What to do if you fall victim to a cyber attack

The chances of your business falling victim to a cyber attack are probably greater than you think.

The latest UK government survey found that four out of 10 businesses and two out of 10 charities of all sizes identified online security breaches in the last 12 months.

The most common security breaches were from incoming fraudulent emails (75%); crooks impersonating the business online (28%) or malware and virus attacks (24%).

The risk makes cyber security a high priority, with protecting customer data, cash and intellectual property at the top of the safekeeping list.

But with the likelihood of an attack so high, how does a business deal with an online security breach?

A full list of Government cyber security advice for businesses can be found here: https://www.gov.uk/government/collections/cyber-security-guidance-for-business


Draw up a cyber incident action plan

Every business should have a cyber breach action plan that that rolls out as soon as a potential attack is identified, with assigned roles and responsibilities

The key is to act quickly and effectively.

The business should have an incident response team involving technical staff, senior managers and media response primed and ready to combat the threat.

The tech team will be busy securing IT systems to minimise and assess damage.

This could mean taking web platforms off line or even closing the entire business network. Doing this is disruptive and will involve cost, but will be less expensive than rebuilding the system if the threat runs amok and wreaks havoc with customer data.

Once the breach is contained, managers need to review what happened and take measurers to prevent a reoccurrence. This could involve bringing in an outside team.


Managing a cyber breach

While this work is ongoing, your media team should look at issuing regular, open and honest information to warn customers and other stakeholders about the security breach and how this might affect them.

Someone should be designated to manage regulatory requirements.

The UK Information Commissioner and other regulators, depending on the business sector, may need timely warning of what is going on. This generally applies to organisations providing financial services, utilities or digital services.

The sad fact is that however well-prepared a business is for a cyber security breach, the intrusion will come with some expense.


How insurers can help with cyber issues

A range of delicate negotiations may be involved over blackmail or ransomware attempts that lock down web sites and IT systems. Dealing with the brand and reputation damage will involve ongoing public relations, while regulators can impose hefty fines.

HFIS Cyber security insurance offers  practical support that goes beyond compensating for loss of income.

This includes:

  • Following a possible breach, the costs you incur for computer forensic analysis conducted by outside forensic experts to confirm the breach and identify the affected data subjects, forensic reports and findings.
  • The cost of any ransom demand from the third-party or, if the demand is for goods or services
  • Following a privacy investigation, any civil or regulatory sanctions, fines, penalties, disgorgement of profits, treble damages or multiple damages.
  • All reasonable and necessary lawyers’ and experts’ fees and legal costs incurred.
  • A hacker damaging, destroying, altering, corrupting, or misusing your computer system.

Most insurers are equipped to step in for smaller businesses that may not have the technical or management expertise to deal with the threat.

If the worst happens and you are unfortunate enough to fall victim of a cyber & data attack, calling & notifying your insurer immediately is a priority.

Professional indemnity insurance is another cover you may require which will deal with any third party claim in the aftermath of a cyber-attack.

Premiums start from £9.33* a month

*Based on £100,000 worth of cover. Plus insurance premium tax (IPT) currently at 12%.