This is a common question that is raised by our clients and a misconception that a professional indemnity policy covers you should a data breach occur. But why? A professional indemnity policy is designed to cover errors and omissions that arise from the negligence of an individual. Whereas a cyber liability policy is designed to cover errors and omissions arising from the theft/loss of data and/or systems.

Key differences;

A Professional indemnity policy will cover the costs for a third party should a breach occur. Professional indemnity will allow mean that the of compensation and other costs to third parties once a breach has occurred. A professional indemnity policy will cover the breach of confidentiality and claims that arise from third parties due to this event.

Whereas…

A cyber policy will cover both the first party and third party costs. A cyber liability policy will cover the costs that are incurred by the business should a breach occur. For example, a cyber policy will cover the business interruption costs and the cost of reinstalling a system should it go down as well as the cost that is incurred from a third party claim against the business. Cyber liability policies have the ability to cover all 1^st party costs that are associated with a cyber/ data breach. For example, a cyber policy is able to cover the cost of forensic investigation and system rectification costs as well as covering the costs of business interruption.

Professional indemnity isn’t a specialised policy that is designed to cover these costs that are associated with your business. a professional indemnity policy will cover costs that are incurred on a third party due to an act of negligence or an omission occurring.  This type of insurance can cover all types of incident. Whereas a cyber liability policy focuses on the costs that can arise to both a business and a third party from a breach in data or another malicious attack on the businesses systems / data. Such as a DDOS attack to shut down a system or a ransomware attack that meaning that systems and services are withheld until a sum of money is paid.

Read more on cyber insurance.

It is important that a business understands what data is so they can identify what data they hold and the importance to protect it. Data is the facts and statistics gathered that can be then analysed/used to create information.

Data formats

Data can vary in its type as it can be paper based or digital, as a business it is important that both are kept safe. Many businesses now look towards keeping data digitally as it is easier to manage access and protect. Digital data also come with a higher risk as it could be accessed by an outside party and used maliciously. Many businesses are exposed to the risk of hacking for data theft and ransomware attacks.

Types of data

There are several types of data that a business may hold. Personally, identifiable data (including; names, addresses, dates of birth), private data (including; driving licence numbers, passport numbers), and confidential data (including; bank details, credit/debit card numbers, and medical information).

How to protect it?

Data that is stored digitally should have restricted accesses so as users can only access the data that they need and restrict permissions on the most important data. This will improve the security of your data however you should also have anti-virus software installed so as any malicious malware is blocked from accessing your data.  You should also have a cloud back up for your data that will mean that you have more than one copy of your data so should you have it stolen or break then you have access to it and can continue working.  Have a locked network that requires a password to access, it is common that data is stored on a network that allows people to have access to it from various locations however it is important that your network is secured to prevent it becoming easy for hackers to steal your data.

If you have any questions please don’t hesitate to…

Cyber Risk Exposure Exists For All Businesses

Every business in the modern era will have some form of data and will almost certainly have cyber risk exposure. You may not identify it immediately but there’s guaranteed to be some form of risk attached to your business. As a result, you will need to look at your data protection protocols and ensure that they are adequate enough to meet risk exposures and legal requirements.

Businesses that use any form of software to manage data will have risk exposure. If you keep data on a spreadsheet and the file is corrupted can your business still operate? Data protection is now longer just an ethical practice it is required by law under both the data protection act and the GDPR regulations that are coming into force in 2018.

Data Storage Risks Are A Business Liability

It’s not only important from a business point of view to ensure that you have the data you need to continue to operate, but also have the ability to protect the data as you are responsible for it. Any business that holds data, whether it be an address, bank details or national insurance number, you are responsible for protecting that data.

7 Key Questions To Consider For Data Protection & GDPR

When looking at data protection and GDPR, (new regulation coming into force in 2018 to ensure a business is protecting data correctly and using the information ethically), it is important that you are able to answer the following questions:

1. Do you know where ALL your data is within the business and who has access to it both internally and externally?
2. Have you reviewed in the last 6 months your privacy policy, if so were there any changes and what were they?
3. Have you carried out or considered a Privacy Impact Assessment for your work streams?
4. Do you have and follow a robust records retention policy?
5. How are you managing supplier and third-party relationships with regard to their obligations to your information?
6. Do you know if you are a data controller or data processor in each of your business relationships?
7. How much progress have you made in readiness for GDPR?

Be Prepared For Cyber Risk

Answering these questions will help identify areas for improvement, allowing you to reduce your risks. This will not only mean that the business is safer from cybercrime, but also in line with what is expected under the data protection act and forthcoming GDPR legislation.

GDPR will become a major stipulation for your business to follow and it is important that you understand as much about it as possible and begin to prepare in the right way for it.

To find out more read our blog; Are you ready for GDPR?