A recent survey from the institute of directors has revealed that 50% of businesses in the UK do not have a Cyber security strategy. Asides from the disturbing implications for customers that the companies entrusted with their data have no plans to protect it, this lack of a plan extends to a response to cyber breaches as well. It is an altogether all too common occurrence for a company to reveal a breach a significant period of time after it has occurred to save their own face.
Companies must implement cyber strategies to protect their customers and ensure they have the highest level of protection. To enforce the new rules and regulations, insurance companies and providers must be prepared to deny insurance to companies and clients that fail to meet a minimum standard of security requirements. Such policies would include restrictions of personal devices to company networks and implementing a policy of informing customers immediately if personal data has been lost.
The greatest obstacle to implementing such policies is a lack of cohesion and centralisation. This looks set to change with the update for the GDPR, which seeks to punish companies that fail to provide a minimal level of cyber security with fines. Although this is limited to companies in the EU it is likely that structure of the regulation will be adopted in the UK.
Insurance companies should build upon the foundation established by the GDPR, by doing this companies will be able to create a cohesive response to the cyber threat. This will ultimately be of benefit to customers who will be able to be aware of their compromised data sooner. However this will only be possible if companies are fearful of the consequences of not providing adequate security measures. It is simply unacceptable that only 50% of companies in the UK have a cyber security strategy.