Matthew Webb reflects on the roundtable discussion and explains how Hiscox can help directors protect themselves from a range of risks including cyber and data threats
WEBB It’s been a very enjoyable discussion this morning. I might start by picking up that last point by Bernadette. Sitting in the underwriting chair, we at Hiscox would like to think that every organisation undergoes a very rigorous risk-assessment process and identifies what they’re exposed to. But listening to some of the thoughts around the table there’s quite a big emphasis on outsourcing, which is an interesting dynamic. I think it’s been drawn out that you can outsource the service but, ultimately, you can’t outsource the responsibility, and so you need to ensure that you are vigilantly managing that supply chain.
Summing up, it was interesting to hear that many of you around the table have direct experiences of either data breach or cyber crime in one form or another. For such a small sample it’s pretty representative of reports that have been done where 90 per cent of large organisations and 74 per cent of small organisations suffered a breach last year – in fact, we’re actually slightly higher here.
When it comes to the risk management itself, it was a good point to draw out from the discussion your policies around the training and governance side of things. People often point directly towards the security measures that can be put in place but forget about the governance side. Certainly when I am assessing risk, it’s almost 50 per cent attention to the security measures in place, 50 per cent emphasis on the governance.
Outsourcing was such a high point of our discussion. From an insurance perspective, when you undertake that risk assessment process, get to the point of knowing what the risk is and you come to the risk treatment – insurance is a way to either avoid or share some of the risk. But have a think around what you are looking for from insurance.
Ultimately, insurers are there to help you in the event of a claim. The product and the words on the page are very important, as is the breadth of cover, but look at the ancillary services that are part of that cover. Can your insurer give you access to IT forensics? Think about what would happen if your website was hacked at 3am and redirected to inappropriate content. Can you call someone that can initiate mobile forensics straight away or will you be put through to an answerphone?
Here are a few other points to consider: does the legal-fees cover ensure that the insurer has specialist privacy lawyers on their panels; can they help with breach notifications, credit monitoring and setting up call centres for customers?
Thank you everyone, it has been a truly fascinating discussion.
For more information visit iod.com/hiscox-business
The IoD – in association with Hiscox – offers a range of business insurance products to protect members against the risks they may face. Products include professional indemnity, office, public-liability and personal accident insurances.
To find out more and benefit from your five per cent discount on Hiscox’s standard rates for business insurances, call 0800 280 0354 or visit iod.com/hiscox-business
Cyber risk: how Hiscox can help your business
1 As businesses evolve and become more reliant on technology, the risk of suffering a loss related to computer system problems, or from holding sensitive customer data, continues to grow. Hiscox has received three times the number of submissions so far in 2015 for its cyber and data product, relative to the previous year.
2 Awareness of cyber risk is growing – a World Economic Forum report this year ranked cyber crime alongside geopolitics, climate change and economic turbulence as one of the top business risks. But according to the Hiscox DNA of an Entrepreneur 2015 report, only eight per cent of SMEs have insurance for e-risks. Yet the risks businesses may face are considerable, including lost revenue, damaged reputation, legal and regulatory costs, and associated business disruption.
3 A cyber and data insurance policy can help protect you. Hiscox offers cover that provides comprehensive protection to businesses for their computer systems and data, all on one single policy. It offers practical support in the event of a data breach (electronic or otherwise), including forensic investigations, legal advice, notifying customers or regulators, and offering support such as credit monitoring to affected customers. Hiscox Cyber and Data Insurance can also provide compensation for loss of income (including damage to reputation) or if a hacker targets your systems or website, meaning you can’t trade.