- Holds sensitive customer data electronically, such as names, addresses or banking information?
- Relies heavily on IT systems and websites to operate?
- Has a website?
- Uses email or social media?
- Accepts payments online or by card?
If the answer to any of these is yes, it is important that you address these growing risks.
What are cyber risks?
Cyber risk (which is sometimes known as information risk), can broadly be categorised into three themes:
- Direct, malicious cyber-attacks;
- Accidental information loss or misuse, and
- Physical system failures.
Examples of cyber risks youth charities may face:
A laptop being stolen that holds unencrypted sensitive data on children and young people.
A virus in your computer network resulting from opening a suspicious email attachment.
A hacker demanding a ransom to stop posting offensive content on your website.
How could these risks impact on your organisation?
If you experience a data breach, the cost of fixing problems and operational delays can quickly mount up. Affected clients could sue for damages. Regulations, such as the Data Protection Act must also be considered, because a loss of sensitive personal information may subject you to fines and sanctions from the Information Commissioner.
If your computer systems or website are targeted by a hacker, you may be unable to operate. Any of these situations could cause long-term damage to the reputation of your organisation.
What actions can your organisation take to reduce these risks and their impact?
Although firewalls, encryption, robust anti-virus software and data backup provisions are obvious ﬁrst steps in reducing cyber risk, it is not simply an IT issue. Ensuring the correct governance, management and awareness throughout your organisation are key aspects of cyber security.
Some simple actions you should take:
- Ensure staff are aware of potential threats and vigilant in not handing over-sensitive data or allowing malware into the network.
- Ensure passwords are secure and regularly changed. (A useful tip is to use the £ sign in passwords as most hackers operate a US keyboard which does not have one.)
- Regularly patch (update) software.
- Encrypt all portable devices and consider anti-theft technology.
- Question security of cloud and other service providers.
- Incorporate threat of breaches or incidents such as denial of service into your Business Continuity Plans.
What can insurance cover?
Not all cyber risks can be anticipated or prevented. Also, traditional insurance policies may not cover losses involving information systems. Therefore, an effective Cyber Liability insurance policy should form part of your risk management.
A Cyber Liability insurance policy can cover the following type of losses:
- Breach costs can offer practical support in the event of a data breach including forensic investigations, legal advice and notifying customers or regulators.
- Cyber business interruption cover can compensate for loss of income, for example if a hacker targets your systems and prevents your organisation from earning revenue.
- Hacker damage cover reimburses you for the costs of repair, restoration or replacement if a hacker causes damage to your websites, programs or electronic data.
- Cyber extortion will protect you if a hacker tries to hold your organisation to ransom by covering the ransom you have paid, as well as the services of a leading risk consultancy firm to help manage the situation.
- Crisis containment can provide expert support to mitigate reputational damage.
- Privacy protection cover pays to defend and settle claims made against you for failing to keep people's personal data secure.
Getting the right advice and cyber liability cover
Unity Insurance Services recommends that you speak to a specialist insurance broker who understands children's charities and youth organisations along with their cyber and data risks, so that you get the right protection.
For more information visit the Unity Insurance Services website or call on 0345 040 7702.