Firms across Northern Ireland are not fully protected to cope with the repercussions of cyber-attack or data breaches, a seminar on the subject has found.

Belfast-based Willis Insurance and Risk Management (Willis IRM) brought together companies from across all sectors to hear about the growing threat from cyber criminals.

A survey at the event in the new Titanic Hotel found that a quarter of delegates were aware the companies they represented had sustained some level of cyber-attack in the past.

However, only around 40 per cent of those attending had taken out dedicated cyber insurance policies.

Leslie Dick, Management Risks Client Director, at Willis IRM wealth management advice to firms across all sectors, said:

“Firms are facing an ever-increasing threat from cyber criminals. However, it is not just a case of having the right systems and firewalls in place as you must always account for human error that can be caused by your employees.”

The breakfast event heard how the costs associated with a cyber breach can quickly mount up and can include extortion costs, in the case of a ransomware attack, system reinstatement following an outage, as well as the damage to the firm’s reputation.”

Speakers included Lindsey Nelson, a cyber security expert from Willis IRM partners, CFC Underwriting based in London and IT and data consultant Justin Bentley of Lisburn firm JCB Consulting.

Lindsey said:

“Cyber insurance has a major role to play in mitigating clients’ exposures for their intangible assets and human error is a key element of the exposures that companies face these days.

“A cyber policy is much more than just a wording and is about being proactive and responding when crises do occur.”

The seminar also heard about possible costs resulting from breaches of personal data with new regulations, known as GDPR, set to come into force in 2018 along with penalties of up to €20 million for non-compliance.

However, Justin said firms needn’t be alarmed:

“There are a lot of myths surrounding GDPR including that it only relates to larger companies but the truth is that all firms, not matter their size, must comply with the regulations if they hold data.

“Realistically, that means that every business must be GDPR compliant and those that are should have nothing to worry about when it comes to fines.

“No penalties will be issued to firms that can prove they had all the correct measures in place, because even with the most careful planning, all business are still targets for cyber criminals.”

The cyber insurance market is already well established in the United States where 90 per cent of firms have a policy in place, but only a small proportion of firms in the UK are covered.

A UK government survey put the average cost of attacks to small businesses at between £65,00 and £115,000 while for larger firms, the cost is typically between £600,000 and £1.15m.

Cyber crime event attendees comment: