26th September 2018

The British Airways data breach highlights the importance of cyber insurance


Posted by: Richard Jervis

The recent data breach at British Airways has highlighted the need for companies holding client/customer information to consider Cyber insurance.

Over the period between 21st August 2018 to 5th September 2018, British Airway’s booking system was subject to what appeared to be an intervention hack, where cyber criminals stole the financial details of 380,000 customers.

Loosely translated it appears that the hackers placed themselves in a position to read all of the data coming into BA’s booking system, including customers names, addresses, dates of birth, bank details and critically their CVV numbers.

According to the Payment Card Industry Data Security Standard (PCI DSS), which applies to companies accepting credit card information, storing CVV information is not allowed to be held on any company’s data base as they are considered as such a vulnerable piece of information.

Not only will British Airways face the bill for making good on all of their customers potential losses, they could also face a large fine. The latest GDPR regulations allow for a fine of up to 4% of worldwide turnover, and for a company that had turnover of £12 billion in 2017, this fine could be more than £480m*.

So what should you be doing?

  1. Good security practice: It goes without saying that you must follow good security practice with your systems and be aware of the relevant legislation.
  2. Cyber criminals don’t discriminate on size: Some will look at BA and think ‘well they’re huge company. No one is going to come after my little firm.’ Think again. According to UK government statistics, 42% of small and micro businesses have experienced at least one breach or attack in the 12 months to April 2018**, which could severely impact profits and customer confidence. Yes, British Airways are huge and therefore employ a large number of people who do nothing but protect their systems, yet that still wasn’t enough for them.
  3. Get Cyber insurance: Combined with taking appropriate security measures, a cyber insurance policy will provide some peace of mind to protect the potential financial impact on your firm. Find a cyber insurance policy that can also provide quick response experts to assist in the event the worst happens, which can often be the most valuable resource in both discovering the scope of any breach and shutting it down.

It’s now up to you to think about what would happen to your business if you suffered a breach.

*Source: https://theconversation.com/british-airways-hacking-how-not-to-respond-to-a-cyber-attack-102857

**Source:https://www.gov.uk/government/news/new-figures-show-large-numbers-of-businesses-and-charities-suffer-at-least-one-cyber-attack-in-the-past-year

To find out more on cyber insurance and how Protean Risk can help your business, download our Cyber & Data Insurance Guide or get in touch:

Download the Guide      Get a Quote