of a denial of service attack. You could take out a policy that would cover data loss and the lost business while you’re rushing to restore backups. You could look for a policy that covers a hacking attack where the attackers try to extort you to get your data back or prevent the publication of said data.
It’s important to understand the limitations of such cover, though. Your policy may cover you if you are attacked by a malicious group that manages to break in using an almost-unknown vulnerability. However, the policy is unlikely to cover you if you install pirated software that had a trojan attacked to it, or if your system’s administrator failed to update your FTP server and an intruder used a well-known bug that was patched several versions ago to get in.
Think of cyber insurance as being like home contents insurance for your servers – it’s a policy that covers you for if the worst happens – but you still need to take steps to protect yourself.
Looking After Your Servers
Instead of focusing purely on insurance for potential breaches, consider ways of keeping your business going if a breach happens. Your business continuity should include plans for power cuts, data loss, system’s failure, phone disconnection and other things that could leave you unable to communicate with the outside world or unable to access your main databases.
- Do you take regular backups, including ones stored off site?
- Do you have plans for restoring data if your servers fail?
- Do you have redundant lines of communication?
- Do you have plans for what to do if there is an outage at your datacenter?
If you can’t say yes to those things, then you need to seriously evaluate your disaster preparedness and start working on a business continuity plan. You should, at a minimum, have the ability to work using a pen and paper and take orders over the phone. You should, if you are a small or medium sized business, provide email, landline and mobile contact details for key staff such as those who directly interact with major clients.
Backups should be taken regularly using a grandfather, father, son system so that you have a backup, and then a backup of the backup. This will help you in situations where the backup might have failed or been corrupted.
No business should rely on just one person. No business should rely on just one server either. Make sure that you have backups, caching, regular maintenance plans and staff that are trained in what to do if things go wrong. Change your passwords regularly and encrypt the passwords of your end users. These precautions will make it far less likely that you will suffer from a serious breach and will also mean that if something does happen any insurance policy that you have is more likely to pay out.
Cyber attacks are a serious issue now and many attackers are opportunistic. Don’t assume you’re too small to hack. Take security seriously today, before anything happens.
