10 Reasons to buy Cyber Insurance

cyber insurance

10 reasons to purchase Cyber Insurance – Here are some reasons why businesses should consider this form of insurance.

In arriving at the decision to purchase cyber insurance a business will need to carry out a full cyber risk management analysis detailing vulnerabilities and how the businesses wishes to manage their cyber exposures which may impact on its day to day trading activities.

Once this has been determined the outcome to purchase cyber insurance could be driven by the following factors :-

1.Balance Sheet Protection

Helping to help mitigate a catastrophic compromise of computer systems and network that may endanger the livelihood of a business.

2.Risk Transfer Mechanism

To cover cyber security risks that cannot be managed within the business or where the businesses chooses to insure these rather than to retain.

3.Management “Sleep Easy”

Due diligence assurance for the Board of Directors and members of staff that there is a “layer” of coverage outside of the cyber security measures that are already in place.

4. Contractual Requirements

Coverage may be required by clients being part of contractual obligations to trade with a business. Businesses entering into government contracts are required in some instances to purchase cyber insurance. This requirement is likely to increase within the business community.

5.The Regulatory Environment

The forthcoming General Data Protection Regulation will impose compulsory notification of all data breaches and regulatory scrutiny.

6. Own Experience of a Cyber Attack

A business who has already suffered from a cyber attack my require comfort going forward from the coverage provided by this specialist form of insurance.

7. Substitute for further Security Spend

Cyber insurance could be seen as a lower cost alternative rather than investing further in cyber security within the business.

8 Competitive Advantage

The purchase of this form of insurance should sit alongside Cyber Essentials and ISO 27001 accreditation and a sign to other businesses that cyber exposures are taken seriously to its clients.

9. Business Continuity

Help to get a business up and running again post breach to cover increased cost of working and loss of profits so that they maintain their trading position in their business sector.

10. Vendor Proposition

The vendor proposition included under a cyber insurance policy provides post breach legal services , forensic investigation and public relations consultancy.

Cyber insurance is an evolving form of insurance with policy coverage developing on a regular basis. The coverage provided by the insurance market does vary considerably, with over 30 insurers to choose from , it is important that you utilize the services of an insurance broker who possess the requisite knowledge and expertise to guide a business through the coverage options and has the influence within the market to negotiate bespoke policy wordings.

Euro 2016 – The Cyber Threat Landscape

Euro 2016-

Euro 2016……whether you agree with the final England squad going to France for the 15th UEFA European Championships or not, we should all be in agreement that this major sporting event is inevitably going to be a target for cyber criminals.

Some Facts…

24 countries will be represented at Euro 2016 each with 23 players in the squad which totals 552 players in all

2.50 million fans are expected in the 10 stadiums

Overall spend is expected to be E1billion

The event is being broadcast to 230 countries worldwide with 150 million spectators expected to follow each match

650 employees and 6,500 volunteers

Information : Courtesy of Press Kit dated 2nd March 2016

Why Euro 2016?

Major sporting events grab the attention of the entire world but unfortunately this also attracts elements of the population who perceive this as an opportunity to be exploited  ….. the world of cyber crime.

The threat that cyber crime poses to an event such as this is similar to that which exists for any other business but on a much larger scale and with more dramatic consequences due its high profile and the many threat vectors that may exist.

The Cyber Threat Landscape

Some of the targets for cyber criminals are likely to be the following :-

1.The Official Euro 2016 Website

Distributed denial of service (DDoS) attacks preventing access to website by fans.

The accessing of the website by hackers and altering the data such as falsifying the results and tables and providing incorrect information to the public.

Defacement of the website by a hacktivist.

Fans will no doubt access the website via Wi-Fi and vulnerability will exist if they inadvertently log in through a rogue Wi-Fi connection which could lead to the stealing of their personal data.

2.Match Day Tickets

Ticket fraud with the setting up of bogus websites taking fans money and issuing counterfeit tickets.

Website scamming offering last minute match day tickets for the big games with no ticket actually being produced.

3.The Stadiums

Technology will be pivotal in all aspects of the running of the ten stadiums being used in the tournament. Stadium entry, ticketing processing, management of floodlights and associated infrastructure would all be impacted in the event of a cyber attack.

4. Tournament Data 

The event will involve a huge amount of data ranging from credit card data of fans, players confidential information or the database of the organizers which is likely to be targeted by hackers. This could occur through phishing attacks in order to steal personal private information (PPI)and then lead to possible bank fraud of individuals.

5.E-mail Transmission

E-mail scamming could be caused by bogus e-mails set up to obtain players and officials personal information that is disseminated over the internet. The numerous sending and exchanging of e-mails also presents an opportunity or spamming.

6.Media Coverage

World wide coverage will be provided to this event by television companies who will be reliant on technology and the service could be interrupted or even blacked out by a hacker wishing to cause transmission downtime.

7. Computer Network 

The spreading of a malware attack within the internal computer network and third party providers could cause enormous interruption to the running of the tournament. The reliance on technology reaches far and wide ranging from the transportation network to close circuit TV surveillance systems.

8. Mobile Applications 

Fake mobile apps devised by developers to give the impression of the official FIFA app. These have already been discovered by Avast Software’s Jan Piskacek with adware with viruses appearing on mobile phones.

Fake FIFA Apps on Google Play

9.Cyber Terrorism

Cyber terrorism could occur in a number of forms. A ransomware attack would limit or entirely restrict the use of computer systems affecting many aspects of the tournament.

There may be political motivation from countries that want to disrupt the tournament. This could be to make a political stand on an issue or perhaps a country that failed to reach the finals or a country that has controversially been knocked out of the competition.

The threat of remotely controlled drones by cyber terrorist entering a stadium causing disruption and delay to matches.

10.Social Media

Infiltration of social media websites by hackers of the tournament and personal accounts pose a threat to fans , players and officials privacy.

Cyber Risk Management Program

FIFA will no doubt have in place a comprehensive cyber risk management program to manage Euro 2016 which is likely to be broken down into the following :-

  • Identification of cyber risk vectors
  • The mitigation of cyber risk within the tournament
  • The transfer of residual cyber risks that they are unwilling or unable to manage.

Cyber Insurance

Cyber Insurance can assist with the transfer of cyber risks by the following insurance modules :-

  • Network Security Liability
  • Data Privacy Liability
  • Multimedia Liability
  • Network Business Interruption
  • Data Asset Protection
  • Cyber Extortion
  • Crisis Management

A cyber insurance policy also provides post breach vendor assistance helping with data breach notification , forensic investigation and public relations.

Lets hope England’s destiny will not again be determined by a penalty shoot out – if so the team will be need to be prepared, well practiced and above all have the right players taking the penalties …. this can be applied to the cyber security team that is in place to manage and mitigate cyber risks of any sporting event or to that fact any commercial enterprise.

Image Credit – Evan Lorne / Shutterstock