Is your business sufficiently protected against the risk?
(Source: Towergate Insurance)
The Risks – Cyber and Data
Digital technologies are an essential part of business today. Almost all businesses rely on information technology (IT) infrastructure to some degree in order to increase efficiency and improve productivity, and social care businesses are no different.
With an ever-increasing reliance on technology within the social care sector, cyber and data security breaches can be very damaging.
UK Small Businesses Being Targeted 65,000 Times a Day
A Hiscox study highlights the number of attempted cyber-attacks on UK small businesses every day:
- While most attempts fail, a small business in the UK is successfully hacked every 19 seconds
- Cyber breaches cost the average small business £25,700 in basic ‘clear up’ costs every year
Small businesses in the UK are the target of an estimated 65,000 attempted cyber-attacks every day, according to new figures from Hiscox¹.
Fraudulent emails and websites
A 2018 UK Government survey² estimated that 72% of large firms detected a cyber security breach over a 12-month period, with 17% of these firms experiencing a breach at least once a month. The average cost of a cyber and data security breach to large businesses was reported to be £22,300.
The most common attacks recorded by the survey – 75% of all businesses surveyed – related to fraudulent emails or being directed to fraudulent websites.
Then, of course, there are ramifications that exposure to these risks can cause, such as business interruption, income loss, damage management and repair, and the possibility of reputational damage if IT equipment or systems fail or are interrupted.
In a care environment, the risks in some cases are even higher, particularly when IT systems are relied upon for care plans and other areas of welfare.
Why it’s worth considering specialist insurance?
As a specialist broker in the care sector, our strategic partner Towergate Insurance recommend that businesses consider investing in Cyber and Data insurance, particularly if you:
- Hold identifiable personal data such as names and addresses or banking information
- Rely heavily on IT systems and websites to conduct your business
- Process sensitive and personal care information.
So, what does Cyber and Data Insurance actually cover?
Cyber and Data insurance covers losses relating to, for example, a data breach in which an individual’s personal information is exposed or stolen by a hacker who has gained access to the provider’s electronic network. Policies generally include significant assistance with and management of the incident itself, which can be essential when faced with reputational damage or regulatory enforcement.
Cyber and Data risks fall into first-party and third-party liability.
First-party represents your own assets, and cover may include:
- Loss or damage to data or software programmes
- Cyber and Data extortion where third parties threaten to damage or release data if money is not paid to them
- Repairs or replacement following system damage, which could include data recovery, replacement software or website security enhancements, depending on the level of cover selected
- Investigation and regulatory action from Regulators
- Court attendance costs
- Crisis management and communication costs
- Reputational damage arising from a breach of data that results in loss of intellectual property or clients
Third-party liability covers the assets of others, typically your service users which may include:
- Security/privacy breaches, investigation and defence costs, together with civil damages associated with them
- Multimedia liability, to cover investigation, defence costs and civil damages arising from defamation, breach of privacy or negligence in publication in electronic or print media
- Loss of third-party data, including payment of compensation to clients for failure of software or systems.
Readers will be aware that the General Data Protection Regulation (GDPR) took effect last year and sees a step-change in the responsibilities and duties around keeping data safely.
The implications are significant and further reinforce the need for proper Cyber and Data cover which includes cover for breach costs, like notification costs to affected individuals. The notification costs could be very high, and as new requirements of Fair Presentation in the Insurance Act 2015 suggest, disclosure of a breach of data protection will be necessary.
Under the highest level of cover Towergate Insurance can provide for cyber security insurance, the policy would cover an Information Commissioner’s Office (ICO) fine should there be an investigation into a cyber security breach that results in a finding of GDPR non-compliance.
If this is important to you, given that fines issued by the ICO can be substantial, it is important to tell your broker so they can ensure you have a higher level of cover. You need to be aware that cheaper cyber security policies may not provide this type of cover. However, even the highest level of cover would not cover any fine by the ICO if the GDPR non-compliance resulted from a systems failure.
Towergate Insurance, therefore, recommends that you talk to an insurance broker that specialises in insurance for the care sector to really understand your risk, and ensure you take out a policy that protects your business.
Towergate Insurance is the preferred insurance provider of Hertfordshire Care Providers Association and can provide you with advice and support in relation to Cyber and Data insurance, including which type of policy meets your needs as a care businessᵀ.
As a member of HCPA, you are welcome to speak to one of their specialist advisors today by calling 0330 123 5172 or emailing firstname.lastname@example.org, Please explain to the advisor that you are a member of HCPA.
¹Hiscox 2018 press release
² UK Government Cyber Security Breaches Survey 2018