SMEs seem to be increasingly becoming victims of cybercrime. When you think of cyber risks, you may mainly think of 'hacks', viruses or Ddos attacks. But at least as often, a cyber incident is the result of internal, human error. Many organisations don't know what to do when all the screens go black. This is quite a risk, because there is a lot that comes at your company at such a moment. Think about finding out the cause of an intrusion or data loss. Or restoring data security. Not to mention the loss of revenue as a result of systems going down. Also, your customers may hold you liable because the network was not adequately secured. Therefore, as a business owner, you had better be well prepared for a cyber incident.
Managing cyber risks
It is important to manage your cyber risks professionally. We list 5 basic principles to organise security.
1. Take stock of the risks
Managing starts by identifying the risks relevant to your organisation. Think of company data, credit card details, BSN numbers or passwords. A guiding principle here can be the creation of an AVG plan. The General Data Protection Regulation (AVG) is a European regulation that standardises the rules for processing personal data by private companies and public authorities across the European Union. Every company is required to have an AVG plan.
2. Secure your device and software settings
Uses encryption of privacy-sensitive data, two-step verification or Security Operation Centre (SOC). A SOC monitors computer and network activity in an organisation. This unit collects log information from applications and devices and investigates possible security attacks.
3. Perform software and equipment updates
Run updates once in a while. These updates ensure that your devices remain secure.
4. Establish an incident response plan
Does everyone know what to do in case of a cyber incident and who to call? An incident response plan consists of a set of instructions that help employees detect security incidents, respond to them and repair possible damage. See also the AVG plan for this. In case of an incident where personal data has been leaked, you should report the incident to the Personal Data Authority immediately but certainly within 3 days.
5. Check your organisation's risk awareness
What is the state of risk awareness in your organisation? Do you routinely check for cyber risks when entering into contracts and their general terms and conditions? And is cyber risk management regularly on the management agenda?
The added value of cyber insurance
If you do fall victim to cybercrime, cyber insurance offers financial compensation. But cyber insurance covers more than the costs resulting from a cyber incident. Cyber insurance offers you a total relief concept. The first 48 hours after a cyber incident are crucial to limit your damage. You therefore get access to a team available 24/7 through cyber insurance. This team consists of cyber IT specialists, legal advisers and communication professionals who assist you when an incident occurs. They ensure that you can quickly resume your business activities. You can cover the following risks, among others, with cyber insurance:
- Necessary costs for legal, IT and PR services
- Repairs, replacement or recovery of websites, programmes or data
- Third-party claims
- Research costs by, for example, credit card companies
- Cost forensic investigation into cause of hack
- Fines imposed by regulators
- Turnover loss due to cyber attacks
Many cyber insurance policies offer additional cover in addition to the standard cover.
Want to know more?
Want to know how you can protect yourself from the consequences of cyber incidents to ensure your business continuity? We will be happy to put you in touch with one of our partners specialising in cyber risks.