Risk Management and Cyber Insurance by Stuart Barker
When it comes to data security in these unprecedented times it comes down to risk management or commercial gain.
Dealing with commercial gain first, if and only if there is a compelling commercial reason you will want to consider the various hygiene factor certifications that business need like ISO 27001 and GDPR. These are base, entry level approaches to securing data and often required by clients and customers to do business or to secure contracts. Are they for everyone? Technically yes but the reality is the cost is a barrier to entry for small business with other financial commitments.
Risk management is the way that most small business tackle data security. This can be a sensible approach. At the end of the day it is your business and it is your risk. The assessment of risk requires that you have some knowledge of what the risks are but it doesn’t have to be a formal process. It should be but it doesn’t have to be. Understanding the following will give you a good indication of what if anything you should be doing.
If something went wrong would there
- Be an impact on my reputation? Maybe, maybe not, depending if people find out about it.
- Be a fine that I would have to pay costing me money? Maybe, maybe not depending on what happened and what you have in place.
- Be an event that stopped me working? Maybe, maybe not depending on if you have backups or access to replacement equipment and services.
- Be something that sent me to jail? Maybe, maybe not but on the whole the reality would be not unless you break health and safety laws or do something very very stupid.
Taking a little time out to make a judgement call is down to you as a business owner. I am not here to tell you what to do. If you want to do something a little more formal then this tutorial shows you how to create a risk register from scratch in under 5 minutes. It really isn’t that hard.
The key take away is that it is your risk and therefore the realisation of the risk is your cost to bare.
Many years ago the business I founded and ran was instrumental in supporting the creation of cyber insurance schemes and cyber recovery products and was amongst the first. I have always been an advocate of cyber insurance for business. It is the minimum level of protection you need. Lets face it if you aren’t paying a professional to sort it before it goes wrong you at least want the cost covered when it does go wrong.
Thornhill Insurance have worked with many businesses from self-employed tradesmen to large corporations on their cyber solutions. To help ensure you’re protected, their specialist team can conduct a review of your existing insurance to evaluate whether cyber insurance would benefit your business. Just call them on (01924) 499182. It could be the best call you make today.
As some top tips to close if I was to advise on anything it would be make sure your have anti virus installed and that it is up to date and running and that any patches or updates that your phones and devices are installed as soon as you can. Sure we should be mindful of who we share our information with and we should be aware that we are being tracked, even by the government who work out the virus flow in society but get your basics right, protect yourselves.
Author: Stuart Barker – The Data Security Guy
Stuart at High Table specialises in fin tech and financial services companies with over two decades of experience delivering legal and regulatory compliance for data. He specialises in getting and keeping companies compliant for data security which usually means ISO 27001, PCI DSS, SOC 1 and SOC 2 certification and regulations like the FCA regulations for data security.
He started, built and successfully sold a cyber security business. Now he advises companies and builds data security capability allowing them to meet the needs of their customers, the needs of their funders and the needs of the law. Usually in that order.
He is also a driver in addressing isolation, wellbeing and mental in business and building emotionally intelligent people networks.