CPA Bulletin

www.cpa.uk.net CPA Bulletin > February 2018 23 Plant Theft: 2 INSURING AGAINST CYBER-CRIME With the recent spate of cyber-attacks includingWannaCry and the recent incidents at Tesco Bank and Sony, it is no wonder that cyber- crime has been on theminds of many businesses. While it may only be large companies that havemade the headlines, that doesn’t mean that small andmedium-sized enterprises (SMEs) are safe, with 75% falling victim to a breach in 2015. For large businesses, this statistic was 90%. In fact the problem is so pervasive that the UK is now second only to the United States for cyber incidents. A cyber-attack could cause massive reputational and financial damage to your business, and with hacking techniques ranging from the sophisticated (social engineering) to the basic (phishing emails) protecting yourself can be nigh on impossible. In addition, with the introduction of the EU’s General Data Protection Regulations (GDPR) just a fewmonths away, failure to secure your data or report the breach in a timely fashion could leave you with a fine of up to 4% of your annual global turnover, or £17m (€20m), whichever is the greater. CASE STUDY : Ransomware An insured’s employee clicked on a malicious link which resulted in them downloading a cryptolocker ransomware - malware that encrypts the system it attacks and demands payment to release. Assisted by our breach response team and external forensic teams, the insured’s internal teamwas able to restore elements of the compromised data, but resulted in paying over £5,000 in extortion payments using a cryptocurrency - which the insurers covered. CASE STUDY : Logistics The express division of FedEx TNT suffered an attack which impacted throughout its’ European operations. The company had publically stated that “we do not have cyber or other insurance in place that covers this attack.” FedEx lost revenue during the attack, and also incurred costs associated with the implementation of contingency plans and the remediation of affected systems. Could your business benefit from cyber cover? In short, if you have an online presence whether that’s through your website, social media, internet and email or if you store customer or employee data remotely through a cloud or electronic system, then you should be considering cyber insurance. What cover is available? As a general rule, there are two types of cyber cover - first party and third party. First Party Cover - first party insurance covers your organisation’s own assets including data recovery, business interruption costs for you and any dependant businesses, cyber extortion protection and the management of reputational damage. Third Party Cover - third party insurance covers the assets of others, for example your customers. This can include crisis management and regulatory defence costs as well as security and privacy and multimedia liability. Cyber cover isn’t just about protecting your assets in the event of a breach, you also need an insurer who can respond quickly and support you in the event of an attack or suspected attack. The faster you receive a response the more likely you are to speed up the recovery of your business and limit the reputational damage you occur. That’s why we offer a guaranteed response within one hour of you advising your insurer of the breach - speeding up the claims process and helping you to get back on your feet. This article was kindly drafted by Steve Lestrange, Arthur J Gallagher Brokers. steve.lestrange @ ajg.com HMREVENUE AND CUSTOMSWARNING Her Majesty’s Revenue and Customs (HMRC) have circulated a warning of a fraudulent email offering the recipient a tax refund from HMRC. Various email addresses have been used to distribute this scam. The known ones are as follows: • service.refund @ hmrc.gov • secure @ hmrc.co.uk • taxrefund-notice @ hmrc.gov.uk • taxrefund @ hmrc.gov.uk • refund-help @ hmrc.gov.uk • refund.alert @ hmrc.gov.uk • refunds @ hmrc.gov.uk • rebate @ hmrc.gov.uk • HM-Revenue-&-Customsztoro.com If you receive any dubious looking emails from addresses such as the above, please do not open any attachments as they are likely to contain malicious software or direct you to a bogus website. Please forward the email to phishing @ hmrc.gsi.gov.uk and then delete it, as HMRC are maintaining a log. Text messages and Twitter are also being exploited in a similar way. Once again, you should never respond with any personal or financial information if you receive one. STOLEN JCB 2CX RECOVERED A stolen JCB 2CX Backhoe Loader worth £25,000 had been found and safely recovered in Bentley, Hampshire, within amatter of hours of first being reported as stolen. The ability to recover the machine was due to the installation of a battery operated tracking device from AMI Group, plus back-up drone footage which aided the plant recovery efforts.