Cyber Risk Management – 4 Key Considerations

When running a business, it can often feel like you have a million things to consider all at once – but anything that can damage your business should always catch your attention.

At Kingsbridge Insurance Brokers, we recognise that one of the most significant threats to a client’s business is their use of technology in connecting themselves to the outside world e.g. via the internet, and in communicating and storing data/personal records/financial transactions. This is the world of Cyber.  Managing a business’s exposure to cyber risk is an area which we at Kingsbridge specialise in. Insurance cover can form part of your approach to managing your cyber exposures, keeping your information and staff protected from digital threats and your business covered for financial loss and potentially reputational harm.

In managing your cyber risk there are a number of fundamentals for you to consider. In the following Kingsbridge Insurance Brokers blog, we talk you through four of these critical business considerations:-

1- Perimeter Security

Firstly – is perimeter security, meaning the boundary between your organisation’s network and the outside world.

Within this perimeter, there are gateways or ‘ports’ which can be targeted to enable outsiders to follow and track information within your network. An example is the email port to the internet, which is port 25. Another is port 3389, which is the port for remote desktop working and allows remote desktop access to a network.

In 2019 and 2020, CFC, a leading cyber insurance provider, cited perimeter security breaches as the most common route for a claim. This involved instances where ports were not protected by firewalls or there was no multi-factor authentication to prevent brute force attacks or password breaks.

Your network’s perimeter security can be enhanced by performing vulnerability scans, penetration testing or via the installation of firewalls. It is also important to ensure the firewall extends to these important ports, as well as checking the accessibility of the ports themselves.

Companies like Microsoft provide regular ‘patches’ to system flaws and security gaps. If these patches are not implemented on your system or network, they are likely to be exploited.

Insurers which we work with at Kingsbridge can also conduct open port testing as part of an insurance quotation.

2 – Email Security

Email accounts contain valuable information, meaning protecting them should be an important cyber risk management consideration. Email accounts can act as a gateway to first person or third-party fraud, as well as phishing attacks and theft. They can also be used as a way to gather information to carry out further attacks.

75% of cyber claims are related to human error and involve emails – whether that be downloading something, clicking a link or entering passwords. According to CFC, multi-factor authentication (MFA) on emails would prevent 80% of the ransomware claims they see. This is because multi-factor authentication provides that additional layer in the form of a text message to a phone which a malicious third party cannot arrange through a phishing email.

Email filtering software can also help with email security, and there are plenty of strong options out there on this front.

Mandated, regular, recorded training on information security for your employees is also something to try and implement. This is the cheapest and simplest way to improve the risk management culture within your company.

3 – Data Security

The third consideration is data security. When it comes to protecting your data, ensuring it is encrypted both at rest and in transit is important. Your business will likely have thousands of personal records, which require a basic level of protection to keep them secure. Daily backups of data which are offline and offsite is the ideal scenario. This should be combined with frequent testing of these backups, so that in the event of the systems being taken down, you are not left stranded.

Online backups are easy to store and restoration is easy. But they are also potentially susceptible to being compromised. The cloud is an option, and the cloud being physically separated and a separate network can be a positive feature.. However if your systems are not secure, the same issues will still apply.

From an insurer’s perspective, the preferable option when it comes to backups is to store an up to date backup offline.

4 – How to respond to a cyber incident

Knowing what to do if a cyber incident occurs and how to respond to it is vital. This is because time makes a huge difference with a claim of this nature.

Having a tested business continuity plan or incident response plan which the whole business is aware of can be highly beneficial.

We recommend reviewing the resources at the National Cyber Security Centre. This government-run facility has plenty of great information and insight that businesses can utilise to help educate and prepare them for what to do if a cyber incident has taken place.

Alternatively, speak to us at Kingsbridge Insurance Brokers where we can help advise you on what to do in the event of an incident which can help limit the impact which the incident could have on your overall business.

Manage your cyber risk effectively and getting cover

Advances in technology can help a business thrive – at the same time it can introduce new and evolving risks and vulnerabilities. Having a robust approach to risk management supported by a quality insurance policy can help you reduce the risk of an incident occurring and help you get back online quickly – taking care of customers and limiting the reputational harm which a cyber attack can have.

At Kingsbridge Insurance Brokers we see this as a critical aspect of running a business in this digital world so please give us a call on 01386 725900 and we will be happy to discuss your business requirements.