Henderson Insurance Brokers is advising firms to review their cyber security policies to guard against heavy sanctions when new EU legislation comes into force.

The leading insurance broker, which has offices across the North East in Newcastle, Stockton and Sunderland, is warning business owners to address any cyber concerns before an attack, which could potentially breach the Data Protection Act and lead to the publication of sensitive data about their client base or customers.

According to the Government’s Cyber Security Breaches Survey, 65% of large firms detected a cyber security breach in the past year, with the average cost of a breach to large businesses totalling £36,500.

The current maximum fine for a UK Data Protection Act breach, which applies to personal data that is processed, is £500,000, but a reform of the EU data protection rules, which will come into effect from 25th May 2018, will see this figure rise to €20 million.

In light of a number of high profile cyber breaches, including at Tesco Bank and Camelot, Dave Robson, Regional Managing Director at Henderson Insurance Brokers, is advising firms to review their current procedures well in advance of the reformation, despite the UK’s impending departure from the European Union.

He said: “Cyber-crime cannot be ignored, given the rise of the digital economy and several high profile cases of breaches and releases of sensitive data. Penalties for Data Protection breaches are severe, but the new EU directive will deliver much harsher consequences, which will still be relevant to many companies operating in the UK with an international presence when Article 50 is triggered.

“Business interruption and downtime can be costly enough, but if adequate cyber cover is not in place, this can result in further unwanted expenditure as compensation may not be offered, not to mention any potential fines. At the end of the day, it is how an attack is responded to, which will assist with any mitigating circumstances surrounding a claim.”

Dave is also advising firms to educate staff members and introduce robust procedures to help guard against a cyber event.

He added: “Malware hacks and social engineering are commonplace, which can present themselves as innocuous emails and communication with a business and its staff. While they may seem harmless, if there is any doubt whatsoever, staff should report anything and escalate the potential threat immediately.

“Data controllers and managers should consider implementing policies that restrict the use of work telephones and emails being accessed and used for personal reasons, as in some cases, devices used outside of the workplace, which contain a virus or have been subject of an attack, can infiltrate the company’s infrastructure when back in use at work.”