As reported in Insurance Times, risk managers may be able to mitigate some glitches in their computer systems similar to the one suffered by NatWest bank in the UK recently.
At the end of June an apparently simple flaw in a routine software upgrade seems to have knocked out NatWest’s entire system. Jeremy Smith, leader of our International Technology, Media and Telecom Practice in FINEX Global, says the NatWest incident highlights the dependency of organisations on their IT infrastructure and the vulnerability of firms when their systems crash.
“Today using computers and logging on to public and private networks has become second nature in both our personal and business lives,” says Smith. “We are all constantly producing and saving data, surfing the net, uploading content and sending and receiving email traffic.
“It is difficult to recall how we were ever able to manage without such technologies, and the benefits they bring. However in creating this new digital world we have also created a byproduct – cyber risks.”
Cyber risks are faced not just by e-commerce companies and those undertaking transactions over the internet but also by companies that store personal data, are reliant on computer or telephone networks, hold digital information or use the internet.
How to Protect Your Company
“Unfortunately, software failures, like data breaches, are very hard to protect against,” explains Smith. “Even the most tested software can fail and even the highest level of training cannot completely cut out human error. That said there are a number of things organisations and their risk managers can do to reduce the possibility of these incidents happening.”
Effective Risk Management
- Define clearly who is responsible for what when it comes to cyber security.
- Use firewall technology.
- Use intrusion detection and prevention systems.
- Encrypt all data.
- Formal incident/breach response plan.
- Implement a formal business continuity plan.
- Take steps to determine what risks are insurable and what must be self-insured.
Smith says while risk managers may not be experts in IT they can utilise their skills in other areas such as contractual indemnities to alleviate these exposures. “When evaluating which third-party IT provider to go for companies should not only ensure that the IT solution is fit for purpose but also check what level of indemnification they are providing for losses.”
Adds Smith: “In the event your business suffers a major software failure or security breach you need to ensure you can recover as much as possible in contract with your IT/hosting provider. Over and above this, cover is available in the cyber insurance market to assist.
Traditional insurance policies do not provide adequate protection for privacy and security risks. For example under general liability coverage, courts have held that data is not ‘tangible property’ therefore liability arising out of theft of personal data would typically not be covered. Companies are now turning to specialist cyber products.