Compass reviews the very real risk that cyber crime poses to park businesses
It is hard to exaggerate the damage a cyber attack could inflict on a park business.
A fraudulent email, for example, can release ransomware, viruses, worms, trojan horses, spyware, adware, crimeware and scareware. Any of these can crush a park’s operations by interrupting normal services and stealing information and data.
Cyber criminals are constantly developing their techniques, making it hugely challenging to spot a fraudulent email. For parks with employees, preventing one slip by one individual 24/7 can be very difficult to manage.
Fraudulent emails are not the only challenge parks face. A Distributed Denial of Service (DDoS) attack is designed to make a service inaccessible. One that targets a park’s online booking platform could spell disaster, especially during busy booking periods when significant revenue could be lost.
A successful hacking attack can also compromise stored data on customers, employees, contractors, products, strategic plans, sensitive data and commercial data. This data is often then sold on to fraudsters. Hacking also has the potential of putting the operation of systems which control physical infrastructure at risk.
Cyber criminals aside, it is often those inside your park business that could inflict the most damage. Disgruntled existing or past employees are of significant risk not least because they are familiar with a park’s operations and processes, and how to bypass them. They may also have access to your assets. Parks should sever employees’ access immediately after they leave the business. Some other areas to consider will include:
- Keeping IT inventories
- Keeping up-to-date records on IT systems access
- Conducting regular IT Health Checks
- Keeping on top of IT management – who is responsible for supervising and checking all the above? Remember holiday/sickness/maternity cover.
Finally, some estimates suggest over 90% of successful cyber breaches occur due to simple human error. A lack of IT security awareness from your staff could allow others to commit fraud against your customers via data you hold on them (the Information Commissioner’s Office suggest that 80% of all data breaches involve staff in some way).
Cyber-specific insurance cover
Nowadays even the most clued-up of businesses is still vulnerable to a cyber attack. As a result, parks are increasingly buying specialised cyber insurance policies to supplement their existing insurance arrangements, particularly if they:
- hold sensitive customer details such as names and addresses or banking information
- rely heavily on IT systems and websites to conduct their business
- process payment card information as a matter of course.
A good insurance account executive should be able to highlight any areas of cover you may need to consider. Add-on cyber insurance cover is widely available, but as with all insurance quality can vary and from an economical perspective, it would be sensible for parks to seek out add on products that “wrap around” their existing cover.
First-party cyber insurance covers your business’s own assets. This may include the costs of:
- conducting an IT investigation following a data breach, security breach or damage to data
- restoring data following a data security breach
- payment of a ransom to end a credible threat to release confidential data or introduce malicious code
- loss of profit due to the availability of computer systems being impaired.
Third-party cyber insurance covers the assets of others too, typically your customers. This may include (in addition to features such as in the above first-party cover):
- legal liability claims arising from a data breach, security breach
- cost to provide notification to affected data subjects and crisis communications support
- insurable fines and defence costs related to a regulatory action following a data breach.
Many insurers, including Compass, include technical assistance with managing a breach as part of the insurance policy.
Keeping up with cyber crime “trends”, learning how to protect your IT systems and training ALL staff to be vigilant is important for all parks. UK businesses are fortunate to have a wealth of free guidance and support available to them to assist in risk assessing and managing their IT security. A list is available on the Compass website – please follow this link
Park owners and managers are welcome to contact the Compass team for free, impartial cyber insurance support on 0344 274 0277.
Compass is a trading style of Binnacle Insurance Services Ltd. Binnacle Insurance Services Ltd is registered in England, Company No. 11429456 at Registered Office: 2nd Floor, The Hamlet, Hornbeam Park, Harrogate, North Yorkshire, HG2 8RE.
Binnacle Insurance Services Ltd is authorised and regulated by the Financial conduct Authority, FRN No: 820727.