Hackers don’t discriminate; everyone with a website, computer, email and an EFTPOS terminal is a target. Learn how a cyber attack could affect your business.
It seems everywhere you turn these days there is talk about cyber-crime, and with good reason. Technology is an integral part of the day to day running of a business and hackers are taking advantage of that. In the “Wannacry” attack just having a computer with out-of-date Windows software made a business a target; using holes in the software, hackers infiltrated computers, took control of user files and demanded money in exchange for their release.
Perhaps, as a small business in little old New Zealand it’s easy to brush off incidents like this with the justification that you’re too small to warrant an attack or your digital exposure isn’t significant enough. The reality is hackers don’t discriminate; everyone with a website, computer, email and an EFTPOS terminal is a target.
How do they do it?
Some Hackers take advantage of vulnerabilities in systems (like the Wannacry attack) while others rely on a lapse in concentration from an owner or employee. They may send an email with a CV attachment on it or a supplier invoice – it looks legit but when it’s clicked on, it spreads a virus. Regardless of the method all Hackers are in it for the same reason, quick and substantial cash.
What’s the impact on my business?
Certainly being locked out of your computer, unable to access your files or your website being down for a couple of days are quite disruptive to business; however it’s the long term impact that can have serious implications. The cost to recover data, restoring trust with suppliers and customers who have had financial information stolen are just a couple of examples.
Our cyber expert Mark Jones, Head of Financial and Professional Risks has devised a list to help you think about your cyber weak spots and the impact on your business;
- Without access to your operating system, could you control stock inventory?
- If your EFTPOS terminals connect to your operating system, then they are vulnerable to attack. Criminals can target point of sale devices to covertly collect credit cards details for which you can be liable.
- If a breach on your network got into the press, how would you rebuild customer confidence?
- If you do hold client/customer data (even non-financial data), you are responsible for its security and potentially liable should it be stolen or accidentally disclosed.
- Have you trained your employees to validate payments to any suppliers or service providers who either have not been paid before or have changed their bank account details?
- Could you be exposed to Payment Credit Card Industry fines through a cyber breach?
Dealing with the aftermath
Network security must be your first line of defence but if it should be breached where does your business stand? Do you have a plan of how you would respond to a serious event?
Cyber insurance gives you access to experts to identify, treat and repair the problem. These include forensic experts and IT consultants who will investigate the breach to your network and help to restore access to your data as well as lawyers to manage your legal exposure. Revenue lost as a result of a cyber event can be recovered under the Business Interruption section of the policy. If you face litigation a Cyber policy will also fund defence costs.
Cyber insurance provides cover for:
Your Own Loss – the costs incurred directly by the insured
- Forensic costs to ascertain the extent of the event
- Costs to repair networks/data damaged by an event
- Business interruption as a result of an event
- Public Relations costs to minimise reputational damage
- Notification costs to advise customers/clients of a breach of privacy
- Extortion costs incurred in the threat of an event or a ransomware assault
3rd Party Loss – the costs that you, as the insured, become liable for
- Claims for compensation from customers or other third parties such as banks or suppliers, following an insured Cyber event
- Cost of investigations instigated by privacy regulators
- Privacy reparations and penalties resulting from an event
- Associated legal defence costs
Important Information The information on this website is only intended to provide a general summary or introduction to a product, offering or service. Any decision to purchase this product should be based on specific advice for your business or personal needs. For further information on this product, offering or service please speak to your broker.