As is often the case with any kind of specialist industry there are often keywords and phrases that are used which you may not always understand. As part of our mission to create transparency we felt that it was important to ensure that our clients and understood exactly what we were saying. So we have put together a list of keywords that you will often see when looking at this subject and tried to explain them as clearly as we could.
This is the raw set of numbers/ figures and words that a business has collected for market research etc. It remains data until it is given a context. Data is used as parts of a jigsaw to build a bigger picture of an environment or person.
This is where data has been given a context and it now means something to the business or whoever is looking at it.
This simply relates to the use of anything digital, cyber can be anything from the use of a piece of software to the data/ information held on a hard drive.
This is the term used for when hackers try to get into your systems and steal/ withhold access to your information or other systems to disrupt the businesses operations.
This is where a hacker floods your website with traffic to shut it down. Often small websites cannot cope with the traffic volumes and as a result the website crashes.
Trojan horse attack-
This is where a hacker hides a malicious piece of software as something else to get it installed onto a computer and from there they are able to hack into your system.
This is a piece of software that blocks access to files and other systems until a payment is received and then they may grant access to your files.
General Data Protection Regulations (GDPR)-
These are the new regulations that are coming into force in 2018 to standardise the legislation across border all around the EU. It will be replacing the current data protection act.
This is where a business suffers from the loss or theft of data that they hold. They are liable for this as data controllers and as a result must notify the relevant authorities.
Now you understand what were going on about, have a read about Cyber insurance you might need it.
GDPR (General data protection regulations) is the biggest change in data that there has ever been. Under new regulations businesses must change the way they look at and protect the data that they are responsible for. Ultimately failure to stick to the regulations that have been outlined will mean that not only is there reputational damage caused but also regulatory fines will be incurred for major data breaches.
GDPR – Understand Your Risks And Responsibilities
GDPR is designed to protect the data and information of EU citizens and to do this the regulations are there to enforce the way in which businesses process and store data. Under the new regulations businesses and organisations are designed to appoint a data protection officer. Their role will be to ensure that data is stored and processed in a way in which is most secure. They will also be given the task of supervising the compliance to GDPR.
GDPR – Replacing The Data Protection Act
GDPR is going to replace the existing data protection act. As times have changed and data is a much more profitable commodity to both businesses and cybercriminals. The biggest changes under GDPR will be the time that is allowed for your data controller to notify the local authority of a data breach. Under GDPR a data controller/ data protection officer has 72 hours to notify the local authority of the breach. The other major change to notify is that under GDPR the maximum fine for an organisation for lack of compliance that has led to a breach will be £20 million or 4% of annual worldwide turnover whichever is the greater amount.
* Data from Breach Level Index.
GDPR – How To Deal With A Data Breach
It is important that a business knows how to deal with a breach and understands the steps to eventually get back to the situation they were prior to the breach. Using these steps this can be possible;
- Identify the breach and take steps to end it.
- Check your insurance policy and notify your insurer.
- Identify the personal data breached – the type of data and number of records.
- Determine remediation measures.
- Notify the ICO without undue delay and in any event within 72 hours.
- Notify affected data subjects if the breach is likely to result in high risk to their rights and freedoms.
- Implement remediation measures and monitor.
- Review root causes of the breach and take steps to prevent repetition.
- Provide further training to staff as required.
All we seem to see lately are doom and gloom messages about cyber security and high profile businesses/ organisations that have been attacked. But what goes under the radar are the number of small businesses that get affected by this as well. Instead of focusing on the negatives, we feel that it is important that businesses understand the benefits of having cyber insurance.
Cyber risk insurance is a form of protection for your business. It is there to ensure that your business survives. Think of it like a fire extinguisher, you hardly notice that you have them until you need them and then they can be the difference between a near miss and a catastrophe.
Cyber risk insurance is more than just financial protection many insurers that we deal with want to help you keep your businesses safe and as a result want you to know how best to do that. They can offer support and guidance to create contingency plans as well as guidance on the best defences for your business. Insurers will also provide access to some of the best forensic investigators to ensure that should you be attacked they find out how and this will mean that you can put it right for next time.
We also have an association with a leading cyber risk analysts that can help you to gain access to their system in order for you to limit you cyber exposures and protect your business better. Our association with Apomatix, allows you easy access to their cyber platform and their team will be able to point you in the right direction in terms allowing you to develop better more effective cyber security for your business.
With cyber risk insurance, you may also be able to protect your digital assets such as your client database and specialist software’s that are specific to your business. Your cyber insurance can cover your digital assets from damage, loss, and theft, this will mean that any costs incurred recovering your digital assets can be covered by your policy.
Cyber risk insurance isn’t all doom and gloom it has its benefits and means that your business can operate safely in the comfort knowing that all your files and software is protected and you have access to some of the best forensic teams if something does go wrong. This along with the given ability to help yourself protect the business can only mean that your business has the best opportunity to fend off most of its cyber-attacks.