“Cyber threat is not around the corner”, says Duncan Sutcliffe, Director of Sutcliffe and Co, AIG’s partner in the government sanctioned cyber-security scheme for SMEs. “It is already here – we are the ones who need to catch up”.
In order to do so, AIG, Sutcliffe and Co, and IASME Consortium are working together to encourage all businesses to build cyber security into their companies by focusing on five critical security controls. Provided SMEs can demonstrate that they have reached certain technical control requirements by passing IASME’s self-assessment, they are entitled to a new AIG cyber-product that supports the government’s Cyber Essentials Scheme.
AIG’s product covers the costs of notifying customers of an attack and of offering two years’ credit monitoring to affected customers, paying fines and penalties if insurable under law, and meeting costs of PR to restore reputational damage.
Smaller companies are at the most risk from hackers – their security systems are less advanced, and they have less available capital to cover the costs of an attack. There is also an added incentive as hackers try to make their way through smaller companies to access data from larger organisations.
“Often smaller organisations are seen as a back door entry to large organisations by hacktivists, which is why strict contractual obligations are often stipulated,” says Raheila Nazir, cyber TMT manager for the UK at AIG.
“If an organisation can demonstrate they have assessed such risks and taken steps to mitigate them they can stay ahead of the sophisticated nature of cyber-attacks which will reassure the organisations they want to do business with,” she adds.