Unpredictable and diverse in nature, these attacks range from high volume, opportunistic attacks to highly sophisticated and persistent threats involving bespoke malware.
The effects can cause remarkable financial and reputational damage that can be devastating for local authorities and have a significant impact on already stretched budgets. The cyber threat and the need for insurance protection therefore needs to be high on every local authority’s agenda.
Despite this, many local authorities still remain unprepared for a true cyber-attack. To be more secure, organisations need to get the basics right. Start by understanding the risk you have. You must conduct regular, preferably continuous, assessments of configuration and vulnerability risk across your IT systems. Then ensure systems are regularly patched and upgraded. Following these basic security hygiene rules will go a long way to making your systems more secure and the attackers’ job more difficult.
The introduction of the General Data Protection Regulation (GDPR) on 25 May 2018 added new risks should an organisation experience a cyber-attack. Organisations must be able to demonstrate that they are adequately protecting the data they hold on individuals, and they must also report an attack to the Information Commissioner’s Office (ICO) within 72 hours of discovering the breach, or you could face extreme penalties of up to €20 million or 4% of turnover (whichever is greater).
Did you know?
- The UK’s local authorities are facing an unprecedented barrage of cyber-threats, amounting to almost 800 every hour in the first half of 20191.
- Of the 203 councils that responded to our Freedom of Information (FOI) requests, nearly half (49%) had been targeted since the start of 2017, with over a third (37%) attacked in the first half of the year2.
- Over the first six months of 2019, those councils experienced 263 million attacks — a number that is likely to be much higher if those authorities which chose not to answer the FOI request were factored in3.
- Just 13% of local authorities have cyber insurance4.
- £2.82 million is the average cost of a data breach5.
- Only 70% of businesses encrypt personal data6.
- Cybercrime now accounts for more than 50% of all crimes in the UK7.
- Nearly half of local government workers do not know what ransomware is8.
- More than three-quarters of public sector workers (77%) have been given no instruction in how to recognise ransomware9.
- 42% of public sector workers have not heard of, or know what, two-factor authentication (2FA)10.
Cyber insurance explained
Cyber insurance transfers the financial risk away from an organisation should it fall victim to cybercrime. It helps organisations recover in the event of a cyber-attack that compromises or paralyses your commercial systems or data. The most effective policies, designed around the specific needs of a Local Authority, should provide comprehensive coverage that’s simple to understand and easy to deploy.
As cyber risks evolve, so does our approach
When it comes to cyber security, we know that robust insurance coverage is paramount to your organisation, which is why Gallagher’s cyber team offers bespoke solutions, that can help you to mitigate, manage and recover from your cyber liabilities.
Understanding our clients risks
We understand that every business and the risks they face are different, from data breaches, malicious attacks (such as distributed denial of service (DDoS) attack, malware, spyware or ransomware), fraud and social engineering, to human error or the failure of a service provider. As a result, we take a consultative/advisory approach, assessing your own particular cyber risks and exposures and help you develop a cyber protection programme and risk management procedures tailored to your business to help prevent threats before they arise.
What makes Gallagher different?
Our team is proud to deliver a level of service that we believe is greater than the competition:
- Strong market relationships. Our strong, well-established relationships in the London and international markets means we can leverage these to obtain effective cover for our clients.
- We are innovative. Security risks are changing at a rapid pace, which means that cyber insurance needs to develop just as quickly. We have a culture of continuous improvement, meaning we are always looking for new and improved ways to service our clients in an ever-changing risk climate.
- Our broad experience. The diversity of our book means we understand risk from many different industry perspectives, enabling us to provide greater levels of strategic insight.
Client focused solutions
All of our cyber protection programmes are carefully designed to provide comprehensive cover for a range of risks including: -
- Cyber extortion and cyber terrorism
- Data asset loss
- Business interruption and loss of income
- Breach response costs
- Regulatory investigations and defence costs
- Civil fines and penalties (a major concern with GDPR)
- Litigation damages and costs from individuals/class actions
- Multimedia liability
Extensions are available for reputational damage and cybercrime.
Going beyond pure risk transfer
We can assist by drafting risk management procedures, as well as recommend breach response vendors such as law firms and IT forensic consultants. Should an incident occur that requires a robust response, with this level of support we will be able to respond efficiently.
Putting your insurance to the test
We understand that a claim is the true test of your insurance policy and your broker – which is why our claims are handled in-house alongside our cyber risk insurance brokers. Our 24/7 cyber breach hotline straight to legal experts means we can rapidly respond to your queries, breaches and claims.
Our claims professionals take the time to understand your business, working closely with your broking team at every stage of the claim lifecycle, acting as an extension to your own in-house team. They will use our leverage and relationships in the insurance market place to ensure that we achieve optimal results from our claims negotiations.
In addition, we maintain active involvement throughout the life of each claim, avoiding the ‘drift’ which can occur when insurers are left to their own devices, to ensure we deliver on our service.
The Impact of COVID-19 on Cyber Risk
In our ‘Talking Risk Webinar’ series, Johnty Mongan, Cyber Risk Consultant at Gallagher provides a background into cyber security breaches and how hackers are able to access your organisation's systems. Johnty also explores the potential risks and advises what actions you and your organisation's can take in order to mitigate these risks.
This webinar is now on-demand if you would like to view it or share with your colleagues.
6. Ponemon, IBM Cost of Data Breach 2018
7. Cyber Security breaches Survey, 2018