Erimus Insurance Brokers
Tel: 01642 240400

Category: Industry News

What Does Cyber Insurance Mean To You

Posted on: October 24, 2018
Categories: Industry News, Technical, Trends

By Emma Hughes, New Business Broker

‘Cyber’ is an emerging risk and SME businesses need to be aware of the level of exposure they face.  Typically a business would want to protect their physical assets but when it comes to cyber you are insuring the intangible – data, customer information, and intellectual property. Arguably data or information has become one of the most important assets to a business and worth many times more than the physical equipment it is stored upon.

There is no doubt that the implementation of GDPR in May 2018 shone a spotlight on the growing need for cyber insurance with 66% of organisations more concerned about their cybersecurity than they were a year ago. Despite growing concerns 43% of British SMEs admit to having no business continuity, disaster recovery or crisis management plans in place. In order for these businesses to create a thorough business continuity plan they must first understand and identify the risks they face.

After the catalyst of GDPR businesses are now beginning to address cyber exposures but the focus on data breaches is detrimental in providing a comprehensive cyber risk solution. For example, almost a third of CFC’s (a top UK cyber insurer) cyber claims are a result of the theft of funds, which is a significant risk for almost any business and has been for quite some time.  Cyber insurance goes beyond simply providing cover, ultimately cyber insurance has a role to play in helping businesses to understand where to put their limited IT security spend, and hopefully put it in better, more effective areas.

Cyber-crime is the fastest growing crime in the world, affecting businesses of all sizes and sectors. In Britain 46% of SMEs admitted to suffering at least one cyber security breach or attack in the last 12 months. To illustrate this the insurer Hiscox has set up a typical small business server to record how many attempted cyber-attacks happen in real-time. By mid-day almost 27,000 attacks had been attempted.

https://www.hiscox.co.uk/cyberlive

Every cyber-attacker will have their own purpose ranging from the ransom of data to malicious destruction. Often breaches are not discovered until weeks or months after the event, by then untold damage could have been caused.

Businesses need to start asking themselves what would they do if they found out that they had been the victim of a cyber-attack? WannaCry in May 2017 and NotPetchya in June 2017 raised the question of when businesses are affected, who do they call? There is no state-provided IT security service. Although the UK has the National Crime Agency and GCHQ they are focused on protecting national infrastructure, rather than individual businesses [..] the state has not provided the services to support businesses, and that is what the cyber insurance industry is doing.

The impact of a breach can be felt for many months, even years after an event. Although a system may be back up and running within a matter of days the effects of reputational damage and lost data can be felt long after. Every single breach will be different and there is no ‘one size fits all’ solution. For example a business that receives their income on a contractual basis could be more exposed to long tail financial loss, as the cancellation of monthly or annual contracts could very quickly result in sizeable financial losses being incurred. It is unlikely a traditional business interruption policy would respond in this instance so it will have to be written in to the cyber coverage. Regardless of your business type or size there is an exposure to be mitigated.

Now is the time to start addressing Cyber as a very real and tangible risk to your business. The threat of a cyber-attack is ever growing and it has the potential to impact your business in the same way as fire or flood. Please do not hesitate to contact us on info@erimusib.com or 01642 240400 if you would like to discuss Cyber cover for your business.

 

Blog References:

Graham, Luke. “Cyber Insurance, the Great Fire of London, and the need for digital fire figthers in the modern day” Accessed October 24th, 2018. http://dev2.cityam.com/263335/cyber-insurance-great-fire-london-and-need-digital-fire

CFC News. “Cyber Claims Case Study: Software Shutdown” Accessed October 24th 2018. http://cfcunderwriting.com/media/3219?topic=1

CFC News. “Top Five Reasons To Buy Cyber” Accessed October 24th, 2018. http://cfcunderwriting.com/media/3186?topic=1

CFC News. “2018 Survey Reveals Concern About Cybercrime Continues To Rise” Accessed 24th October 2018. http://cfcunderwriting.com/media/5632?topic=2

Aviva PLC. “Supporting UK SMEs to address vulneratbilities” Accessed October 24th, 2018.  https://broker.aviva.co.uk/news/article/695/supporting-uk-smes-to-address-vulnerabilities/

CFC News. “Beware The Data Breach Bear Trap” Accessed October 24th, 2018. http://cfcunderwriting.com/media/3283?topic=1

 

Read article »

Cyber Security

Posted on: May 16, 2017
Categories: Industry News

By Matthew Doak, Marketing & IT Coordinator

We have received the following advice from our own IT provider and thought it would be useful to share the advice with you in view of the recent increase in Cyber-attacks.

Further to this weekend’s cyber-attacks, we would strongly recommend increased vigilance when dealing with emails over the coming days.

Historically, the virus or malware is contained within an attachment or hyper-link in the body of an email. If you get an email from anyone that has any of the following characteristics,

Unexpected – If you didn’t expect to hear from an old customer, your Bank/Amazon/Apple etc. on your corporate email address

Urgency – These emails often come with a sense of urgency, it is not uncommon to put a line in the email like “Check this invoice now to avoid being billed”

Fear – Sometimes these emails come pretending to be an authority figure, for example a speeding fine or an HMRC notice. They come with links or attachments saying you need to click on them immediately

Greed/Curiosity – Some may use these emotions to trigger a response, offering something of value to anyone who clicks

please do NOT click on any links or attachments. Malicious emails often appear to be from someone you know; the virus ‘steals’ an email profile, however the email itself originates from a completely different email address, for example, erimus.insurance@greedybank.com. Therefore, even though you may recognise the sender’s name, you should also pay close attention to the domain name.

Please ensure that you have downloaded all Microsoft patches to both your server and your PCs and that your anti-virus software is up to date.

If you should encounter any issues, or have any concerns, our recommended course of action is to shut down all PCs and your server immediately, following which you will need the services of a specialist IT company to remove any viruses or malware and to cleanse your network.

Whilst the above advice will help reduce the risk of a Cyber attack to you it does not guarantee you won’t suffer one, the implications of which can be costly to your business as follows:-

• Financial loss to your business
• Costly fines from the Regulator following a loss of data
• Reputational damage to your business
• Business disruption/interruption following an attack

All of these risks can be protected by a comprehensive Cyber Protection Insurance policy. If you have any concerns about your Cyber risk and wish to discuss how you can better protect your business against one please contact us to speak to one of our specialist advisors today.

Ref/source SSP

Read article »

Preparation for Fair Presentation under The Insurance Act 2015

Posted on: June 17, 2016
Categories: Industry News

By Mike Bailey, Technical Broking Consultant

The Insurance Act 2015 comes into effect on 12 August 2016. The purpose is to update the law which is now over 100 years old in order to reflect the way that the insurance market has changed over this time and to achieve a fair balance between insurers and their commercial (“non-consumer”) customers.

The Act concerns the following areas:

• Duty of fair presentation
• Knowledge of the Insured and Insurer
• Remedies for breach of duty of fair presentation
• Warranties and other terms
• Remedies for fraudulent claims

In this communication we are concerned with fair presentation, what constitutes knowledge and remedies for the breach of the duty.

Click Here to read more.

Read article »

The Insurance Act 2015

Posted on: June 10, 2016
Categories: Industry News

By Mike Bailey, Technical Broking Consultant

The Insurance Act 2015 comes into effect on 12 August 2016. The purpose is to update the law which is now over 100 years old in order to reflect the way that the insurance market has changed over this time and to achieve a fair balance between insurers and their commercial (“non-consumer”) customers.

To do this the Act introduces a new duty of fair presentation and attempts to clarify what is considered to be the knowledge of the insured and insurer as well as the remedies available to insurers for a breach of the duty.

The Act also deals with how warranties and other terms are applied to make this fairer and more balanced and insurer remedies for fraudulent claims.

Click Here to read more.

Read article »

Cyber Insurance

Posted on: November 12, 2015
Categories: Industry News, Technical

By Mike Bailey, Technical Broking Consultant

As yet another big name is in the news because of a data breach following a cyber-attack many of us will be worrying about whether we are at risk of our personal information being in the hands of the hackers and will be checking credit card statements and bank accounts for some time to come in case our own finances are in jeopardy from the hackers criminal activities.

This comes as Talk Talk announced on Thursday evening [22nd October 2015] that it is the latest victim of an attack with potentially millions of its customers account and card details being in the hands of the perpetrators.

 

Could it happen to my business?

Whilst we see these large profile breaches on our television screens and on the front pages of our newspapers we may think that this is a problem for big business and the rest of us won’t be targeted by the hackers…but is that true?

It doesn’t matter what size your business is, it is likely that you will have an IT infrastructure of some sort. There is a risk that you will suffer some sort of income loss through interruption to your business as well as a need to manage and repair damage, including reputational damage if IT systems or equipment should fail or are interrupted following a cyber breach.

 

In 2014 a UK Government survey estimated that in 2014 81% of large corporations and 60% of small businesses suffered a cyber breach. The average cost of a cyber-security breach is £600k-£1.15m for large businesses and £65k-£115k for SMEs.

Whilst without taking specific cyber cover your existing insurance portfolio such as your commercial property, business interruption or professional indemnity insurance may provide some cover against cyber risks it would not provide the protection and support that would be available under cyber insurance. This is why businesses are increasingly buying the specialised policies to supplement their existing arrangements, particularly when they:

  • hold sensitive customer details such as names and addresses or banking information;
  • rely substantially on IT systems and websites to conduct their business;
  • process payment card information as a matter of course.

 

Data breach examples

Small businesses urged to encrypt data after London sole trader fined £5,000. The Information Commissioner’s Office (ICO) has warned small businesses that they must have adequate measures in place to keep customers’ details secure. October 2013

Worldview Limited, a hotel booking organisation, was recently fined £7,500 by the Information Commissioner’s Office (ICO) for failing to appropriately secure personal data that it was responsible for. November 2014

 

How do breaches happen?

There are a number of ways that a data breach could arise ranging from the sophisticated like a hack by a criminal network with the intention to extort, sell or distribute to the more mundane such as inadvertently sending out extra information in a letter; leaving papers on a train; dumping papers in a skip; incorrect disposal of data/shredding; faxing to the wrong people; or the theft/mislaying of laptops or data sticks and discs.

 

What does cyber insurance cover?

It covers losses that arise from damage to, or loss of information from IT systems and networks. In addition they will generally include some significant assistance with and management of an incident which occurs. This is an important part of the cover when considering the possible reputational damage that a business could suffer as well as potential regulatory enforcement.

Cyber risks are usually split into first party and third party risks and cover is available which can protect you for either or both types.

 

First party insurance – covering your own assets, may include:

  • Breach Costs
    • public relations expenses and support
    • costs of notifying customers and regulators
    • legal advice fees
    • forensic investigation expenses
    • credit monitoring services
  • Loss or damage caused by hackers to your digital assets such as data or software programmes
  • Business Interruption from the downtime of your network and for the loss of income from reputational damage due to a breach
  • Cyber extortion where third parties threaten to damage or release data if money is not paid to them [It transpires that the latest Talk Talk breach involves a demand of payment from the hackers]
  • Theft of money or digital assets through theft of equipment or electronic theft

 

Third party insurance – covering the assets of others, typically your customers, may include:

  • Security and privacy breaches and the investigation, defence costs and civil damages connected to them
    • including claims by employees
    • and regulatory awards and fines when they are insurable (when the law allows, such as administrative fines by the Information Commissioner’s Office)
  • Media liability for investigation, defence costs and civil damages arising from
    • breach of privacy
    • defamation
    • negligence in publication in electronic or print media
    • inadvertent breach of copyright
    • transmission of a virus
  • Loss of third party data including payment of compensation to customers for denial of access and failure of software or systems

 

Speak to us to arrange your cyber insurance cover

Erimus can arrange cover for most SMEs with limits usually between £100k and £5 million. We may be able to arrange higher limits for businesses facing more complex cyber risks.

Some insurers can extend their insurance products to include additional cyber cover to that which would normally be provided and the cost for low levels of cover can be easily affordable. Even for more extensive cover for many SMEs the cost would not be prohibitively expensive whether this is where the existing insurer can extend cover or if a separate specialist policy is purchased.

Paying for cyber insurance doesn’t have to break the bank but being unable to respond to a data breach or a cyber-attack may well do.

 

Managing your cyber risk

Whilst insurance plays an important part in risk management for your business it is also important that you manage your own cyber risks. This risk management may include:

  • Evaluating your first and third party risks associated with your IT systems and networks
  • Assessing the possibilities – what could cause the first or third party risks to actually happen?
  • Think about what the controls you currently have in place are and whether they are adequate or need improvement

The Government launched Cyber Essentials in 2014. This is a basic cyber security hygiene standard aimed at helping organisations protect themselves against common cyber-attacks. This is something that you may want to consider as a first step in becoming resilient to cyber events.

Taking cyber insurance can make the recovery process following a cyber breach more straightforward and as rapid as possible but it is still likely to a number of days or weeks depending on the severity. Some policies will include technical assistance with managing a breach and this is likely to be an invaluable part of the insurance package in the event of an incident.

 

UK and EU data protection regulatory change

The European Parliament voted in March 2014 in favour of a new draft EU Data Protection Regulation which is designed to provide a single set of rules to all EU member states. They are expected to be finalised in late 2015 with a 24 month transition period. Although 2017 seems like a long way off it is pertinent to consider what the potential impact on your business will be.

One of the matters that will be included is the consequence to businesses responsible for data breaches. It is proposed that data breaches would need to be reported to the relevant national supervisory authority in the country of the organisation’s main establishment without undue delay, and where possible, within 72 hours.

In case of a more serious data breach the sanction that is imposed may be more stringent with proposed fines of up to €100 million or 5% of global annual turnover (whichever is the highest), although there are other more complex systems of fines proposed where the severity of the penalty would depend on the nature of the non-compliant activity.

 

Other key changes that are in the draft changes include:

  • The right to data portability

Ease of transfer of data between service providers in a format that can be easily reused. There are, of course, contradictions here with data security requirements.

  • The right to erasure

Consumers will be able to request firms to delete their data if there are no legitimate reasons for keeping it.

  • Dedicated data protection officers

Organisations will be obliged to appoint such persons if they process the personal data of more than 5,000 data subjects in any 12 month period.

  • More comprehensive privacy notices

These will have to be used on all communications with customers to ensure their understanding of how their data is collected and how it will be used.

  • Profiling

This is permitted as long as consent to do so has been obtained from the individual. There is a proviso that if the profiling affects the interests of the data subject it should not be solely based on automated processing – human assessment should be included.

The EU Data Protection Regulations will generally be beneficial for business and clear up some of the ambiguities from Europe on data protection but we all need to be aware of the key changes to EU requirements and should act now to plan for their implementation.

The UK Government views cyber-attacks as a highest level risk to national security, alongside terrorism threats, and has introduced a number of changes already to help prevention, including:

  • Cyber Essentials – a basic cyber security hygiene standard, as noted above
  • a National Cyber Crime Unit within the National Crime Agency
  • a ‘Cyber Information Sharing Partnership’ to allow Government and industry to share information on cyber threats
  • a single reporting system for people to report financially motivated cyber-crime through Action Fraud, a UK National Computer Emergency Response Team (CERT) to improve national co-ordination of cyber incidents
  • a new Cyber Incident Response scheme in GCHQ to help organisations recover from a cyber security attack
  • a network of Centres of Excellence for Cyber Security Research within UK universities in 2013, to help provide reliable and up to date research and academic prowess.

Remember: please speak to your usual  Erimus contact to discuss this fast emerging risk cyber risk and to arrange your cover.

Read article »

Insurance Premium Tax

Posted on: August 20, 2015
Categories: Industry News

By Mike Ansboro, Operations Manager

In the July 2015 Budget the Government raised the level of IPT payable on general insurance premiums from 6% to 9.5%, an increase of over 50%

This is a compulsory charge that Insurance Companies have to levy on insurance policyholders and pay to the Exchequer on all new and renewing policies with effect from 1st November 2015. It will also apply to any Additional Premiums raised on or after that date.

Unfortunately you will therefore see an increase in your insurance premium as a direct result of this tax, and will need to take this into consideration when considering budgets.

Please do not hesitate to contact us, should you require any further clarification, regarding these forthcoming changes.

Read article »

Motor Prosecutions

Posted on: February 18, 2014
Categories: Industry News

By Paul Davison, Commercial Director

Protect your employees and stay within the law

Tough new laws have been introduced over the last few years to clamp down on dangerous and careless driving with penalties including large fines, driving bans and imprisonment for those caught breaking the law.

As a result, any organisation requiring its employees to drive on business must ensure they drive safely and legally or risk a charge of corporate manslaughter if they are involved in a fatal collision.

Allianz have produced a paper which provides:

An overview of offences, including drug driving and the respective sentences.

An overview of the impact on driving at work policies

Risk management

 

Click on this link to view the paper and should you wish to discuss any aspect of the paper in further detail, please do not hesitate to contact us.

Read article »

In The Event of an Accident

Posted on: November 7, 2013
Categories: Industry News

By Grant Jones, Head of Risk & Claims

Motor accidents happen. If you are unfortunate enough to be involved in one, we would recommend the following.

1. Stop at the scene, try to stay calm and don’t lose your temper. Check to see if you, any passengers, other road users or pedestrians have suffered any injuries.  If any persons have suffered serious injury, call the emergency services immediately.

2. If anybody is injured it is a requirement to report the accident to the police and to produce your motor insurance certificate within 24 hours.

3. Ensure the scene is safe. Where possible, switch off all engines, turn on hazard warning lights and alert oncoming traffic about the accident.

4. Avoid becoming involved in discussions regarding fault of the accident and do not offer to pay for any damage.

5. Take the name, address, telephone number, insurance details, vehicle registration and vehicle make and model of all other motorists involved.  Do not accept a phone/mobile number on its own.  Provide your insurance and contact details to all motorists, passengers or pedestrians involved, or persons whose property may be damaged.

6. Where there are witnesses to the incident, for example, pedestrians or other road users, obtain their Name(s) address(es) telephone number(s) – home and mobile –  and if applicable vehicle registration.

7. Be prepared and keep in your car, a notebook, pen and disposable camera or your mobile phone if this takes pictures. In the event of an accident, make a sketch at the scene. Remember to note as many details as you can such as street names, vehicle locations and direction of travel, skid marks, collision points and vehicle damage. Use the camera to take photos showing the road layout, position of vehicles and their damage (take care near busy roads). Take a note of the number of passengers in third party vehicles.  This information can be invaluable in helping establish the circumstances and extent of damage.

8. Record any other details you think may be important e.g. use of mobile phone, if you think the driver of the other vehicle has been drinking, weather conditions etc.

9. Report the accident to Erimus Insurance Brokers, Claims Department, as soon as possible

Unfortunately, car accidents happen but there are steps motorists can take afterwards to ease the hassle of sorting it all out. Motorists should read through their insurance policies carefully to check what is covered in an accident, things such as replacement vehicles or personal injury cover, so that no eventuality is overlooked. Don’t forget you could print out a copy of this article and put it in your glove compartment to remind you if needed.

Read article »

Electrical Inspection & Testing

Posted on: October 18, 2013
Categories: Industry News

By Mike Ansboro, Operations Manager

Over one thousand accidents at work involving electric shock are reported to the Health & Safety Executive (HSE) each year.

Faulty electrical installations and equipment are also a common cause of fires in commercial and industrial buildings, second only to arson. It is essential that risks associated with electrical installations (often referred to as ‘fixed wiring’) and equipment are correctly assessed and controlled.

Legal requirements
Electrical safety in the workplace is governed by the Electricity at Work (EAW) Regulations 1989. They require that the electrical system shall at all times be constructed and maintained “so far as reasonably practical, to prevent danger.” The word “system” includes fixed electrical installations, i.e. the wiring and switchgear installed in the building and permanently fixed equipment, such as; motors, compressors, heaters, lighting, etc.

Periodic inspection and testing
The purpose of periodic inspection and testing is to provide an “engineering view” on whether the installation is in a satisfactory condition and can be used safely. This involves a detailed visual examination together with appropriate testing. Based on IET recommendations, inspection intervals will normally range between 1 & 5 years, depending on the type of installation and occupancy.

Typically Industrial – 3 years

Offices – 5 years

Retail – 5 years

Educational establishments – 5 years

Restaurants and hotels – 5 years

Petrol filling stations – 1 year

Intervals less than those outlined may be recommended when the installation has suffered from neglect, or where it has been adversely affected by usage or environmental conditions. Following the periodic inspection and test, an Electrical Installation Condition Report (formerly known as a periodical inspection report) is required, in which the installation is assessed in terms of its suitability for continued use as either “satisfactory” or “unsatisfactory

In the case of an “unsatisfactory” installation, the report will incorporate remedial measures categorised as:

C1 – Danger present. Risk of injury. Immediate remedial action required.

C2 – Potentially dangerous. Urgent remedial attention required.

C3 – Improvement recommended Other electrical and testing protocols

Inspection and testing is also recommended by the IET:
• To assess compliance with BS 7671
• On a change of occupancy or use of the premises
• After alterations or additions to the original installation
• Any significant change in the electrical loading of the installation
• Where there is reason to believe that damage has been caused to the installation.

Routine checks
As well as formal periodic inspection and testing, the IET advocates that documented routine checks of the installation are carried out between inspections (in the majority of cases at annual intervals). The IET advises that these routine checks need not be carried out by an electrically skilled person, but should be done by someone who is able to safely use the installation and recognise defects.

Thermographic testing
Thermographic testing (also referred to as thermal imaging) is widely used in commercial and industrial premises as part of preventative electrical maintenance. It is not intended to replace conventional periodic inspection and testing, but is promoted as an additional activity with the objective of identifying electrical faults at an early stage.

Choosing electrical contractors
Select from contractors that are members of the National Inspection Council for Electrical Installation Contracting (NICEIC), the Electrical Contractors Association (ECA), the ECA of Scotland (SELECT) or other appropriate UKAS accredited organisations. Electrical inspection and testing is also available from some leading insurers as part of their engineering inspection services.

Requirements of insurers
Some Insurers apply electrical inspection conditions within their commercial property and business interruption covers and therefore it is important that these are checked and complied with in full.

Source: LV Commercial

The HSE has a specific webpage dedicated to electrical safety which can be found at www.hse.gov.uk/electricity/index.htm

Information on electrical inspection and testing is also available from the IET at www.theiet.org

Read article »

Ministry of Justice Reforms Update 2013

Posted on: June 3, 2013
Categories: Industry News

By Mike Ansboro, Operations Manager

We have already notified you with a broad outline of the changes to the Personal Injuries legal framework in England and Wales and emphasised the strict adherence to timescales required.

In the event that you receive a Claims Notification Form (CNF) direct from a claimant/claimant’s solicitor it MUST be acknowledged within 24 hours. We would recommend the following course of action:

Contact the Claimant/Claimant’s representative by e-mail and acknowledge the CNF within 24 hours (simply tell them the name of your Insurance Company and give them the policy number).

Notify Erimus Insurance Brokers and your insurance Company of the claim the same day as the above acknowledgement is sent.

To avoid any potential delays and/or problems we would strongly suggest that you yourselves do send the acknowledgement to the claimant/claimant’s solicitor immediately and then as above also send a copy to Erimus Insurance Brokers and attach the CNF (plus any other documentation or correspondence) so that we may ensure that your Insurance Company receives it and we can manage your claim for you.

Read article »

Categories

Blog Search

Archive Posts

mercedes benz retail corporate sales

TIC and Erimus Insurance Brokers are delighted to announce that Mercedes-Benz Retail Group trading as Corporate Sales have agreed access for all TIC and Erimus's customers to preferential rates and terms for the supply of new Mercedes-Benz cars. If you are in the market for a new car and particularly enjoy the prestige Mercedes-Benz brand we are confident that we will be able to introduce you to the best rates and terms available. You can access Mercedes-Benz Retail Group Corporate sales by clicking here. Alternatively, please call us on our main land line number and we will set the 'wheels in motion' towards obtaining your new Mercedes.

Please note: If your enquiry is made by email via the links on our websites or directly on the phone to Mercedes-Benz Retail Corporate Sales, to obtain our preferential terms you MUST state or mention in the comment box "referred by Erimus Insurance Brokers" or "referred by Teesside Insurance Consultants (TIC)".

Erimus Insurance Brokers is a trading name of Teesside Insurance Consultants Ltd. Registered in England No. 2043783. Authorised and regulated by the Financial Conduct Authority No. 307660.
Directors: P.J. Davison, S.D.E. Hughes, I. Miller ACII, S.S. Pinnell. Non Executive Director: G. Lumby MBE, FCIBS.
Company Secretary: C. L. Nolan.
Cookies Policy  |  Privacy Policy  |  Terms of Business  |  Disclaimer  |  Complaints

Link with us on LinkedIn »