Any organisation dealing with electronic data – whether on mobile devices, computers, servers or online – is faced with cyber risks, which are becoming more complex as technology and criminals increase in sophistication. All of this heightens the likelihood of a cyber attack, which can cause significant damage to your organisation’s reputation and bottom line.
We look at the top five risks
1. Data breaches
Councils hold huge amounts of data about individuals and businesses. For example, you store contact details for all residents from the electoral roll, as well as payment card details for council tax payments. You also hold a plethora of personally identifiable information on residents applying for any benefits, including medical records, employment information, financial checks and criminal records.
As for businesses, applications for planning permission, licenses and permits, as well as trading standards investigations, involve confidential corporate data that could cause significant financial loss for a third party if you experienced a data breach.
If you do suffer a data breach of any kind, you may want – or be required – to notify the people or businesses involved.
2. Reputational damage
News of leaks spreads fast, especially in the age of social media, and public confidence in an organisation can diminish within hours. Therefore, any cyber attack situation requires careful management and consideration of the media, customers, staff and stakeholders.
Swift action and a carefully managed PR response is needed to regain trust and protect your reputation.
3. Reliance on IT systems
If your IT systems failed, or you were hacked, what would the effect be on your organisation? An inability to perform basic duties? Lost or delayed applications, whether personal or commercial? Damaging existing supplier relationships and hindering the development of new relationships? Negative publicity?
All of these lead to significant inconvenience and damage to your reputation, as well as potential loss of revenue.
4. The potential cost of a cyber attack
One of the main cyber risks is the sheer scale of the costs involved. For example, councils may be exposed to costs for the following:
- regulatory fines, including those imposed under the payment card industry data security standard
- damages and litigation expenses associated with defending claims from third parties
- diagnosing the source of a breach
- reconfiguring networks, re-establishing security and restoring data and systems
- notification costs
- credit file monitoring
- implementing a disaster recovery plan
5. Inadequate insurance cover
It is unlikely that coverage required in the event of a cyber attack will be provided by standard professional indemnity, directors’ & officers’ or commercial liability policies, and it is also possible that you may not be compliant with your regulatory obligations.
If limited cover is provided, it will not perform in certain claims scenarios, such as virus transmission, business interruption without physical damage to premises, and mandatory and voluntary notification costs.
Managing cyber risks effectively
Organisations can manage their cyber risks by ensuring they have an appropriate cyber liability policy in place – such as AIG’s CyberEdge, which is available through RMP.
It is important that organisations ensure their cyber cover is comprehensive, covering both the obvious and less obvious consequences of cyber risks. For example, the costs of notifying any subjects of a data breach, PR and legal support, recovering lost data, and loss of revenue should all be included.
How can we help you?
For more advice on how we can help lower the cost of your risk, please email firstname.lastname@example.org
You can opt out of marketing communications at any time by contacting us.