What makes a good insurance submission?

By | Blog

During these unprecedented times and hard insurance market conditions, it’s essential to prepare and present a good insurance submission to an underwriter. So, what are the key things to consider about your company’s risk profile?

Background and context

There is always a backstory with a risk presentation. Your business could be an existing policyholder or one underwriters are working with for the first time. Perhaps you operate in a fast-growing sector such as infosec where there are special challenges and requirements. Background and context are essential starting points to help an underwriter judge how to approach and prioritise your enquiry.

Key factors and focus

Before presenting to an underwriter, be certain to clearly demonstrate your motivation and deciding factors. For example, is the priority price, service level or coverage? It’s vital to communicate your buying attitude and challenges to ensure you have the right focus from underwriters.

Right information, right time

Make sure there are no knowledge gaps. You must be fully prepared and have all the correct and relevant information ahead of your deadline. With the majority of us working from home, some turnaround times have increased – and for the moment, at least, it’s not possible for brokers to simply cross the road to get a quote from an underwriter at Lloyd’s of London. Therefore, ensure all your electronic submissions are relevant, accurate, and complete.

For most current submissions, you should include an assessment of how the business has been affected by Covid-19, such as financial impact. And If you are presenting a cyber submission, you should include a ransomware proposal form because of this growing threat. Sometimes you will need many attachments, so make sure everything is clearly labelled and nothing is missing.

Understand emerging and specialist risks

Digital innovations such as crypto and blockchain are transforming the world, but all new technologies and practices have associated risks. Your business activities, geographical reach and customer base may be affected by the rapid pace of change, so you must understand how emerging risks impact any submission when communicating to insurers.  Remember, you must disclose any information that could impact the judgement of an insurer considering insuring your business.

For fintech and infosec businesses, where change is rapid and there are unique needs and challenges, it’s especially important to understand how policy coverage addresses your business. Traditional insurance products may not provide adequate cover for newer risks and business models, so submissions must embrace evolving needs and market trends. This is one of Elmore’s key strengths as an insurance broker. We understand specialist needs, the pace of innovation and regulatory change, and provide the right focus for fintech and infosec businesses.

Written by Tom Abbotts, Client and Operations Executive, Elmore Insurance Brokers Limited.

Changing Jobs During a Pandemic

By | Blog

We’ve lived with Covid-19 for more than a year, and no-one has escaped its effects. Apart from the tragic loss of life, many of the things we take for granted have also disappeared. For example, our familiar office environment and work routines.

Working from home has become the ‘new normal’ for most people, while many others have been furloughed or, worse, made redundant. Against this unsettling backdrop, the thought of changing jobs  – a challenge at the best of times – seems daunting.

For Elmore, rather than being knocked back by the pandemic, it has been a time of continued growth. Thanks to the benefits of technology, the firm has embraced remote working and has even hired new staff.

I’m one of the new hires, having joined the firm in lockdown. It’s a novel experience to start a new job while compelled to work from home and unable to mix with colleagues, but the team has made me very welcome and technology is bringing us together. In fact, as a technology-focused insurance broker, Elmore has made the transition to home working very smooth.

Apart from being able to do my job just as effectively as if I were in an office, I also have the benefit of more time because I don’t have to commute. Time lost to travel is time gained for studying and perhaps obtaining professional qualifications.

Although I’m comfortable working from home, and Elmore has made it easy for me to start my new role, I look forward to meeting my colleagues face to face once the pandemic is over.

Written by George Pearson, Junior Client Executive, Elmore Insurance Brokers Limited.

Insurers’ Supply Chain Under Attack

By | Blog

Even cyber security experts get caught out. A recent cyber-attack on multinational technology provider DXC Technology, which among other services provides incident response for clients, has shown that even experts are vulnerable to attack. This demonstrates the systemic risk of an industry being reliant on one major supplier.

Lessons from the Xchanging cyber-attack

DXC’s managed services subsidiary, Xchanging, experienced a significant ransomware attack which lasted almost four weeks. The firm worked hard to restore access to its operating environment and kept insurers and brokers up to date with progress, but good comms alone doesn’t keep clients happy. The significant delays in processing claims and premiums will live long in the memories of all involved in the related insurance transactions. A poorly handled cyber event can be an easy way of destroying trust that a firm has spent years building. Transparency is key.

Not all firms adopt a transparent approach. After all, finding out a business is subject to possible regulatory or governmental investigation can be disconcerting. Plus, it’s expensive to manage a cyber event publicly and in challenging times a firm may have other spending priorities.

This means that cover-ups happen, but the cost of a cover-up is likely to be higher than the cost of managing an attack well. For example, Uber tried to cover up a breach and was fined USD148m. While the urge to ignore, deny or even remove potentially incriminating evidence is understandable, it must be resisted.

Supply chain risk

It is often said that the weakest link in a business’s cyber security is its supply chain as a firm’s vulnerability increases with its dependence on a critical supplier. This point is illustrated by the DXC cyber event, which has raised questions about the reliability of one supplier responsible for settling USD100bn of premiums and claims for the insurance industry.

Scrutinise risk registers

Cyber risk isn’t just down to a company’s anti-virus or firewall malfunctioning. It comes down to the core operational controls required to monitor and maintain good working practices. A firm should explore every risk, including business interruption, reputation harm and supply chain failure. After all, the likelihood of a solar flare from the sun damaging satellites, communication systems and power supplies has the same probability and impact as a global health pandemic.

It’s essential that firms keep an up-to-date and comprehensive risk register, which is accompanied by insurance mapping to define what risks are insured against and which are not. DXC will more than likely be considering its own business interruption for both lost revenues and the cost of handling the ransomware attack, along with its liabilities to the insurance industry for causing major disruption.

About Elmore Insurance Brokers

Elmore Insurance Brokers Limited advises its clients to actively manage risk to optimise insurance.  Insurance is a partnership between businesses and insurers. This partnership can be significantly enhanced by focused engagement to understand and implement risk management best practice.

Written by Simon Gilbert, Founder & Managing Director, Elmore Insurance Brokers Limited.

Employers Work From Home Liability

By | Blog


The kitchen table has never been in such demand. Cereal is cleared by 9am for it to become a conference stage, complete with virtual background, for the first meeting of the day. The hours that follow include a series of emails, calls, meetings and frantic deadlines, followed by a surface for jigsaws at 5pm, before dinner is served at 8pm. For some, this is the busiest they have ever been.

That aesthetically pleasing bench that was so elegant for friends and family to gather on may not seem like such a good buy now you’re forced to teeter on it for hours, peering into your dainty screen. Or perhaps you’ve been relegated to the bedroom, trying to type whilst balancing your laptop on your knees as you battle the fully stretched and very comfortable house pet for space.

Physical and mental health

Few were lucky enough to have home offices up and running before the coronavirus crisis unfolded, so these challenges are a daily reality for many of us. Two months into lockdown, and we’re starting to notice contemporaries complain of back and neck pains, stiff shoulders and sore wrists. The physical side-effects of home working are taking their toll as most were woefully under-prepared for spending such a long period away from the office.

Our mental health is under pressure too. We’ve lost most of our normal daily structures and routines, our social lives have been confined to screen time and some of us are under serious financial strain as well. A lot of those who were living with depression or anxiety before the crisis have found their symptoms worsening under lockdown and others are finding themselves developing symptoms for the first time as they struggle with isolation in circumstances they have never faced before. It’s not only those facing lockdown alone that are suffering, with relationships coming under strain as couples and families are now forced to live, work and socialise exclusively together under one roof. No one imagined a 24/7 marriage as they glided down the aisle that happy day.

These physical and mental challenges make the management of work-related stresses and strains much more difficult. Moods are fractious and necks are stiff. As an employer, the work-related physical and mental health of your staff is your responsibility and you can be held liable for any injury incurred by your employees if this arises from a failure in your duty of care to them.

The realities of self-isolation are unlikely to end in the near future. Those living with vulnerable persons cannot return to the daily train commute for fear of returning home with the virus and, if desks and other work-stations need to be at least two metres apart, it is estimated that there will be only be space for a third of us to return to work at any one time. Sadly, at the present time a safe return to the office in ‘back to normal’ mode looks months away.

You’re not moving my sofa

The employer’s duty to minimise the risks to its employees means that there is currently no alternative to staff being required to work in unregulated home-working environments. Undertaking home-workplace assessments becomes a duty of every employer and those employees that do not meet the necessary standards will either have to forego any liability or take action to meet the employers work from home requirements.

At the time of writing, there is almost no direct government guidance on employers’ responsibilities to prevent physical or mental injury to their employees for prolonged periods of home working. The Chartered Institute of Personnel and Development (CIPD) is one of the few bodies providing guidance for employers, with free work-from-home risk assessments and policy updates. Other sources include the Health and Safety Executive (HSE) and ACAS, whose advice can be found via the following links:

Potential Claims

As homeworking looks set to continue, employers may soon be reaching for their Employers Liability, Employment Practices Liability and Directors’ & Officers’ Liability insurance policies and may need assistance from their insurance advisers to deal with claims. Some examples of how claims might arise out of homeworking include:

Employers Liability:

  • An employee suffers repetitive strain injury or back pain because the computer equipment has not been set up in a way that minimises the likelihood of these conditions;
  • Bodily injury if the employee contracts COVID-19 because they were exposed to an unsafe environment, which may include having no alternative but to commute on a crowded train.

Employment Practices Liability:

  • Allegations of discrimination if the company is managing risks differently in relation to different locations, teams or individuals;
  • Constructive dismissal if an employee believes they were retaliated against because they opted out of a work-related event or meeting due to concerns over coronavirus.

Directors’ & Officers’ Liability:

  • An employee directly names a director as responsible for a failure to protect their physical or mental health;
  • Claims for lack of preparedness and poor contingency planning – companies may find themselves facing allegations that they were under-prepared to address virus-related operational risks whilst at the same time ensuring staff well-being.

Cyber Liability:

  • An employee may accdiently or intentionally cause a breach of other employees peronal data that leads to a legal action against employers
  • The Company may misuse details of employees working conditions/requirements which could be deemed a breach of privacy.

For now there are no contagious disease exclusions on these policies but this may change, as a ‘covid-19 exclusion’ is currently under consideration in the insurance market.

About Elmore Insurance Brokers

Elmore Insurance Brokers Limited advises its clients to actively manage risk to optimise insurance.  Insurance is a partnership between businesses and insurers. This partnership can be significantly enhanced by focused engagement to understand and implement risk management best practice.

Written by Simon Gilbert, Founder & Managing Director, Elmore Insurance Brokers Limited.

Social Inflation Risk To Directors And Officers

By | Blog

The spread of social inflation

The speed at which the coronavirus has spread around the world illustrates the effectiveness of globalisation. In just a few months, one virus in China has infected 2.2 million people and reached over 180 countries. It isn’t just viruses that travel at this speed. Globalisation and greater global connectivity have allowed social trends to travel from backwater to high-rise within hours, and therein lies one of the major risks facing today’s Directors and Officers.

Trust in corporates and politicians has been undermined by the perfect storm of financial crisis, political scandal and poor corporate practice, among other themes. This social trend may have started small, but globalisation has allowed it to reach every corner of the globe. We’re now seeing an exponential rise in litigation action against corporates and their Directors and Officers, supported by the tailwind of increased third-party litigation funding. The trend is known as social inflation: an increased rise in claims as the same social trends are repeated throughout the world, and it’s something a Director or Officer can insure against.

Repeated failure

The economic instability and anti-corporate sentiment that followed the 2008 global financial crisis gave rise to societal unrest. Those that lost their livelihoods and homes wanted answers and they didn’t trust the mainstream politicians to provide them. Society began to look to the politicians who broke the mould and suddenly support had risen for populist parties across the globe. As society looked for answers in a new political landscape, they also became less enamoured by the corporate machine that powered the wheels that drove the financial crisis in the first place.

This dissatisfaction with corporate culture and the political mainstream has coincided with a rise in social empowerment and third-party litigation funding, giving this anti-corporate sentiment serious financial and crowd backing. Third-party litigation funding is now a significant industry in itself and one which is reshaping litigation around the world.  In 2019, the management of Burford Capital (one of the leading litigation funders) felt the might of the crowd as it was targeted by Muddy Waters, the infamous short seller, resulting in a 50% drop in their share price. There is serious weight to the threat of social inflation, no one is immune.

Implications and actions

This trend has now reached every corner of the corporate landscape and with it, a significant rise in the potential for litigation. In many jurisdictions around the world, if the decisions made by directors and officers of corporations lead to adverse outcomes for the company or its stakeholders, those individuals can now be held personally liable. The personal consequences are more acute if Directors and/or Officers can be shown to have acted in an imprudent or unprofessional manner. As such, Directors and Officers must be more vigilant than ever to follow best practice and ensure good corporate governance is at the heart of their business.  This is a challenge at the best of times, but under remote working and times of crisis this will be even more difficult, with lines of communication and protocol inevitably overlooked or side-stepped in the need to respond. This causes immediate risk.

Directors and Officers that are doing all they can to promote best practice, act with necessary and appropriate due diligence, and operate with corporate social responsibility at the core of their organisations culture will be less likely to fall foul to such forces. Boards can go further to protect Directors and Officers by taking out Directors and Officers insurance to offer indemnity against many of the issues they face.

In light of this rising trend, buyers of Directors and Officers insurance should seriously consider the adequacy of their limits of indemnity and review their wider insurance position.

About Elmore Insurance Brokers

Elmore Insurance Brokers Limited advises its clients to actively manage risk to manage down premiums.  Insurance is a partnership between businesses and insurers. This partnership can be significantly enhanced by focused engagement to understand and implement information security risk management best practice, which includes cyber insurance.

Written by Simon Gilbert, Founder & Managing Director, Elmore Insurance Brokers Limited.

Cyber Insurance In A Health Pandemic

By | Blog

Cyber criminals prey on the vulnerable

Isn’t there enough to worry about at the moment without the additional risk of a cyber-attack? The saying, “it never rains but it pours” is the cruel reality that some individuals and businesses find themselves in, fighting a war on both sides.  This is the environment in which cyber criminals thrive.

As fear and uncertainty grip the world, we are not just fighting the deadliest global pandemic in a century, but also operating under the enhanced threat of cyber-attacks.

The risk to individuals and business is growing as the global shift to remote working gains momentum.  Laptops and pcs are now in short supply and many businesses are scrambling for resources.  One IT Security expert from Blackfoot Cyber Security said, “some workers are reverting to remote working on poorly configured networks, with unsecured devices and inferior security practices”.

With many business continuity plans now activated there is additional risk that these plans are not tested or designed for prolonged exposure.  Standard business security posture is typically reduced significantly with remote working.  Controls, processes, systems and data are exposed.  Even national critical infrastructure such as mobile networks are creaking with the rise in voice calls leading to dropped calls and major outage.

Mitigate the impact

Businesses can take some quick actions to improve their remote working security:

  1. Require VPN to access the Internet, with 2FA to access company resources.
  2. Run AntiVirus on startup – users should not be able to change AV settings.
  3. Make workstation AV logs available to central systems admins.
  4. Train workers on the risks of working remotely.
  5. Follow the work from home guidance from NCSC

The impact of a pandemic on cyber insurance

Cyber insurance has never been tested by a global health pandemic, but generally the policy should respond to most types of cyber-attack.   At the time of writing, there are no specific exclusions in relation to the pandemic but that is likely to change soon.  Insurance regulators have instructed UK insurers to be ‘flexible’ when considering policyholders’ responses and claims in view of the pandemic.

Cyber insurers typically underwrite assuming an incident response plan (IRP) disaster recovery plan (DRP), and most relevant now, a business continuity plan (BCP) is in place to ensure a business can operate should a major disruption occur.  For many businesses that means staff are remote working.

Insurers would expect a policyholder to be following the same processes as if the workforce was operating from their offices.  If insurers discover the controls disclosed were not complied with at the time of a claim, cyber insurers will have to consider the impact of that and whether the business acted in reasonable best efforts to operate as was disclosed to insurers.

Don’t forget the small print

There are exclusions in a cyber insurance policy that might be triggered by a health pandemic:

  • Change in risk profile

Some insurers will expect to be notified if devices being used for work purposes do not have the same level of security as the corporate network.  Similarly, if the security methods used by the workforce to connect to Gsuite/O365 have changed due to remote working.

  • Government-mandated shutdown

Typically, cyber insurers do not cover mandated shutdown of a business’s computer system by order of any governmental authority.  However, it’s unlikely that a government order of ‘stay at home’ or ‘lockdown’ would trigger this restriction in cover.

  • Failure of mobile networks

This is a standard exclusion in most cyber insurance policies and extends to include the failure of any other utility providers (i.e. power, satellite, internet and water) causing a cyber insurance loss.

  • Physical events

Any fire, flood, earthquake, volcanic eruption, explosion, lightning, wind, hail, tidal wave, landslide, act of God or other physical event which has a physical nature to it will typically be excluded by cyber insurance.  There could be grey areas of coverage if sickness were to be the trigger for a physical event that became the cause of a cyber event.

  • Acting as prudent uninsured

There may be restrictions to this due to incapacitation of the workforce.  Typically, insurers would expect a response in a timely and reasonable manner as if the policyholder was acting as a prudent uninsured.  However, at times where the workforce neither has the access or capability to provide a standard response, it could increase the scale and threat of a cyber-attack.  This would need to be reviewed on a case-by-case basis by insurers.

Making a claim during a pandemic

Cyber security incident response is one of the few emergency services that can be provided remotely to investigate and, in some cases, remediate a cyber-attack.  Cyber insurers typically engage best-in-class cyber security incident response experts who have the capability and expertise to handle incidents virtually and not in person.

The first 72 hours after the discovery of a cyber attack are the most critical to managing the consequences and potential fallout.  For a business to manage the simultaneous effects of a major cyber-attack during a pandemic situation, it is essential to establish a successful partnership with cyber insurers’ incident response providers that is both timely and effective.  Cyber insurers’ 24×7 around-the-globe response capability should still apply, with on-the-ground assistance if needed.

Of critical importance in the earliest stages is the need to communicate the situation to all members of the workforce as swiftly as possible, with clear instructions on any action individuals might need to take to support the recovery process or, possibly, to avoid because of the risk of potentially worsening the situation. Clearly, off-line communications channels need to be firmly established in order to ensure that this contact cannot be interrupted or prevented by the cyber event.

Elmore Are Remote Working

By | Blog

In line with best practice and the safety threats of the Coronavirus/Covid-19 global health pandemic, Elmore Insurance Brokers Limited have implemented remote working for it’s employees providing them with the necessary tools and technologies needed to maintain the usual working processes.

Under these exceptional circumstances, we are unable to guarantee the usual level of service and accessibility on all lines of business and insurance.  In some cases insurers may not be available due to incapacitation and there maybe a delay in renewing existing policyholders insurances and onboarding new policyholders coverage.

We therefore request your understanding in these difficult times, but rest assured, we are dedicated in continuing to work through this period where possibilities of meeting in person are limited.

We plan to begin communicating with you earlier than usual to ensure sufficient time is available to complete tasks.

As we have more updates, that are specifically of relevance to you and your Policy, we will share it.

Stay safe, stay well.

European Union Flag

EU, GDPR and Brexit

By | Blog


The EU General Data Protection Regulation (GDPR) will become legislation in May 2018 which will be a significant change for UK businesses. GDPR will introduce new laws such as substantial fines for processing data with the consent of data subjects. This regulation will update various elements of the Data Protection Act 1998 (DPA98) bringing in new requirements for UK companies to adhere to. Regardless of BREXIT, European law will continue to be in effect for 2 years after Article 50 is triggered, and the ICO have stated EU GDPR will be embedded into revised data protection laws in the UK from 25th May 2018.


This new legislation is designed to allow individuals to manage their personal data as well as allow businesses to better access a digital single market with a unity of regulations throughout. The GDPR was ratified and became law in the EU in 2016. Member states in the EU have a two-year implementation period and enforcement of the regulation should commence by May 2018.

Implementation of GDPR will allow regulators to have the authority to issue fines and penalties equal to 2% of a business global revenue for any violation against security, record-keeping and privacy impact assessment obligations. In addition, violations related to data subject rights and cross-border data could result in fines of 4% of the businesses global turnover.

Data Protection Officers (DPO’s) will also need to be appointed for larger firms. Responsibilities of the role include advising employees of their obligations to comply with the GDPR and monitoring compliance. Like the DPA98 the GDPR will require data controllers to have a proper reason for processing personal data. In addition, the GDPR has a “right to be forgotten” law which requires data subjects to erase personal data if requested to do so. Data Processors who are not subject to the current DPA98 must follow certain new requirements of the GDPR and there will be great obligations when outsourcing processing of data to third parties which could lead to compensation in the event of non-compliance. A guide to GDPR can be found: here.


GDPR is one of the most significant changes to European legislation in a generation. Regardless of BREXIT the EU is one of the UK’s largest trading partners and as such anything less than a mirror image of the regulations will only be a hindrance for the UK when negotiating its exit from the EU. UK businesses therefore have a matter of months to get up to speed and comply with a range of new onerous data protection regulations. It is recommended as a first step a cyber risk team should be created internally to bring together the different stakeholders of the business and plan how the regulation will impact the business, its customers and what needs to be done as a priority to comply.

The Cyber Risk Team

By | Blog


Forming a cyber-risk team is becoming increasingly important as the rate of cyber-attacks on UK businesses continues to rise. It is an essential way to help mitigate the risk of cyber-attacks. Only 13% of CEO’s in the UK are responsible for the cyber risks in their business, meanwhile 90% of CEO’s still neglect it. Having a team will allow businesses to have wider insight as to how to effectively manage their cyber-protocols.


Cyber-risk teams are groups within a business that normally comprises of the CEO and board directors as well as cyber-experts such as CTO’s and CIO’s. They analyse the performance of their cyber-security and the data of the business. The team should discuss recovery plans such as how to restore normal business functionality if an attack was to occur. In addition, the team should analyse if staff are trained and experienced enough to understand and mitigate cyber-risks themselves. Other topics of discussion may include how vulnerabilities are identified, monitoring software being used and how regulatory requirements are being met.

A survey by ComRes showed that only 13% of 200 businesses stated that the managing director is responsible for the team, 9% named the financial director. 52% of businesses delegated responsibility to the CTO’s and CIO’s. These figures show that while businesses do understand the importance of having a cyber-risk committee, CEO’s are not taking enough responsibility to personally evaluate and analyse the potential risks. Furthermore, a government cyber report of FTSE 350 companies stated that only 33% of businesses had a clear understanding of their key information whereas 67% only had an acceptable understanding. This is alarming when considering the increasing rate of being attacked.

The Cyber Security Breaches report showed that the percentages of board members responsible for cyber security differed from the size of each firm:

• 21% for Micro firms
• 37% for Small firms
• 39% for Medium firms
• 49% for Large firms

Overall 51% of UK businesses have tried to identify cyber security risks in various ways such as:

• Internal audit
• Risk assessment covering cyber security risk
• Invested in threat intelligence
• Regular Health checks

Out of all types of businesses, SME’S have taken slightly longer to recover from a cyber-breach. 24% against 14% stated it took a week to recover from their worst breach. Most SME’s are not concerned or taking enough action against cyber-threats, therefore having a cyber-risk team may allow them to identify their vulnerabilities and have better protection for their firm.


Although many businesses have not yet formed a cyber-risk team, the awareness of cyber-risks has largely increased in recent years and it is predicted that most businesses will create an internal group of some nature to maximise their cyber protection. “Boards fully discuss, report and become an expert on accounting policies, health & safety, CSR and executive remuneration, however, this is not the case with a company’s most valuable assets: its data and information. It’s time to take control and be proactive” – Rob Cotton, CEO of NCC Group


Cyber Security Incident Response Plan

By | Blog

Secure your Defence

Cyber-attacks are so frequently reported there is a danger business leaders become accustomed to the risk without implementing sufficient controls. It is vital that as a minimum, corporations put in place a cyber security incident response plan to ensure they are on the front foot should disaster strike. There is a plethora of threats that vary in size and risk and corporations should consider this an important factor to mitigate their own risks. If an adequate cyber risk mitigation policy is not put into action, the consequences of cyber-attack can be significantly enhanced. A cyber security incident response plan is something that acts as a contingency in event of a cyber-attack. It highlights the steps that need to be taken for a corporation to restore normal business functionality.

Cyber Security Incident Response

Many SME’s believe that they won’t be prone to a cyber-attack and therefore this stance is proven to increase their risk of not recovering from an attack. 66% of companies are not confident in their business’s ability to effectively recover from a cyber-attack. Cyber-attacks on SME’s have been increasing over the recent years. Although they do not have as much revenue compared to larger corporations they are normally easier to be hacked by cyber-criminals. Statistics in 2016 show that 75% of businesses do not have a satisfactory cyber security incident response plan.

The CREST Cyber Security Incident Response Guide indicates 5 main areas of consideration when a corporation is managing its Incident Response Plan:

1. Identifying the Incident:

Your business must assess a possible cyber security incident and determine what if any impact there has been to the networks, systems and database. In addition, you must understand what the type of incident is e.g. malware, DDoS, code exploit etc. Some cyber incidents are harder to detect then others and often they impact customers before the organisation it-self.

2. Investigating the Situation:

After a cyber incident has been identified, it must be investigated to understand how the attack occurred, who perpetrated the attack, when the attack happened and what was impacted.

3. Acting:

A major priority should be making sure that the cyber incident has been contained. This helps your business reduce the impact of the incident. This can be done by blocking unauthorised access and stopping it from spreading to other networks. It is always best to get advice from an expert before disconnecting everything from the internet and power as this can be potentially even more damaging!

4. Recovery:

After acting against the threat, your business should restore all systems back to normal operation and mitigate any vulnerabilities to try to prevent the same type of attack reoccurring. The recovery plan must be updated and tested so that it works in the future. Furthermore, important data should be backed up in case of another cyber-attack.

5. Training:

There should be nominated ‘champions’ in your business that will have knowledge about everything cyber for the general good of the business. They should be able to identify the risks that may occur and maintain good security standards. Individuals within the business should be able to handle incidents and make decisions to handle any incidents that occur. It’s important that the contact details of personnel are available to use in the event of an incident.


Cyber security incident response plans are essential for businesses as the world continues to grow into a larger digital landscape. Cyber-Attacks on SME’s are likely to increase in 2017 and therefore it is vital that UK businesses and SME’s have a good cyber security incident response plan to be prepared to mitigate the risk of being attacked.

en_GBEnglish (UK)