29th July, 2016

Risk Perspectives

Cyber Crime: How to Protect Your Business

In what was one of the best moments ever caught on the big screen, Butch Cassidy and the Sundance Kid epitomise why cyber insurance should be taken more seriously…

They always get away right… Butch and Sundance? Maybe not this time. After being chased through canyons and valleys by an angry posse, they end up on the edge of a cliff overlooking sharp rocks and a quick flowing river. Boxed in and with nowhere to go, they face jail or worse, death, and are forced to decide to fight or surrender? “No, we’ll jump” says Butch. “Like hell we will” responds the kid. Butch continues to push, but the kid is having none of it – “I want to fight them (not jump)” he proclaims looking edgy. As the posse continue to close in, Butch angrily shouts “do you want to die…what’s the matter with you?”, to which the kid replied “I can’t swim!” Laughter breaks out just before the moment of realisation kicks in, as Butch says “are you crazy (you can’t swim) … the fall will kill you!” 

If you’ve seen it you will know that they jumped, survived and escaped. So what’s the point? It’s a classic example of human psychology, whereby we spend too much time worrying about the irrelevant things that scare us, and lose sight of the important problems at hand. For the first time ever the number of cybercrimes reported is higher than the number of non-cybercrimes (normal crimes such as vandalism or burglary). Yet, how many of us triple check the front door is locked every day and the windows are closed? Am I the only one who runs a quick virus check before bed with a cup of hot cocoa in hand… you get my point.

The cost of a cyber claim is also generally higher, as they don’t just take your TV, but your whole banking world or worse, the details of your clients. This can cripple a business’s reputation and send it down to sue city quicker than a click of a mouse. I hope you can tell by the light hearted nature of this blog that I am not trying to throw in scare tactics like the New Zealand Rugby team doing their pre match warm-up… it’s just that it really is that important! Unfortunately, you can’t hide behind the “it won’t happen to us” persona either. Of course, big banks spend millions every year to ensure their customers are protected, but that’s why often the criminal uses you without you knowing it. Anyway, less of the “Hakka” about hackers – what can you do about it?

So it has happened to you, and it’s the day after you’ve been hacked… who are you going to call? No, not ghostbusters, probably your IT supplier. They are definitely the first line of defence and hopefully you’ve got a good one so they’ve backed up all your data and have made precautions to minimise any impact (we use Air-IT who will shortly be writing a blog on cybercrime… you can view their website here: Air IT). If the attack is too sophisticated however, you will want to check your business is covered so you will ring your insurance broker.

Once you get off hold and have had enough of Beethoven’s 5th, you will probably be greeted with a series of questions to ensure you have done everything in your power to stop this happening… have you been checking your employees emails every month? Has Dave been running a backup three times a week? If the answer to any of these is no, then often the policy you thought would cover you, won’t. What about the case where the hacker has tricked one of your employees, known as “social engineering”? Again, this is a common exclusion in most policies, especially the cheap ones (although that’s a generalisation). We wouldn’t dream of recommending these policies, because normally when you’re doing everything you should be, this type of thing doesn’t happen. It’s when you slip up or miss your back-up once that it bites you.

Amazingly, this is one of the most underinsured areas despite the increase in newspaper space over the last few months. If you want to think outside of the box like Butch, not Sundance, ensure you’ve got a good IT supplier as well as a risk manager that will put the right proposition in place. As a consequence, you and your business will be well protected. Thanks for reading.