Business Insurance
Personal Insurance
If you were one of the many businesses that were affected across the globe when CrowdStrike’s update caused a large scale outage of key internet systems, or even if you bore witness from afar through news coverage of the topic, you may be wondering what steps you can take to ensure this never happens again: or if it does happen again, what systems you could put in place to minimise its impact.
Here, we discuss the top 5 things you should do right away to protect your business from a cyber incident:
It is always best to have a plan B for any potential risks. Having back up procedures in place that all staff are aware of will enable unforeseen circumstances such as the CrowdStrike outage to be dealt with smoothly and limit business interruption. For example, you might consider an offline system or process. According to the National Cyber Security Centre (NCSC), only 36% of medium and large businesses have a cyber incident response plan in place. You can find their incident response guide here.
In a 2021 survey carried out by Aviva they found that as many as two thirds (62%) of UK SMEs either don’t have business interruption insurance or aren’t sure whether it’s included in their business insurance policy. It is important to contact your insurance broker to discuss what is included and if so, whether there may be any gaps in your current cover.
You may be underinsured if you have selected the wrong policy type due to under-estimation of likely disruption, or over-optimism over your business’s resilience to loss events. To avoid this, ensure you receive advice from your broker over what sums insured are adequate and have them assist you in finding good quality cover to avoid underinsurance if you ever need to claim. Avoid going for a policy just because it is the cheapest one.
One thing that the outage has made many businesses realise is that all business types are vulnerable to a cyber incident; it was SMEs that struggled the most to recover. Joe Tidy, the BBC’s cyber correspondent, highlights the reason “possibly points to these larger richer companies having better resourcing of IT staff and better resilience measures in place”. While hiring more staff might not be financially viable for SMEs, better resilience measures should the worst happen may make all the difference. In our Q&A with cyber expert Marc Rocker, he discusses some key reasons why cyber insurance is an essential for all business types.
Following the incident, CrowdStrike, the NCSC and the BBC issued a warning of a “second wave of disruption as criminals seek to exploit chaos”. Reports of ‘bad actors’ impersonating the CrowdStrike help team to hack into systems presented an additional risk to businesses . Investing in cyber security and educating your staff on good security practices will minimise the risk of an incident.
For more information on cyber insurance, security and business interruption, reach out to your usual Ethos Broking advisor.