Duncan SutcliffeCyber Insurance And Protecting SMEs

Protecting Your Business

• Commercial Combined / Package Policy• Is this sufficient?

•It’s insured•It’s backed up•No worries…

• Lost control of system• Unable to trade• Data disrupted• Everyone contaminated• Data protection act• IP & confidential data• Ransom• Litigation – ICO, regulator, customers, staff• Reputation• Clueless & Hopeless

No worries!

•Insurance Claim >–New Laptop

•Backup >

• Traditional Insurance – Things

• Cyber Liability insurance– Your data– Third party data– Your reputation

• Accidental or malicious causes• Internal or external causes

Cyber Liability Insurance

• Loss, damage or disruption of own data• Loss, damage or disruption of other people’s data• Forensic investigation costs• Legal defence costs• Fines & penalties• PR & reputation management• Extortion• Network interruption costs• Notification costs & credit monitoring

Who needs Cyber Insurance?

• Obvious– Administrative & Online

• Neglected– Control Systems

The Supply Chain

• Suppliers, service providers & contractors

• SME easy pickings & ‘back door’ route• Insurance & Assurance

IASME

A new information standard for SMEs

ISO27001

• International standard• Comprehensive• Difficult & costly for SMEs to implement• Difficult & costly for SMEs to maintain

IASME

• ISO27001 and TSB heritage • Simple & inexpensive• Self assessed or externally audited options• Gold / Silver / Bronze• IASME = evidence of cyber security• Gold IASME = Baseline ISO27001

Process & Costs

• Self Assessment - £250• Audited Assessment

– Risk Assessment– Gap Analysis– Improvement Plan

• Security Policy• Business Continuity Plan

– Formal Audit

Estimated costs

Company Size - number of employees

Basic Consultancy & Assessment

Annual Accreditation Renewal

Up to 10 employees

£2,500 - £4,500 £1,000 - £2,000

10 - 25 employees £3,500 - £6,000 £1,000 - £2,00025 - 100 employees £5,000 - £9,000 £1,700 - £3,000100 - 250 employees

£6,500 - £12,000 £2,200 - £4,000

Conclusion

•Review your business•Review the vulnerabilities•Improve security procedures•Business continuity plans•Assurance & Insurance

Any Questions?