To help protect your retail business, in this Q&A, our cyber risk and retail industry specialists answer your most urgent questions following the recent cyberattacks targeted at businesses in the retail sector.
A: While avoiding cyberattacks altogether may be unrealistic, the National Cyber Security Centre (NCSC) has issued some useful guidance on best practice precautions. In summary, the NCSC recommends businesses should:
Any suspicious activity can signal unauthorised network access. You need to be vigilant over possible social engineering attacks, which impersonate help desk interactions to infiltrate your organisation’s IT systems.
You should also regularly revoke active sessions (meaning users have to authenticate themselves regularly for continued access to IT systems) and identify when individuals have created suspicious accounts.
A: Developing and regularly testing a robust incident response plan can help minimise the impact of any cyber incident and restore your operations quickly.
Your incident response plan should set out how you define a ‘cyber incident,’ as well as the procedures for identifying and reporting them. Your plan should also include processes for containing incidents to prevent further damage and outline steps to restore systems. It should also establish how you plan to learn lessons from any cyber incident.
While no simulation can fully replicate the pressure associated with a real crisis, cyber incident workshops can prove vital in testing your incident response plans. In particular, testing and simulations can help key decision-makers identify any issues with cybersecurity or gaps in planning, which they can then address to help the business recover rapidly after any incident.
A: The answer here will depend on the specifics of your coverage and the circumstances of any attack. However, based on publicly available material, the spate of cyberattacks against retailers would ordinarily fall within the scope of a typical cyber policy (although other non-cyber policies might also contain some form of coverage for the impacts following a cyberattack).
If you’re not clear on the scope of cover and whether it’s fit for the intended purposes, now is the time to stress-test it. Are there any gaps and what measures can you take to plug them?
A: Even if you evaluate your type of cover as fit-for-purpose, you should also assess the adequacy of your limits against all the potential financial implications of cyberattacks, for example, business interruption, ransom payments and notification costs.
Underinsurance not only presents a balance sheet problem, but may also leave your directors exposed to shareholder actions. Boards can face allegations of failure to ensure robust IT systems or inadequate handling of cyber risk, which can include failure to maintain adequate cyberinsurance.
A: Identifying and quantifying your specific cyber risks is the first step to finding the most efficient way to mitigate them. Cyber risk quantification analytics that use industry and organisation-specific scenarios can give you a detailed picture of the financial consequences of cyber incidents. With this insight, you can plot a course to the most effective and efficient combinations of risk controls, transfer and insurance limits.
The cyberinsurance market is more competitive than it has been in recent years, meaning now’s a good time to investigate your options. To understand and ensure your cyber risks more effectively, or to strengthen your incident response planning, get in touch with our cyber risk and retail industry specialists
