For the majority of schools in Northern Ireland, digital working processes dominate. E-mail, networked computers, smartphones and a range of handy apps drive the way we communicate.
In addition, schools have access to some very sensitive data around children and staff relating to health, financial and safeguarding issues and the regulatory regime is tightening in terms of obligations and responsibilities around use and control of such data.
With such complexity emerges a variety of threats: from viruses and disruptive malicious software to hackers, criminals and cyber saboteurs.
In response to these heightened threats and the risks they pose to Voluntary Grammar and Integrated Primary & Secondary schools, there have been significant developments within the Cyber and Data Risk Insurance sector, including its role in supporting and protecting a school should it fall victim to a data breach.
Why Does A School Need Cyber And Data Insurance?
The tasty targets for cyber criminals are personal information - nice for ID theft – and banking details for straightforward access scams like phishing.
The damage to a school following a Denial of Service (DoS) attack, can be financial, reputational, legal and regulatory in nature – and far reaching in its impact.
Is My School At Risk?
Ask yourself the following questions:
- Do we hold sensitive data such as names, addresses, financial information or other confidential records?
- Are we reliant upon computer systems and/or email and the Internet?
- Do we have a website?
- Do we operate a payment card industry (PCI) merchant services agreement?
Answering ‘yes’ to any or all of these questions means that you should be carefully considering a Cyber and Data Insurance policy.
Good Cyber cover doesn’t just stop with incidents involving electronic or online interference – it should also protect your communications more broadly to include areas like private data and communications in all formats – electronic or otherwise.
Cyber Risk Case Studies
Employee Information Compromised
The school became aware that a number of its employees were being subject to a tax fraud – tax refunds had already been secured in their names. Supported by our breach response team and external forensic teams, the school confirmed their systems were secure and the cause was likely an external provider. Our breach response team provided notification advice and credit monitoring services to the affected employees, with each receiving credit protection product for one year.
Ransomware
An insured’s employee clicked on a malicious link which resulted in the download of a CryptoLocker ransomware – malware that encrypts the system it attacks and demands payment to release. Assisted by our breach response team and external forensic teams, the insured’s internal team was able to restore elements of the compromised data, but the issue resulted in paying over £5,000 in extortion payments using a cryptocurrency – which insurers have covered.
Theft
Several employees at an educational institution received an apparently internal email mid-month informing them of a salary increase directing the recipients to a link taking them onto the institution’s intranet login screen. The fraudster clicked and logged in, triggering the immediate transfer of their user ID/Password and they were able to use the stolen IDs to access the real intranet site and the personal data therein. The salaries of the individuals were then criminally diverted to a third party bank account with losses in excess of £20,000 to the individuals in question. The institution did not purchase Cyber cover. Risk Management advice was provided around updated advices to employees about clicking on embedded links within emails to prevent future incidents. Advice was also provided about internal cyber security procedures.
Cyber and Data Cover - Cover Includes:
Cyber Liability
- Breach Response Costs
- Regulatory Defence Costs
- Security and Privacy Liability
- Cyber Extortion
- Multimedia Liability
Cyber Business Interruption
- Revenue lost as a result of a network disruption
- Digital asset restoration
How Has Cyber Cover Evolved?
The cost has significantly reduced as competition between insurers increases. Gallagher has its own facility backed by one of the leading insurers on which competitive rates have been secured.
It now comes with additional value added services as follows:
- 24/7 response line service provided by experienced breach response vendors to provide support at all times
- A risk management offering from NCC provided free (bearing the UK government cyber security benchmark)
- It is an easier process with 4 to 5 simple questions to obtain an indicative premium which can be bound easily with a completed form.
