These days, cyber risk should be high on the care sector’s risk management agenda, as cyber-criminals target small organisations with increasing frequency.
Virtually every care organisation, even non-governmental and non-profit-making ones, operates electronically to some extent in order to perform its key services. This can be anything from a website or online profile or using third-party software to manage back-office requirements such as accounts and payroll. We review the different types of cyber risks affecting the care sector and what to do about them.
Types of cyber risk
By cyber risks we aren’t just talking about the more obvious hacking incidents – exposure to such risks can also arise from employee and software errors. Since the implementation of GDPR back in 2018, breaches which result in personal details ending up in the wrong hands are now considered major incidents and can see organisations facing fines of up to £17.5 million or 4% of their annual turnover, whichever is greater. Civil claims can also be brought by each of those affected. Digital data therefore comes with increasing legal and reputational risk.
Cyber risk can be grouped broadly into the following categories:
- Operational cyber risk – The risk to business continuity if organisations are denied their electronic systems.
- Financial cyber crime – Committed by hacking/spoofing communications, such as fund transfer requests and interfering with website payment links.
- Data risk – The risk associated with the increasing amount of data that organisations are holding and transferring. A significant part of information cyber risk relates to the growing legal regulations and sanctions associated with data.
Managing cyber risks
Cyber security services, including data risk analysis, data masking (which is the process of hiding classified data with modified content) and vulnerability discovery (the process of researching a piece of software or hardware to evaluate the presence of vulnerabilities), is a fast-growing sector and a trend which is expected to continue and accelerate over the next few years.
A 2021 report carried out on behalf of the UK Department for Digital, Culture, Media and Sport showed that almost 50,000 people are now employed in cyber security and that the number of cyber security firms in the UK increased by 21% on last year. Parliamentary Under-Secretary of State for Digital Infrastructure, Matt Warman, said: “The need for cutting-edge cyber security has never been greater and this resilient sector is growing, diversifying and solidifying its status as a jewel in the UK’s tech crown. With more than 3,800 new jobs created, firms – large and small – are doing vital work keeping people and businesses secure online.”
Cyber security professionals can help organisations with some preventative measures, such as vulnerability discovery and data masking, to help mitigate risks. But whether or not you choose to use them the key point to remember is that third sector organisations should protect their communications and data in the same way that they protect the security of their buildings and property assets.
Of course, some cyber risks are simply not preventable and are fuelled by our dependency on IT, GDPR legislation, and a compensation culture around privacy. Specialist cyber insurance policies can offer policyholders a combination of incident management and access to legal and PR experts, as well as cover for costs such as those caused by business interruption or data issues.
An effective insurance policy will help charities, not-for-profit and care organisations to respond to cyber incidents and boost the confidence of the other parties they provide services for. If you need any help and advice around cyber insurance for your care organisation, please make contact through our website or just pick up the phone, we already look after the insurance needs of several hundred charities and would be happy to advise you on your requirements.