Every other day it seems like another high profile cyber-attack is being reported in the news, and this is no different for the Housing Sector.
Between 2015 to 2017 just 12 cyber related claims were reported by our social housing customers. In 2017 to 2019 we saw this increase to 36 losses, and from 2019 to 2021 this jumped to 129 claims reported, which is an increase of over 250% in just two years!1
The cost of cyber losses can be staggering, with many settling in the millions. Based on a large loss that we managed in early 2020, the claimant received c.£9200 in awards and legal costs2, using this figure as an example, you can imagine how quickly a group action claim could spiral.
As a result we are seeing a huge rise in requirements for higher limits of indemnity to ensure organisations have adequate protection. However, with a global rise in cyber losses many insurers are looking to reduce their capacity and cap the limits of indemnity offered to clients, particularly where policy holders cannot demonstrate adequate cyber security.
What Makes a Good Cyber Risk
Insurers are demanding more detailed information about how cyber risks are managed and requiring organisations to have minimum security standards in place before offering cover.
The most basic measures insurers are looking for in order to demonstrate cyber security include:
- Multi Factor Authentication (MFA) on all external gateways
- Re-Authentication every 24 hours for remote access users
- Instant response to security patches
- Deploying Critical updates within 14 days
- Back up data placed in cold storage away from the main servers for the business
- End of life software in place which is segregated from the network
- Frequent internal and external penetration testing
Aside from system and IT security, insurers are also keen to see that employee behaviour around Cyber Risks is proactively managed. A number of things that will positively enhance your risk include:
- Cyber Awareness Training for Staff
- Phishing Simulations
- Cyber Essentials Plus Accreditation
Even if you have the best security infrastructure, this does not a guarantee that you will not become victim to a cyber breach, and there will always be the very significant risk of human error. However, by demonstrating good security measures are in place, and regular training is being undertaken to raise awareness of cyber breaches, you are much more likely to achieve the limits of indemnity you require, with a price that reflects your needs at renewal.
Be Ready to Take Action
Incident Response Planning is something all Housing providers should consider, however many organisations mainly focus on events that may prevent access to their premises.
A recent example of this was the outbreak of the global COVID-19 pandemic which led to many organisations referring to their Incident Response Plans. Many found that the analysis carried out to develop their Incident Response Plans was extremely useful, even if specific continuity strategies for responding to a pandemic had not been considered.
However as the landscape of risk changes in the Housing Sector it is clear that you must consider how your plan will respond in the event of a Cyber Attack. Should the worst happen, it’s essential there is a set of processes and instructions in place that allow management to respond as quickly and efficiently as possible.
An effective way of ensuring you are prepared to respond to a cyber breach is by undertaking a Breach Response Simulation. This exercise uses key employees to partake in a table-top simulation in which they will plot out how they would respond in a real-world incident. The group will likely include representation from the Executive Team, People Managers, Customer Contact Teams and the IT Managers and will fully test your Cyber Incident Response Plan.
An efficient and effective response to a cyber breach can hugely reduce the impact to your organisation and your customers.
How Can We Help?
We want to help you face the future with confidence by:
- Help to ensure you have the right measures in place to secure renewal terms
- Aiding you with reducing the likelihood of a breach
- Giving you the tools to help get back up and running with minimal damage
Our Gallagher Cyber Risk Management (CRM) Team offer a complimentary 30 minute cyber consultation during which they investigate your external security to show you what hackers could be seeing right now and discuss issues and concerns identified.
Our Gallagher Cyber team have also developed a solution ‘Cyber Assist’ which can put you in an optimal position to obtain the insurance protection to meet your need at an acceptable cost. It will also help you to fully understand your data/cyber risks and the effectiveness of your existing controls, as well as identifying changes you need to make to improve your resilience.
To help you plan your response to a cyber breach, the CRM team can review and create incident response processes for a wide range of potential incidents, including malware infection, phishing emails successfully exploiting a vulnerable target and many more. From simple checklists to detailed playbooks, they can create bespoke solutions based on your previous experiences and what we think you’re most likely to face in the future.
The CRM Team also offer a host of other services to assist with managing the risk of a cyber breach:
- Cyber Essentials Implementation and Accreditation
- IASME Implementation and Accreditation
- ISO 27001 – Readiness and Implementation
- Penetration Testing
- Cyber Security Awareness Training
- Vulnerability Scanning
- Phishing Simulation
For support and guidance with your renewal, or to discuss any of the services shown, please contact your Gallagher Representative.