, ,

Businesses must invest in cyber insurance to protect victims of data breaches

VICTIMS

It’s almost impossible to pick up a newspaper or turn on the television without finding out about how some big company has been hacked. But, while it might seem that data breaches are a new and pressing concern, the issue of how to maintain the integrity of information stored on computers is nothing new.

In fact, in a recent article by the Financial Times, the author shares how, as far back as 1979, economist (and former CIA analyst), Mark Skousen published the ‘Complete Guide to Financial Privacy’. In this book, he warned about the relentless collection of information and the need to recognise the need to protect against “unwarranted intrusion into sensitive information”.

Fast forward to today, and as the FT article states, “there is no company or product that doesn’t have cyber risk attached to it.”

The impact of data breaches on business

A data breach can be devastating for victims. And, at Hayes Connor, every day we hear about how privacy violations are causing misery and upset to people across the UK. Crucially, in most cases, these breaches aren’t caused by scammers trying to hack big businesses, but by simple human errors.

But it’s not just victims of data breaches that suffer long-term effects following a cyber problem. Organisations of all types and sizes can also find it difficult to recover.

Here are just some of the possible consequences faced by companies that fail to keep their data safe:

  • Loss of time and money due to having to repair affected systems and disruption to trading
  • Loss of reputational damage and sales (lack of trust from current and potential customers)
  • Loss due to the legal consequences of a data breach (e.g. fines, legal fees and compensation payments)
  • Loss of competitive advantage due to the theft of trade secrets or copyrighted material
  • Having to pay fraudsters (cyber extortion)
  • Rises in insurance premiums.

Worryingly, according to the latest statistics, almost 30 million cyber-related crimes were launched in the last quarter of last year.[1] And nearly half of all UK businesses fell victim to cyberattacks or security breaches[2].

43% of UK organisations surveyed had experienced a cyber security breach or attack in the last 12 months

  2018 Cyber Security Breaches Survey

Standard insurance policies do not cover cyber risk

Despite the rise in cybercrime, many UK organisations are still failing to insure themselves against the threat of a data breach. In fact, according to the article in the FT, only 9% of UK companies are said to have specific cyber insurance. Standard insurance policies do not cover cyber risk.

When it comes to data privacy violations, it is clear the problem isn’t going away. And with prevention better than cure, as well as improving security processes and IT governance, every business, regardless of size or ownership, must now consider cyber insurance. Because if a data breach claim is made against a company, and it is found liable for data privacy errors, the consequences of not being covered could be catastrophic.

The impact on individuals

The introduction of the General Data Protection Regulation (GDPR) in May 2018 coincided with a significant increase in reported data breaches. So the GDPR has created greater public awareness about individual rights.

Indeed, at Hayes Connor, we are currently dealing with over 200 enquiries per month from consumers. Complaints range from the inappropriate use of email to the deliberate or inadvertent disclosure of sensitive, financial, and medical information to third parties.

We’ve seen cases where experiencing a data breach has resulted in adverse life events such as having to move house or area, losing a job, relationship stress and separation, and dislocation from friends and family. All of which can lead to a diagnosable psychological injury.

In most of these cases, the victim of the data breach will have tried to engage with the organisation that has committed the violation and been either rebuffed or provided with a wholly inadequate excuse. In almost all cases the organisation at fault fails to recognise the damage caused by the breach and loss.

Often this failure to provide adequate redress to the victims of data breaches comes from fear. Fear that giving proper compensation could put an organisation out of business. But, with the right insurance in place – alongside improved data security processes – both companies and individuals would be better protected.

Leading by example

At Hayes Connor, we want to reduce the number of data violations taking place across the UK. To do this, we are helping to raise awareness of this issue and educating people and businesses to prevent similar mistakes from happening.

For more advice on how to keep your data safe, follow our #notjusthackers campaign on Twitter and Facebook.

Alternatively, if you have been the victim of a data breach or cyber fraud, find out how we can help you to recover any losses or give us a call on 0151 363 5895 to discuss your case in more depth.

[1] Kaspersky

[2] 2018 Cyber Security Breaches Survey