In light of the global cyber-attack and the impact it has had on the NHS, Henderson Insurance Brokers is advising organisations to review their cyber security policies to guard against heavy sanctions and business interruption.
The Stockton-based firm is warning business owners to address any cyber concerns before any potential attack, which could potentially breach the Data Protection Act and lead to the publication of sensitive data about their client base or customers.
The NHS was embroiled in the worldwide attack, which has spread to more than 70 countries, with 48 Trusts affected through ransomware – a tool that encrypts data until the hacker is paid a ransom and then releases it back to the owner.
The current maximum fine for a UK Data Protection Act breach, which applies to personal data that is processed, is £500,000, but a reform of the EU data protection rules, which will come into effect from 25th May 2018, will see this figure rise to €20m.
According to professional services firm KPMG, the value of fraud committed in the UK eclipsed £1bn in 2016, with cyber fraud costing £124m.
Jonathan Willett, director at Henderson Insurance Brokers, is advising firms to review their current procedures to help combat cases of cyber fraud.
He said: “Cyber-crime cannot be ignored, given the rise of the digital economy and several high profile cases, including the severe attack on the NHS.
“Penalties for Data Protection breaches are severe, but the new EU directive will deliver much harsher consequences, which will still be relevant to many companies operating in the UK with an international presence when the UK officially leaves the EU.
“Business interruption and downtime can be costly enough, but if adequate cyber cover is not in place, compensation may not be offered and firms can also incur heavy fines.
“At the end of the day, it is how an attack is responded to, which will assist with any mitigating circumstances surrounding a claim.”
Willett is also advising firms to educate staff members and introduce robust procedures to help guard against a cyber event.
He added: “Malware hacks and social engineering are commonplace, which can present themselves as innocuous emails and communication with a business and its staff.
“While they may seem harmless, if there is any doubt whatsoever, staff should report anything and escalate the potential threat immediately.
“Data controllers and managers should consider implementing policies that restrict the use of work telephones and emails being accessed and used for personal reasons too.
“If devices are used outside of the workplace, which contain a virus or have been subject of an attack, this can infiltrate a company’s infrastructure when back in use at work, so employees must be mindful.”
Henderson Insurance Brokers operates three offices in the North East, in Stockton, Newcastle and Sunderland.