News

Certification can help

Printers urged to check exposure to cyber crime

News by
Business
Nearly 40% of UK businesses were subjected to a cyber attack or breach in the last year. 
Cyber crime costs the UK economy an estimated £27bn, according to government figures

Printers have been urged to check the small print of their cyber insurance policies after recent high profile attacks – and today’s revelation that Marks & Spencer’s ongoing incident will cost the group around £300m and won’t be fully fixed until July.

A number of printing businesses have been subjected to cyber attacks in recent years, with hackers sometimes attempting to access high value customers, such as financial institutions, through their print suppliers. 

Luke Wildey, development executive at BPIF insurance partner Howden, said that cyber insurance was something many print firms were “starting to pay attention to for obvious reasons”.

“One of the major issues we commonly see is that the cyber cover offered in off-the-shelf policies, which are typically offered to printers by brokers,  are entirely inadequate – or they don't offer the support to a business, service and levels of cover, which they should do,” he said.

He cited the example of a customer who had a standard off-the-shelf policy with an element of cyber cover, but the indemnity limit was just £25,000 with no additional support or service included.

“On reviewing this client's exposures and what they required; we managed to 10x this cover with a specialist Cyber policy which included a limit of indemnity of £250k, and also offered Cyber Awareness Training to all staff, and Phishing Simulations as a way of monitoring staff awareness.”

It's not clear whether cyber insurance premiums are likely to increase because of the recent high-profile incidents involving M&S, the Co-Op, Harrods, and other companies in the retail supply chain. 

In its annual results announcement and update on the cyber incident today (21 May), M&S said it had £100m of insurance cover that would help to offset the costs of the attack.

Printers can help to mitigate their Cyber policy premiums by ensuring they uphold good cyber security practices, such as Cyber Essentials and Cyber Essentials Plus certification.

“By being certified – although this isn't a question being asked by underwriters yet – businesses are typically able to answer questions they wouldn't have been able to, if they weren't certified. Items like Endpoint Detection and Resolution is a popular one here,” Wildey added.

Microsoft describes Endpoint Detection and Response (EDR) as a cybersecurity technology that continuously monitors endpoints for evidence of threats, and performs automatic actions to help mitigate them.

The endpoints are the many physical devices that can be connected to a network, such as mobile phones, desktops, laptops, servers, and Internet of Things (IoT) technology, and which potentially give malicious actors multiple points of entry for an attack on an organisation. 

In the current Printweek poll on cyber security that asks: “Do you carry out regular penetration testing on your systems?” 41.86% of respondents said they did not, 38.37% did carry out regular testing, while 19.77% answered “we really need to”.

The Association of British Insurers (ABI) said it could not speculate on future premium prices due to competition law.

The ABI has a number of useful resources on its website including a cyber safety tool that generates a free action plan; and guidance for businesses considering payment in ransomware incidents.  

Business
Cyber attacks Business continuity