This week we were welcomed into the Tysers Live headquarters to delve into the world of cyber security at our November Senior Leaders’ Breakfast. Following a breakfast spread of fruit and pastries, our Exec-Director Claire Fennelow introduced Tysers’ Head of Cyber: Toby Clowes.
Cyber security attacks have become a worryingly common occurrence, compromising major businesses and stealing from individuals. Toby guides our attendees through how cyber security policies have evolved, and continue to evolve in response to cyber concerns and the rise of AI, and how they can protect your business.
Cyber policies pull together both the invasion of privacy aspect and the business interruption aspect. As cyber, the internet and the world of technology change so quickly, it can be hard for insurance users to keep up. Which is why it’s vital to be working with an insurance provider who is ahead of the curve.
A particular risk of cyber incidents is that they don’t get spotted immediately, says Toby. He recounts an incident in which American retailer Target was hacked. It took Target 6 months to realise their systems had been hacked and in the meantime thousands of credit card details had been skimmed and sold by hackers sitting inside the system. This was the first time this had happened to a major retailer, but only a few months later the same thing happened to Home Depot. “Almost every business in the world is reliant on an IT system somewhere,” says Toby..
Covid sent the world into a work-from-home lockdown, and this also had implications for cyber security. Businesses didn’t have security systems set up around people working from home.
“Before Covid the biggest issue we had in the insurance industry is that we didn’t know enough about IT,” says Toby. Now the focus is on trying to provide a proactive product rather than a reactive one.
The group discussed particular challenges our industry face when it comes to finding cyber security insurance that will actually protect them. Lots of insurance policies will only protect companies that have a whole backup system, but film agencies are working with such a large quantity of heavy film files that the costs of having all of these backed up is financially unrealistic. Some attendees also share that having a cyber insurance policy is something that their financial clients insist on, before agreeing to work with them. Toby and the group agree that bespoke products for our industry might be a way forward.
The group also discuss the importance of training people. Often systems aren’t compromised by the technology itself, but by staff using it and making a mistake. Toby recommends making that training obligatory and more in depth. With con-artistry improving – he cites an example in which a deep fake CFO got someone to wire a large amount of money to a hacker – staff need to be even more vigilant, and employers need to help them understand why this is so important to spend time on and understand. Toby also recommends ensuring that your policy isn’t public as you are then giving hackers information that they can work with!
It’s a fascinating discussion, and Toby helps us explore a thorny and concerning topic in an accessible way. Thank you so much to Tysers Live for hosting us, to Toby for speaking and to everyone who joined us!