Vigilance key for companies in wake of Talk Talk cyber breach
Recent cyber attacks, particularly on Talk Talk - the third time the telecoms provider has been targeted this year - has brought cyber insurance policies to the forefront of the business debate.
Companies must exercise personal responsibility and vigilance when it comes to reviewing their insurance policies relating to cyber attack, especially in the initial stages.
Terms and conditions must never be assumed, with wordings checked thoroughly any aspect being adhered to strictly to the defined terms and ‘to the letter’.
Where cyber insurance can become complicated is when a supplier may claim to be ISO 27001 certified, but in reality they aren’t. Their data centre may be, but the company themselves aren’t fully compliant.
If using any form of web based platform, the supplier must be checked carefully. It’s vital as well that companies perform their own independent penetration test on any proposed solution.
If a company uses a web based solution and it is attacked, the policy may not cover the loss. Penetration tests aren’t cheap if performed correctly, but for smaller companies, setting up a collaborative user group could be a wise and creative way of sharing costs.
If Talk Talk and other high profile attacks have taught us only one thing, it is that companies must be extra careful and assume nothing when it comes to cyber security and associated insurance policies.
The risks are clear for all to see.
Managing Director, Aquarium Software