More businesses than ever before are being attacked, hacked or having sensitive data lost or stolen. Whilst the transport and logistics sector doesn’t typically hold vast quantities of data, your exposure to cyber crime is still a very real threat, no matter what size or type of operation you run.
Your drivers and customers are some of your biggest assets; however, their data is one of your biggest vulnerabilities! Haulage and transport firms collect information that is classed as personal data.
- Driving licences
- Telephone numbers
- Driver qualification records
- National Insurance Number
- Customer details
- Records of employee performance
- Certain employee medical records
- Tachograph readings
- Bank account details
With the introduction of ‘smart tachographs’ in 2019, businesses are accessing and storing even more valuable information than before, including higher levels of personal data.
Cybercriminals take advantage of our digital world, such as intercepting payments to suppliers and third parties. One ploy is to cleverly impersonate third parties or even your employees. Seemingly legitimate emails can be hackers trying to redirect funds.
Funds Transfer Fraud
This was the case with one unfortunate haulage firm, who became the victim of a scam starting from email correspondence between them and its accountants. Using a method called ‘email spoofing’, in this instance cyber criminals created an authentic looking email which convinced their financial director that a change of details was necessary for payment of taxes. The whole episode left them out of pocket by £128,299.
As with so many cyber-related events, this loss stemmed from human error and it’s very difficult for any business to eliminate this risk entirely. Thankfully, though, the haulage firm was able to recoup the funds under the cyber crime section of its cyber insurance policy.
Any organisation that holds personal data, has a legal obligation to keep it secure and out of the hands of cybercriminals. You need to ensure all staff are aware of their responsibilities and understand what constitutes a breach of data.
GDPR regulations require all organisations to report certain types of personal data breach to the Information Commissioners Office (ICO) within 72 hours of becoming aware of the breach. Failure to do so is punishable by a fine (a maximum 4% of turnover). The ICO can also discipline organisations in other ways, such as enforcement actions and audits – so it is essential to have a plan in place ready to respond.
Almost all businesses are exposed to potential cyber risks, which is why cyber insurance is such a crucial tool.
Reasons to hold Cyber Insurance:
Your I.T. system is the lifeblood of your operation; route planning, payroll, employee records, customer orders, vehicle maintenance records, tachograph history and managing invoicing. Should it be compromised the consequences could be catastrophic!
Cyber Incidents are not picked up by traditional ‘Combined Insurance’ policies, leaving you exposed to pay the full costs from incidents. These costs range from rebuilding your I.T. system and data or being forced into paying a ransom to regain control.
It is very important to note that information held by you could be vital in the event you need to provide evidence at a public enquiry, so protecting this data is paramount.
Cyber Insurance protects you during and post cyber incident. Protection that can include; –
- Costs recovered for damage to data or systems
- Security breaches compensation – for funds paid to fraudulent sources
- Legal and regulatory defence costs
- Access to specialist computer forensic support
Cyber insurers’ claims teams deal with data breaches on a regular basis and have the experience to help guide effective decision making and fast action.
They will support their policy holders through the response process, make relevant legal and technical experts available as required. They will also cover the expense of fixing the breach and notifying anyone whose data has been lost, thereby complying with breach notification laws and covering the associated costs.
In addition, the Government’s Cyber Essentials scheme provides useful advice around good cyber practices.
The Cyber Security Information Sharing Partnership (CiSP) helps alert businesses to the latest threats and confidentially share information relating to attacks.
RHA Insurance Services can help
It only takes minutes to put in place a policy providing you with a range of appropriate cover options.