Many Directors and trustees rate cybersecurity as a top 10 risk to their organisation1 and one of the main cyber threats for organisations is currently ransomware, a type of malware (malicious software) that can lock users out of their computers, and demands a blackmail payment to restore access. Following a ransomware attack, the data on the computer may be stolen or encrypted. Some ransomware can also spread to other devices on the organisation’s network.
An attack requires significant resources to recover from and re-commence trading—with data recovery, system rebuild and investigation often taking weeks or months. In addition, a cyber-event can bring unwanted media and public attention, potentially leading to reputational damage that could last much longer than the disruption from the incident itself.
It’s not just large organisations that are being targeted either—businesses of any size or sector can fall victim. So, how can organisations help prevent such attacks and, just as importantly, manage them when they happen?
Responsibility at Board level
Responsibility for how the organisation reacts, along with the extent of any impact, falls on the Board members or trustees who have a personal responsibility. They are also expected to know about any potential cybersecurity exposures and the control measures in place to reduce risk. We have put together some guidance on what Board members should be doing to ensure they discharge this responsibility.
Ransomware attacks are becoming both more frequent, more expensive and more sophisticated. Fundamentally, questions should be asked around infrastructure security and resilience to attacks, rather than the details such as the exact ‘strain’ of ransomware.
Our top five suggestions and key follow-up areas:
- What are the signs of an attack and how do we know an incident has occurred?
Does the business have a process for reporting to the Board? Do the staff know who to contact internally if they suspect malicious activity? What Endpoint Detection and Response (EDR) solutions are in place to monitor the digital software assets and endpoints? Is there a log of all equipment that is out of date or unpatched? - How is data backed up/stored?
Is all data stored in the same place, or in multiple locations? Are you confident in accessing backups easily? How often are backups tested? - What controls are in place to minimise the damage attackers can cause?
Is the network segregated? Is multi-factor authentication (MFA) for access to the system installed? Is Security Information and Event Management (SIEM) software installed to monitor your systems? - If attacked, who do you contact for external support?
What is the response time and are you insured for any losses? - Is a cyber-incident plan in place?
Does your response plan answer the points above? How often is the plan tested, and how are learnings communicated across the business? What is the business contingency and does it link to the main Business Continuity Plan? What third-party software suppliers are relied upon, and what contract is in place to support outages?
An additional consideration—your people
While your system security is extremely important, accidents due to human error will always happen, even with the necessary cybersecurity training. In 2021, 88% of data breaches, for example, were caused by employee mistakes.3 No business is immune from cyber incidents, which is why it can be vital to have adequate cyber insurance in place to cover the unexpected costs to the business, whether due to malicious attack or human error.
How can Gallagher help?
Gallagher has a large and knowledgeable team based across the UK that can place risks into the increasingly challenging cyber insurance market. However, our assistance doesn’t stop there. We also support businesses and organisations in improving their IT infrastructure and cyber defences, which, in turn, can help to meet underwriters’ stringent requirements for policy placement.
Our experienced team of cyber risk management specialists can work with you to better understand your cybersecurity systems, improve your cyber strategy and defences, and strengthen your ability to recover from a cyber event. We do this through the implementation of processes and procedures, such as the design of board-level reporting templates. Our team can also help your organisation gain information security standards such as Cyber Essentials, Cyber Essentials Plus, and IASME Governance.
To speak to one of our cyber specialists about how Gallagher can help you defend your organisation against ransomware and other cybersecurity risks, please get in touch.
