1. Cyber crime only happens to big organisations
This has to be the biggest myth of them all, when it comes to small and medium sized enterprises (SMEs) and the modern-day scourge of cyber crime.
How many owner-managers are operating under the misplaced belief that hacking and digital fraud only happens to organisations with deep pockets and large customer bases?
Complacency of this type makes SMEs even more vulnerable to date security and privacy problems. Because it draws the attention of cyber criminals, who feel smaller organisations are a “soft target”.
Especially as SMEs tend to rely on digital systems that are less sophisticated than big companies with dedicated IT teams.
So, though it is the big brands and massive data breaches that hit the headlines, beneath the surface this insidious issue affects SMEs daily.
According to the Government’s Cyber Security Breaches Survey 2018, 43% of businesses in the UK had a cyber security issue in the previous 12 months. Yet, less than a third of businesses have a formal cyber security policy!
Creating a virus or some other cyber attack that hits multiple small businesses at once is “child’s play” to this ever-more sophisticated type of criminal.
The misconception that your organisation is safe could stem for failing to grasp that fact, or even under-estimating what cyber crime actually entails.
Incidents of hacking, business disruption from malicious software (Malware) or attempts to extort money (ransomware) are unmissable.
However, data loss takes many forms. It includes accidental data breaches and misplacing devices containing sensitive information. It also covers the epidemic of identity thieves and con artists who use illegally acquired data with such ease.
Did you know there is software that can map your keystrokes, to obtain passwords and other information? This can lead to money leaving your bank account, or your business accounts making major purchases without your knowledge.
You must be ready with a strong plan to react, take control of the situation and minimise damage. Including a swift cyber insurance claims procedure to help you to keep trading.
2. Cyber insurance is too expensive
Setting aside the fact it compares favourably with other vital risk cover for modern businesses, there’s a more important question to answer. Can you afford not to have cyber insurance?
First, you face punitive fines inflicted under the General Data Protection Regulation.
But there’s a far more serious, long term financial problem for SMEs.
Consumers are cautious about giving their information to companies, as they are fully aware of the rampant nature of data loss and the likely impact on them.
If you break their trust, winning back your reputation (and their custom) could be a long process. That’s if you can keep on trading in the face of serious disruption to your business functions.
Having sufficient insurance cover – and a quick, efficient claims process – could literally be the difference between recovering or going under as a business.
Making affordable cyber insurance premiums seem like a drop in the ocean compared to what you stand to lose!
3. We back up on the Cloud, so we’re safe
If only it was that simple.
As mentioned above, data breaches come in all shapes and sizes.
Backing data up to encrypted Cloud platforms is advisable for data management. However, it’s not a cure-all.
Your data is vulnerable the entire time it is “in motion” within your organisation. This extends from the moment someone provides personal information, to the point at which you dispose of data in a timely and appropriate fashion.
If – like most small businesses – you use various devices and possibly different software systems, data can be inadvertently lost at multiple points. Or indeed, hacked into or disrupted by evermore sophisticated cyber criminals.
As cyber criminals are constantly evolving to keep pace with firewalls and other preventative measures, you can’t stand still either.
You need a “tool box” of data security measures, including regularly updating your software, constantly auditing your data management and keeping cyber insurance up to date.
4. We don’t store financial or other sensitive information
There’s a widespread misconception about what “personal data” actually is.
Ask yourself this, does your organisation have email addresses, or the names of its staff and suppliers stored on any devices including mobiles? Data laws cover personal information of all kinds.
Nor does this information need to be captured and stored for a substantial amount of time for it to “count”. The moment you request or use data – no matter how temporary or transitory it is – you become vulnerable to data privacy and security risks.
How many spam emails or texts have you received recently, no matter how scrupulous you are about not clicking on dubious websites or downloading software?
Cyber criminals are ingenious in the ways they can acquire and misuse email addresses and mobile numbers.
Now imagine how creative they can get with eCommerce databases!
5. If the worst happens, data is covered under my existing insurance cover
With so many other business priorities and pressures, it’s not surprising that some owner-managers don’t read the small print of insurance policies.
Which can leave them badly under insured on various fronts. Or, potentially not covered at all for substantial modern-day business risks!
This includes having inadequate or non-existence insurance cover for data loss.
It’s too big an issue to leave to chance, or to the hope that you can make a claim on general business cover.
You need to be 100% sure that such matters as business interruption and legal action are mandated for within specific cyber insurance.
Incidentally, focusing on having specialist cover for your data management risks can also save you money. You could be paying premiums above what is needed, if you lump cyber security into “off the shelf” business insurance.
6. We outsource IT support, so we’re fine
As data management is such a complex and quickly changing arena, many small businesses prefer to outsource it to specialists.
This too can lead to the myth that cyber insurance is largely redundant.
Data flow – like a chain – is only as strong as its weakest link.
If you have a data breach at any point in your business operations, including as information passes to and from third parties, you are still considered to be at fault.
Also, if a third party doesn’t take sufficiently robust steps to protect your data, there is a real risk that you will be the one facing the wrath of customers, suppliers, staff and other people who placed trust in you.
Is it worth taking a gamble, and thinking cyber crime “won’t happen to me”?
As yet, no one has invented a complete and foolproof solution to data breaches and other digital nightmares.
However, a cyber insurance policy can go a long way to helping you to respond quickly, decisively and successfully.
Sources: The Governments 2018 cyber security breaches survey https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/702074/Cyber_Security_Breaches_Survey_2018_-_Main_Report.pdf