ABI Logo

Your results

It’s fair to say that based on your answers, cyber security is an area where your business could make improvements.

We suggest that you walk through the free and expert guidance, detailed below that is tailored to your responses.

Cyber insurance is one way to manage the costs associated with a cyber-attack and find support before, during, and after an incident. Cyber insurance also generally includes significant assistance with and management of cyber incidents both before and after an incident has occurred.

There is free Association of British Insurers (ABI) guidance about cyber insurance which includes information on what risks a cyber insurance policy covers, common exclusions, examples of cyber insurance in action and how to buy it.

You should consider the following, based on your answers:

Putting more free simple controls in place

Enable features to track, lock, and wipe company devices and get employee permission for this

You and your employees should make sure features to track, lock, and wipe devices are enabled across the board.

There is more guidance from the government Small Business Guide: Keeping your smartphones (and tablets) safe.

Only download apps using Google Play or the Apple Store for mobile phones and tablets (or other approved sites)

You should only download software and apps from official stores, like Google Play or Apple App Store. They scan software for viruses before making it available, giving you more reassurance that what you’re downloading is safe.

There is more guidance from the government Small Business Guide: Protecting your organisation from malware.

Only allow authorised personnel to plug in USBs and other removable drives

When drives and cards are openly shared, it becomes hard to track what they contain, where they've been, and who has used them and they could be infected with malware. You can reduce the likelihood of infection by blocking access to physical ports for most users, using antivirus tools and only allowing approved drives and cards to be used within your organisation - and nowhere else.

There is more guidance from the government Small Business Guide: Protecting your organisation from malware.

Avoid using unknown or public Wi-Fi hotspots

When you use public Wi-Fi hotspots (for example in hotels or coffee shops), there is no way to easily find out who controls the hotspot, or to prove that it belongs to who you think it does. If you connect to these hotspots, somebody else could access what you're working on whilst connected, including your private login details that many apps and web services maintain whilst you're logged on.

The simplest precaution is not to connect to the Internet using unknown hotspots, and instead use your mobile network connection, which will have built-in security. This means you can also use 'tethering' (where your other devices such as laptops share your internet connection), or a wireless 'dongle' provided by your mobile network. You can also use Virtual Private Networks (VPNs), a technique that encrypts your data before it is sent across the Internet. If you're using third party VPNs, you'll need the technical ability to configure it yourself, and should only use VPNs provided by reputable service providers.

Check what information is out there about the company on websites and social media

Check if your publicly available IP address has any common security issues that could allow cyber criminals to attack your systems and get access to your data.

Check your Cyber Security is a free government service that carries out some simple online checks to identify common vulnerabilities in your public-facing IP. If any issues are found, the NCSC will provide step-by-step guidance on what you should do to help protect your data. This NCSC video explains what an IP address is.

Guidance on Cyber Insurance

Cyber insurance is one way to manage the costs associated with a cyber-attack and find support before, during, and after an incident. It covers the losses up to the limit in the policy, relating to damage to, or loss of information from, IT systems and networks, that includes data breach, whether on an IT network or not.

It covers a direct (or first party) financial loss to you or your business arising from a cyber event. A cyber event is simply any actual or suspected unauthorised IT system access, electronic attack, or privacy breach. The vast majority of financial losses are first party loss and include theft of funds, theft of data and or damage to digital assets.

Cyber insurance covers the liability claims (third party loss) that might be brought against you, arising out of a cyber event, such as investigation and defence costs, civil damages, compensation payments to affected parties.

Cyber insurance also generally includes significant assistance with and management of cyber incidents both before and after an incident has occurred.

As with any insurance policy, it is crucial to review not only what is covered by your insurer but also what is excluded. You should be looking at exclusions and also definitions and conditions when examining your policy. Many exclusions in cyber insurance are the same as those in other insurance policies such as war and terrorism but there are also some that are specific to cyber insurance. Cyber insurance will also not cover criminal, civil or regulatory fines, penalties or sanctions that your business is legally obliged to pay unless these are legally insurable.

There is free Association of British Insurers (ABI) guidance about cyber insurance which includes information on what risks a cyber insurance policy covers, common exclusions, examples of cyber insurance in action and how to buy it. You can also speak directly to your insurer or to your broker about the options that might be right for your business.