October is Cyber Security Awareness Month – a popular time for businesses to brush up on knowledge and hone internal policies. At Hiscox, we provide small business insurance – but we also make it a business priority to stay on the pulse of cyber security.
Our Cyber Readiness Report, now in its fourth year, assesses the global cyber security landscape. The latest edition brings a warning to firms, since it reveals that the median cyber loss soared by almost 600% between 2019 and 2020.
Across eight international markets, the firms affected by cyber security incidents reported greater losses, too.
There were also positive findings – the proportion of organisations qualifying as cyber readiness experts almost doubled, and security spending rose by 39%.
More businesses are coming to understand the importance of robust cyber security. To improve cyber security in your business, consider actioning some of the key security principles, outlined below.
Consider cyber budget
Our 2020 report showed expert-status companies spent more on cyber security and planned to continue this investment.
There’s also a real risk that businesses without a cyber security budget may get left behind, since a lot of the progress we’ve seen in 2020 is related to a 39% increase in cyber security spending across the board.
Breaking down your cyber security budget can make it easier to digest the components. Think about the software you’ll need but also consider time investment, insurance and the technology you might require for scheduled maintenance or responding to breaches.
Preparedness is all about building defence in depth around your systems and acquiring the tools to detect and resolve issues – both of which require investment.
Analyse your cyber resource
People power can prove invaluable in the world of cyber security.
When we crunched UK numbers from the 2020 Cyber Readiness Report, we found a link between industries which employed dedicated cyber security staff – either in-house or via an agency – and a lower overall cyber risk.
Internal training can help to reduce the threat posed by malicious emails, for instance. Trained employees may also be better able to use risk-minimising technology.
Since we know cyber risks cannot be eliminated completely, risk transfer is another key branch of cyber resilience. A well-protected company may invest in both highly trained, specialist staff and a comprehensive cyber insurance policy to offset the impact of events.
Think about your industry's demands
In our Cyber Threat Ranking Table, we outlined the differences in UK cyber resilience by industry.
Half of financial services firms faced incidents, while just 15% of professional services firms could say the same. In the travel sector, the median cost of cyber events was a fraction of the losses faced by financial services, manufacturing and energy firms.
For this reason, there is no one-size-fits-all way to approach cyber security. Certain organisations are likely to be targeted more frequently by criminals, so if you’re operating in a high-risk industry, you may need to invest in more advanced security.
Make your cyber policy a priority
If your company doesn’t yet have a cyber security policy, then Cyber Security Awareness Month might be a good time to create one.
Outlining clear rules and processes can help to minimise the chance of human error and ensure the right methods and systems are always adhered to.
The NSCS Cyber Essentials scheme could be a useful resource if you’re new to writing corporate cyber policies.
In the era of General Data Protection Regulation (GDPR), cyber security is about so much more than blocking criminal access, so ensure your response plans also consider data breach risks.
Keep up with the times
Cybercrime is constantly evolving. Phishing campaigns are becoming more advanced by the month, with some of the most established forms now targeting C-suite executives with highly convincing emails.
Current affairs can also drive trends in cybercrime. With the COVID-19 pandemic, remote working has caused fresh cyber security concerns to surface.
Fortunately, organisations can do simple things to stay safe – such as using company-owned devices, a virtual private network (VPN) and deploying software updates promptly.
Now that we’re relying on technology more than ever, taking proper care of our cyber systems feels like a fitting response. Get it right, and you could be on track to build a brighter, more cyber-resilient future for your business.
About the author
Gareth Wharton is CEO for Cyber at Hiscox, where he leads the charge for all things cyber insurance as well as the Cyber Centre of Excellence (C3) – a dedicated cyber resource which draws together the knowledge of 70 cyber experts.