Top five tips to create an effective business continuity plan to combat cyber exposures

The COVID-19 pandemic has been a time of acceleration for the insurance industry as new technologies, channels of communication and working from home practices have been required in an astoundingly short amount of time. With that, however, businesses have been forced to grapple with the very real threat of cyber security exposure as remote working has become the new normal.

The next step for the insurance sector is to harness this new understanding of the role of cyber security to increase the rate of uptake of insurance products within locations and businesses which have traditionally looked away. Being able to do so means that brokers must have a keenly developed understanding of the cyber policies that will best benefit their clients and be able to fully understand exactly what these policies entail.

To help promote this understanding, Insurance Business reached out to a panel of experts to create its latest special report on the cyber insurance sector, which seeks to answer some of the most pressing questions brokers have about this complex area of coverage.

One of the contributors to this report, the head of IFL cyber & TMT for AXA XL, James Tuplin (pictured above), noted the importance of insurance companies keeping their brokers and their insureds up to date with the latest cyber trends. When it comes to information exchange between insurers and brokers, he noted, this needs to be a two-way process. Brokers need to demonstrate to their clients what policies do and how they work – not just in terms of coverage, but also around the pre-breach support, claims handling and panels of providers on hand to assist if something goes wrong. It’s also important for brokers to understand the types of claims insurers are seeing in the market so they can advise their clients on key threats.

“Keeping brokers informed helps them to advise their clients and helps build relationships,” he said. “Sometimes it could be a client’s first cyber policy - by sharing knowledge, we can ensure they understand the threats we’re seeing in the industry, how these attacks are happening, how they can improve defences and what the policy will cover if the worst happens.”

The implications of COVID-19 have shone a light on the importance of cyber protection, Tuplin noted. However, AXA XL has always worked closely with its brokers to ensure they have the right information when speaking to clients about their cyber requirements, and this is no different right now. Brokers are very experienced these days and have lots of knowledge in this area, however, if further information can be provided around how insurers can help their clients – with redacted claims examples – this is often beneficial.

In the cyber insurance special report, Tuplin highlighted that a tested business continuity plan (BCP) is the most effective response to handling a cyberattack. A key concern for a business being hit with a cyberattack is the potential damage it may do to its reputation, he said. While cyber risk is always going to exist, given the environment that businesses operate within, those companies that come out best after an attack are the ones that manage the situation correctly as people praise prepared responses.

There are five key points that make up an effective BCP, Tuplin stated, and he outlined these as the following:

1. Communication lines – Effective reporting up and down the line is essential. If an employee detects a cyber security issue, they need to know who to report this to within a company. This reporting also needs a clear line upwards and part of the communication line is also disseminating information back out. How will employees report the issue if a ransomware attack encrypts everything connected to the network? How will the business communicate with its employees if the entire network is down? Companies should have a list of all personal mobiles, so that, in an emergency, they can contact employees directly and instruct them on how to proceed.
2. Cyber policy – The relevant business sectors must be made aware that there is a cyber policy in place that needs be activated. If this isn’t clear in a BCP, it can result in a lot of wasted time and potentially further damage. Make sure there are paper copies of the policy available. If the whole network has been jeopardised, there won’t be access to electronic versions.
3. Back-ups: Ensure the business has good, clean, regular back-ups of the entire IT estate (info, emails, invoices etc.) daily or weekly at worst – every few months is not enough. Ensure the back-up is stored on a remote network. There have been instances of ransomware attacks shutting down systems and then the virus going through the network and into the back-up, also shutting that down.
4. Understand your system: While it depends on the industry you work in, ensuring you know how to reboot your system is key following an attack. Understanding the vital elements of the technology backbone and how to restore to a previous version will ensure the business is back up and running as soon as possible.
5. Regular testing: Testing your BCP is the most important step in the process. Not only will this help to spot issues, but it will also draw attention to changes that may have taken place since the previous test. Exercises involving senior management are essential and help to ensure that everyone understands their role and the company’s role following an attack.