Cyber Security Incident Response Plan

By | Blog

Secure your Defence

Cyber-attacks are so frequently reported there is a danger business leaders become accustomed to the risk without implementing sufficient controls. It is vital that as a minimum, corporations put in place a cyber security incident response plan to ensure they are on the front foot should disaster strike. There is a plethora of threats that vary in size and risk and corporations should consider this an important factor to mitigate their own risks. If an adequate cyber risk mitigation policy is not put into action, the consequences of cyber-attack can be significantly enhanced. A cyber security incident response plan is something that acts as a contingency in event of a cyber-attack. It highlights the steps that need to be taken for a corporation to restore normal business functionality.

Cyber Security Incident Response

Many SME’s believe that they won’t be prone to a cyber-attack and therefore this stance is proven to increase their risk of not recovering from an attack. 66% of companies are not confident in their business’s ability to effectively recover from a cyber-attack. Cyber-attacks on SME’s have been increasing over the recent years. Although they do not have as much revenue compared to larger corporations they are normally easier to be hacked by cyber-criminals. Statistics in 2016 show that 75% of businesses do not have a satisfactory cyber security incident response plan.

The CREST Cyber Security Incident Response Guide indicates 5 main areas of consideration when a corporation is managing its Incident Response Plan:

1. Identifying the Incident:

Your business must assess a possible cyber security incident and determine what if any impact there has been to the networks, systems and database. In addition, you must understand what the type of incident is e.g. malware, DDoS, code exploit etc. Some cyber incidents are harder to detect then others and often they impact customers before the organisation it-self.

2. Investigating the Situation:

After a cyber incident has been identified, it must be investigated to understand how the attack occurred, who perpetrated the attack, when the attack happened and what was impacted.

3. Acting:

A major priority should be making sure that the cyber incident has been contained. This helps your business reduce the impact of the incident. This can be done by blocking unauthorised access and stopping it from spreading to other networks. It is always best to get advice from an expert before disconnecting everything from the internet and power as this can be potentially even more damaging!

4. Recovery:

After acting against the threat, your business should restore all systems back to normal operation and mitigate any vulnerabilities to try to prevent the same type of attack reoccurring. The recovery plan must be updated and tested so that it works in the future. Furthermore, important data should be backed up in case of another cyber-attack.

5. Training:

There should be nominated ‘champions’ in your business that will have knowledge about everything cyber for the general good of the business. They should be able to identify the risks that may occur and maintain good security standards. Individuals within the business should be able to handle incidents and make decisions to handle any incidents that occur. It’s important that the contact details of personnel are available to use in the event of an incident.


Cyber security incident response plans are essential for businesses as the world continues to grow into a larger digital landscape. Cyber-Attacks on SME’s are likely to increase in 2017 and therefore it is vital that UK businesses and SME’s have a good cyber security incident response plan to be prepared to mitigate the risk of being attacked.

How Online Expansion is Increasing the Risk of Cyber Attack

By | Blog


Businesses across the globe from large multi-nationals to small enterprises are embracing the opportunities an ‘online’ presence can offer. On-line businesses tend to regularly out-perform the average speed of the economy. Consumers now not only expect instant and continuous access to a company’s products and services at any given point or place but customers will purchase in many cases with the lowest point of resistance. Those businesses proactively embedding security smoothly and seamlessly in to the customer transaction process are receiving the greatest rewards.

Online Expansion

Online Expansion is the process of a business moving to offer its products and services through digital channels. Businesses are expanding online due to the huge market that is available through the internet and the potential to generate larger and faster revenues. Capital Economics reported that 48% of SME’S are expected to generate their revenue through e-commerce over the coming years meanwhile 45% of all SME’S use e-commerce. It is estimated that revenue growth expectations for SME’s that use e-commerce will grow by 1.8% in 2017. In addition, SME’s that use e-commerce have a customer confidence index score of +7.

There are many different threat actors a business with an on-line presence must consider depending on the industry it operates and territories its customers are based. From state sponsored cyber terrorism for critical infrastructure, to corporate espionage for firms reliant on sensitive intellectual property, to recognised community names for hackers who attack for fun or credibility, to business with perceived valuable financial/health data by criminal gangs the scale and range of threat actors is wide. As a business develops out its on-line presence from offering simple documents and brochures to be downloaded, feedback forms, portals and full e-commerce transaction sites where an exchange of goods or services is made for financial benefit the risk of cyber-attack is present.

Cyber-Attacks on larger businesses such as Tesco Bank have not been enough warning to SME’s to protect themselves properly. RSA’s report states that businesses will only buy the cover required when a cyber-risk/threat becomes a personal issue for them. 53% of businesses with some type of insurance cover said they have been attacked before or know businesses that have been attacked.

A report by “Careers in Audit” in 2016 stated not understanding the risk and technical knowledge of the correct protection against cyber-attacks is allowing this problem to continue. Simon Wright, operations director at, said, “It is clear from our latest research that many businesses are leaving themselves hugely exposed by having weak risk management systems and in some cases, none in place at all”.


Online expansion is a very important step for most businesses to take for growth, however it is important that SME’s understand the cyber risks that can harm a business. If businesses fail to take the right actions, the consequences may cause serious harm to future customer online transactions.

What Should be Covered by Cyber Insurance?

By | Blog


It is no question that Cyber Insurance has been growing in popularity since its introduction to the corporate world in the late 1990’s. For those who are new to this concept, Cyber Insurance is a policy that covers cost, expenses and losses that may arise from a cyber-attack. Having Cyber Insurance will not stop an attack however it will help businesses respond and manage costs of an attack should it happen.


Cyber insurance can be split into three distinct areas of cover: Event Management, Financial Loss and Liability.

Event Management involves the internal and external expenses of managing the response to a cyber event. Cyber insurers vary in the extent of cover provided in Event Management, but in general they recognize that providing access to third party cyber security experts can mitigate the consequences of a catastrophic event.

This is sometimes spearheaded by a cyber response coach, an industry expert responsible for advising a business on how to handle and manage a cyber event. Typically, this will start with an investigation by third parties to establish the extent of the issue. If card data is compromised, then insurers can indemnify the costs arising from a specialist PCI Forensic Investigator (PFI) investigation. Consultation on how to manage legal and regulatory issues will also be covered as well as a crisis communication strategy. Establishing a Call Centre to field queries and providing credit monitoring are the last elements of cover.

Financial Loss considers the increased operational costs and reduction in profits because of the attack. This is known as non-physical damage business interruption, and is typically excluded from property insurance. Should any fines and penalties be issued by regulators (Information Commissioner’s Office) and industry associations (for the loss of sensitive card payment data), then cyber insurers will cover this with the proviso that these are insurable by law. Costs in managing a cyber-extortion situation — and the ransom itself — can also be covered.

Liability tends to impact some months later. Affected individuals or businesses may bring claims or written demands for failing to protect their information. They may seek compensation for financial losses from hacking, or damages from identity theft. In cases where customers are claiming from multiple jurisdictions, cyber insurers can contribute towards defense costs and any resulting damages from multi-jurisdictional claims.


Source – Financial Lines Department, Elmore Insurance Brokers Limited


Choosing the correct policy for your business needs careful consideration. Working with a broker to help guide what events need to be covered is an essential part of the onboarding process.

Hacker World

Cyber Breaches and Where They Come From

By | Blog

The Facts Behind the Attacks

Dependency on technology and network connectivity is expected to remain one of the most likely risks to businesses in 2017. Cyber-attacks are time consuming to manage, costly to remediate and can be catastrophic to a firm’s reputation. It is a looming dilemma for businesses and must be brought further into the corporate limelight. Currently, only a few companies can quantify how great their risk exposure is, which severely limits how they can protect themselves.


SME’s should be aware that they will face growing cyber threats in 2017. Statistics by the RSA group show only 9% of UK SME’s have insurance to protect themselves against cyber threat. This clearly indicates that an alarming percentage of SME’s are not taking the necessary steps to manage a cyber-attack. The digital climate is constantly rising and SME’s are becoming victims of cyber-attacks as they may not have the suitable cyber security protocols in place. Three Quarters of SME’s that were questioned stated that they believe their business doesn’t need cover and are not aware how it would protect their business.

The cyber world has seen a 29% increase in the total cost of a data breach and a 15% increase in per capita cost since 2013. The threats of cyber-attacks are becoming more apparent and it is estimated that there is a 26% probability of a material data breach involving 10’000 lost or stolen records. This could be detrimental to firms and can lead to the biggest financial consequence to organisations… lost customers. This long-term impacting consequence of a data breach can take years to regain the lost customers’ trust.

49% of UK businesses use external host services to host websites or email and to transfer or store data. Many firms are under the illusion that by outsourcing an activity it transfers the risk management process and liability to the third party. This is not the case, if it is your customer information then you are responsible for safely housing that information with the right hosting company. This is further resonated by the upcoming EU General Data Protection Regulation which is shortly to be implemented in UK Law to replace the Data Protection Act of 1998 which currently falls under the remit of the UK’s Information Commissioners Office (ICO). Some facts behind the attacks:

The average total organisational cost of a data breach over the past 3 years is increasing – 2013 – £2.04m, 2014 – £2.21m, 2015 – £2.37m.
The mean time to identify a cyber breach is 201 days and the mean time to contain the cyber breach is 70 days.
Root causes of data breaches – 51% are a malicious or criminal attack, 24% are system glitches and 24% are human errors.


Organisations are still not adequately prepared for cyber-attacks and not even the most highly resourced institutions have the means to eliminate cyber risks fully. Only 57% of businesses have been found to have sought information, advice or guidance in the past 12 months on cyber threats faced by their organisation. With threats of cyber-attack ever more present it is time that companies start the cyber security journey as soon as possible.

• Ponemon Institute – 2016 Cost of Data Breach Study: Global Analysis

Run for Cover! Common Cyber Gaps in Professional Indemnity Policies

By | Blog

It’s a normal day, then out of the blue, you receive a sheepish call from your IT Director announcing the company databases have been hacked and some 30,000 customer details could have been compromised. Immediately a meeting is called with all available Directors, and it is clear that help from outside experts to advise on correct protocols and investigations is required. Prior to appointing any external consultants, a quick look at your Professional Indemnity Insurance (PII) policy is made to see what notification requirements the contract requires and what cover there is to help get you out of this emerging crisis. After double checking with your broker, reality dawns that the PII policy you have may not provide the cover you need.


There are two types of PII policy, the first being called ‘Negligence, Errors and Omissions’, which provides protection where a client may make a claim against you for a negligent breach of professional duty. Not necessarily the case in this scenario.

The other type of PII wording is titled ‘Civil Liability’, and is much broader in the scope of coverage. This gives protection for any claims from clients against you for civil wrong or wrongdoing, actionable at Law including breach of trust or a breach of fiduciary duty.

Importantly the trigger in most PII policies is a claim brought against the company by a client. The cover traditionally is limited to defence costs and damages if the action is successful. Therefore, businesses are covered for an element of data privacy liability risk under the PII policy (subject to the terms, conditions and basis of the wording); however, it would not normally pay for the costs and expenses in managing a cyber-attack, nor the resulting interruption to the business, loss of income, fines and penalties or extortion demands. The insurance industry calls these types of losses ‘1st party costs’, as it is the costs you incur as a business unrelated to your customers.

Cyber Insurance is a policy designed to help you in the event of a data breach or cyber-attack. The breadth of cover can vary widely and there is little uniformity across different insurers, which is why it pays to enlist the services of a cyber insurance expert when choosing your policy.

Some key considerations when considering Cyber Insurance:

Difference in Conditions Clause: Essentially this endorsement should be included in order to specify which policy reacts first in the event of a claim. If properly worded, it will allow the insurance protection you have in each policy to be at its most effective.

A comprehensive Cyber Insurance policy which includes:

• Access to a breach response team who will co-ordinate your rescue plan (IT, Legal, PR)
• Business Interruption protection
• Fines and Penalties including PCI awards
• Cyber Extortion negotiation and digital currency pay-out

If you possessed an adequate Cyber Insurance policy the dreaded IT Director phone call scenario could have been under control and in the hands of experts as soon as you called the helpline provided by insurers.

This type of claim scenario is not uncommon. It is a sobering thought that in 2016 over 50% of UK firms fell victim to ransomware attacks according to Information Week. In addition a third lost revenue and 20% had to halt trading.


It is important for corporations to have a clear and comprehensive cyber insurance policy to mitigate the risks of doing business digitally. Fears of cyber attack is making cyber insurance one of the fast growing areas of insurance. It is estimated that the total written premium globally is £2bn with double digit growth each year. Although this number seems quite high, it still represents a very small proportion of protected business. Many businesses are currently uninsured for the significant risk of cyber-attack.

en_GBEnglish (UK)