Warning - you are at risk!

Get a quote now to protect yourself against the financial consequences of Cyber-Crime.
Click here for a personalised quotation

Section: HR and Payroll

If you hold HR and Payroll records electronically, you will hold personal details about everyone who works for you, including information that would be classified as sensitive information under the Data Protection Act. Your records contain information that is very attractive to criminals and could put your employees at risk of identity theft and fraud. If the data gets into the wrong hands you could also be at risk of being fined or prosecuted by the Information Commissioners Office for failure to handle, manage, store or destroy data correctly. You could also be sued for Breach of Privacy.

Breach of Employee Privacy Rights

Many of the details that you hold on your employees are considered by the Information Commissioners Office as sensitive. This could include race or ethnicity, trade union membership, health and sickness records, sexual preferences and religious beliefs. Cyber criminals are interested in all of these details and can use them to hold the business to ransom, cause reputational damage to your business or cause embarrassment to your employees.

Cost To Your Business

• Damages
• Ransom payments
• Legal costs – defence and prosecution
• Cost of repairing and reinstating your Payroll data

Failure to handle, manage, store or destroy data properly

You will also hold information that is very useful to thieves. Date of birth, Home addresses, details of holidays that have been booked, banking details, previous names and partners details to name but a few. All of these could be used to target your employees directly, to steal their identity or commit other types of crime. This type of data is particularly useful to criminals who are carrying out Banking Fraud.

Cost To Your Business

• Damages
• Ransom payments
• Legal costs – defence and prosecution
• Cost of repairing and reinstating your Payroll data
• Fines and Penalties*

Cyber Insurance Solution

• Data Security and Privacy Cover
• Data Breach Costs Cover
• Data Extortion Cover

Section: Third Party Data

If you hold third party data during your day to day activities you are responsible for its safekeeping whilst it is in your possession you must also make sure that it is securely destroyed.

Failure to handle, manage, store or destroy data properly

Third Party Data can be particularly vulnerable because it is typically sent and received between different data handlers. You may be prosecuted if the data gets into the wrong hands and have to pay compensation. Transferring information comes with its own risks and there are many opportunities for criminals to steal the information – from the disc left on a train, to using file sharing sites with poor security. If you are prosecuted you will have to pay your own defence costs, whether you are found guilty or not. If you are found guilty then you may also have to pay the prosecutions costs as well as the cost of publicising your conviction. Importing data from others also comes with the risk of importing viruses and other malware onto your own systems, particularly if your own staff do not follow sensible security procedures or your virus checker software is out of date.

Cost To Your Business

• Damages
• Ransom payments
• Legal costs – defence and prosecution
• Fines and Penalties*

Breach of Intellectual Property Rights

Depending on the type of third party data that you hold you may be vulnerable to loss of clients material which could leave you open for a claim in respect of breach of intellectual property rights. If you receive copies of designs, drawings, specifications, ideas, bespoke processes and procedures, critical business data or other trade secrets or information, and you store this electronically, you are vulnerable to a hacking attack or loss by something as simple as a laptop or tablet being stolen from a locked car. If thieves steal the intellectual property of your customers of supplier’s form you and either publish it or sell it to a competitor you may have to pay your customer damages for its loss. They could also hold you to ransom for its safe return or in exchange for not publishing the information on the web or revealing the data to your customer’s competitors.

Cost To Your Business

• Damages
• Ransom payments
• Legal costs – defence and prosecution

Cyber Insurance Solution

• Data Security and Privacy Cover
• Data Breach Costs Cover
• Data Extortion Cover
• Multimedia – Defence Costs, Expenses and Damages Cover

Section: Storage of Sensitive Data on Accessible Web Servers

Sensitive Personal Data is a special category of data where data controllers are required to take additional care. Sensitive personal data includes personal data consisting of information relating to racial or ethnic origin, political opinions, religious beliefs or beliefs of a similar nature, trade union membership, physical or mental health or condition, sexual preferences, criminal offences, or proceedings for any offence committed or alleged to have been committed.

Libel and Slander

The very nature of this type of data leads you vulnerable to actions being brought for libel and slander. The damages awarded in this type of case can be significant as can the cost of defending such actions.

Cost To Your Business

• Damages
• Legal costs – defence and prosecution

Breach of Confidentiality

This type of data is very interesting to thieves, particularly if you have information on high profile individuals or confidential or classified information. Even data for ordinary citizens can present a risk if the context that it is held could compromise an individual – for example a dating web site that holds information may cause huge embarrassment or loss to members if the data is released for public consumption.

Cost To Your Business

• Damages
• Legal costs – defence and prosecution

Hacker and Extortion Threats

Hackers and thieves are very interested in this type of data because it provides them with a rich seam of information that is likely to cause at least one person embarrassment or distress if it is released to the general public. It is therefore a good target for Hacking and Extortion attacks.

Cost To Your Business

• Damages
• Ransom payments

Breach of Data Protection Act

You must be very careful how you store, transfer and process this type of data. You may be prosecuted if the data gets into the wrong hands and have to pay compensation. If you are prosecuted you will have to pay your own defence costs, whether you are found guilty or not. If you are found guilty then you may also have to pay the prosecutions costs as well as the cost of publicising your conviction.

Cost To Your Business

• Damages
• Legal costs – defence and prosecution
• Fines and Penalties*

Cyber Insurance Solution

• Data Security and Privacy Cover
• Data Breach Costs Cover
• Data Extortion Cover
• Multimedia – Defence Costs, Expenses and Damages Cover
• Communication Asset Rectification Costs
• Information and Communication Rectification Breach Cover

Section: Third Party Network Access

Opening up your networks to authorised third parties exposes you to attack from criminals and mischief makers who are interested in causing disruption to your internal systems, stealing your data, using your equipment to launch attacks on others and to extort money from you. All of which can be very costly indeed. Damage to your systems due to virus or hacking attack Once you grant access to your system to users from outside of your business, or allow remote access by your staff, customers or suppliers to your systems it is much easier for a hacker to break into the code that your IT system uses and find weaknesses and holes in your security. Hackers can cause wilful damage or implant viruses which cause damage to your systems or self-generate and infect your customers and suppliers systems too. Reconstituting data, rebuilding your system and rekeying data can all be very costly. Often a hacker will be in your system for months before you are aware of their presence, so you may well have to roll back your systems many months (if your back up ups go back this far) or start again from scratch. Not only will this take many hours, and be hugely expensive, you will also need to think about finding the holes in your security where the attackers got in and then redesigning your systems so that they stay out. Whilst this work is being done, you may well lose sales, both from existing customers and new ones.

Cost To Your Business

• Damages
• Legal costs – defence and prosecution
• Cost of repairing and reinstating your programs and data
• Loss of Profits

Hacker and Extortion Threats

If hackers get into your system then one of the things that they might do is prevent legitimate users from accessing the system, including you. This type of system lock down can be used either to disrupt your business or to extort money from you. Ransom demands can range for the small to the large. As a hacker will normally have been in your system for a number of weeks or months before they launch the attack, even back-ups that you have done in the past may be corrupt. Getting your systems back up and running may take many days – during which you may lose business – old and new.

Cost To Your Business

• Ransom payments
• Increased cost of working
• Loss of Profits

Cyber Insurance Solution

• Data Security and Privacy Cover
• Data Breach Costs Cover
• Data Extortion Cover
• Multimedia – Defence Costs, Expenses and Damages Cover
• Communication Asset Rectification Costs
• Information and Communication Rectification Breach Cover
• Loss of Profits Cover

Section: Internet Email and Social Media

Most businesses provide their employees with access to the internet and email. In some cases this might be via mobile devices, such as tablets or smart phones. The security risk to your data and your business has never been higher.

Libel and Slander

Unfortunately electronic communication is an instant medium where people send first and think later. Communications or jokes which people think are private, can be easily replicated and sent on to others. It’s not difficult to send a message to the wrong person or the wrong message by mistake. It takes only a few unfortunate words for something to go viral, but the reputational damage can be huge. If your employee says something that is untrue or unjustified about a customer, supplier, colleague or member of the public the damages awarded against you can be significant as can the cost of defending such actions.

Cost To Your Business

• Damages
• Legal costs – defence and prosecution
• Reputational Damage
• Loss of Profits

Virus, Hacking and Extortion

One of the easiest ways for a virus to enter your system is through email. The inadvertent downloading of an attachment from an email that looks genuine, can wreak havoc. This is also the easiest way for viruses to spread to your clients and suppliers which could cause damage to their systems and equipment. Once a virus has been installed in your computer systems it can do untold damage. It might create a hole in your security for Hackers to get into your system and steal data. A key logger might send information about passwords or user names to people outside your organisation. This might allow them to access your bank accounts, records or other sensitive data. Programs such as crypto-locker can often get into a system using email as a point of entry. This can result on your programs being locked down, your data encrypted and a ransom being required to release your data. You might be unable to restore your data form back up as this type of virus is designed to lie dormant on your systems for a number of weeks before activating. You will lose time restoring your data, rekeying work, finding and fixing the problem. This could have a knock on effect on new and existing business which will be reflected on your profits.

Cost To Your Business

• Ransom payments
• Damages
• Legal costs – defence and prosecution
• Cost of repairing and reinstating your programs and data
• Increased cost of working
• Loss of Profits

Employees Hacking Your Network or Stealing your Data

A rouge employee with a good system access or a bit of IT knowledge can cause significant damage. From stealing client data, publishing sensitive information, maliciously installing or sending viruses or Trojans, opening up holes in your security, letting others in, or locking or destroying your data or programs. Computers can be programmed to send offensive material to others, or fail. The simplest method by which a virus maliciously entered a computer system was caused by an employee putting a USB drive that he had found labelled “holiday photos” into the drive of his computer.

Cost To Your Business

• Ransom payments
• Damages
• Legal costs – defence and prosecution
• Cost of repairing and reinstating your programs and data
• Increased cost of working
• Loss of Profits

Breach of Data Protection Act

People forget that what they publish on line or put in an email may not be confidential. Even worse because we carry so much information on mobile devices it is not difficult for your data to get into the hands of criminals if a mobile phone or tablet that contains data , emails or other information is lost or stolen. Breaches of the Data Protection act can be very serious and can result in your business being investigated, required to pay compensation and fined. You may even have to pay the cost of publishing the breach. If the information Commissioners Office decides to prosecute you will have to go to court to defend yourself and this will mean that you will also have to pay the prosecution costs, as well as your defence costs, if you are found guilty.

Cost To Your Business

• Damages
• Legal costs – defence and prosecution
• Fines and Penalties*

Cyber Insurance Solution

• Data Security and Privacy Cover
• Data Breach Costs Cover
• Data Extortion Cover
• Multimedia – Defence Costs, Expenses and Damages Cover
• Communication Asset Rectification Costs
• Information and Communication Rectification Breach Cover
• Data recovery and Loss of Profits Cover

Section: Email and Website Transactions and Communications

If you rely on email or internet portals to transact business and the systems that you rely on are hacked or damaged by a virus this can result in lost revenue and loss of reputation.

Virus, Hacking and Extortion

Viruses love email traffic and web site transactions. You or your staff only have to download one file that has a dangerous attachment for damage to occur. These can spread to your clients and suppliers which could cause damage to their systems and equipment. Viruses and Hackers can enter your system through vulnerabilities created in your security as a result of you accessing a system that is flawed or receiving an email that has a dangerous attachment that is not picked up by your security software. This can lead to damage to your system, damage to others or systems lockdowns which allow criminals to demand ransom payments to release your information. You might be unable to restore your data form back up as this type of virus is designed to lie dormant on your systems for a number of weeks before activating. This will result in a cost to your business as you spend time restoring and rekeying data as well as finding and fixing the damage to your networks. This could well affect new and existing business and result in reduced profits.

Cost To Your Business

• Ransom payments
• Damages
• Legal costs – defence and prosecution
• Cost of repairing and reinstating your programs and data
• Increased cost of working
• Loss of Profits

Cyber Insurance Solution

• Data Security and Privacy Cover
• Data Breach Costs Cover
• Data Extortion Cover
• Multimedia – Defence Costs, Expenses and Damages Cover
• Communication Asset Rectification Costs
• Information and Communication Rectification Breach Cover
• Data recovery and Loss of Profits Cover

Section: Customers Card and Personal Details stored on Networks

It’s not just a case of having PCI compliant systems and procedures, if you transact live payments on your network or hold card payment or personal details on your systems you could be vulnerable.

Breach of Data Protection Act

Every business that holds this type of data should be Payment Card Industry (PCI) Compliant. This means that you must not hold card details in any durable form, record details in telephone calls, receive data by email, text or other electronic message. It goes without saying that this type of data is very attractive to thieves and breaches of the Data Protection act in respect of this type of data are very serious and can result in your business being investigated, required to pay compensation and fined. If the information Commissioners Office decides to prosecute you will have to go to court to defend yourself and this will mean that you will also have to pay the prosecution costs, as well as your defence costs, if you are found guilty.

Cost To Your Business

• Damages
• Legal costs – defence and prosecution
• Fines and Penalties*

Theft by Hackers and Extorition

This type of data is a gold mine for criminals either for use to commit credit card fraud, commit identity theft, or to extort money from your business. You need to be very careful to follow PCI procedures and ensure that any information that could be used to take money from a card is securely destroyed.

Cost To Your Business

• Damages
• Legal costs – defence and prosecution
• Ransom Demands
• Identification and Rectification of system failures

Cyber Insurance Solution

• Data Security and Privacy Cover
• Data Breach Costs Cover
• Data Extortion Cover
• Information and Communication Rectification Cover

The content of the report has been compiled using the very basic details you have provided. The risks identified are an indication only of just some of the areas where your business could be at risk and is not in any way an exhaustive list of the perils that your business faces from cyber criminals. It should be used as a starting point for you to start thinking about how cyber criminals could damage your business, your reputation, your IT systems and infrastructure and how criminals might use attempt to obtain the data that you hold or use your systems to target or steal from your customers and suppliers.

• We would recommend that you immediately consider asking an IT security professional to carry out a full IT Security Audit of your systems and then implement any recommendations or requirements that are suggested. This type of audit should be updated regularly and should be carried out at least once a year.
• You should make sure that you take regular back-ups of your data and store these in a secure environment away from your business premises.
• You should test your business continuity plan at least once a year to test the quality of the back-ups that you are taking and to ensure that you can complete a full restore from back up easily.
• It is often the case that Hackers will enter systems for a period of months before they are detected. Many viruses and ransomware programs can lie dormant on your system for a period of time before you become aware of them. The period of time between entry and detection is used to deeply imbed damaging software and the tools that criminals will need to attack your data and systems. It is therefore worth ensuring that you retain backups of your data and systems going back a number of months so you can restore your systems and data back to a point prior to the infection entering your system.
• Make sure all of your data security software is up to date and that your computer programs are regularly updated with vulnerability patches. Do not use obsolete or unsupported software or operating systems.
• Implement and maintain a secure password security policy and apply this to all staff including the managing director.
• Incrypt all data when it leaves your site – including on portable media devices, smart phones, tablets and by email.
• Securely destroy old data and old hardware.