FINEX boss says incident highlights vulnerability of companies to system failures
Company risk managers can utilise their skills to mitigate against incidents such as the recent NatWest computer glitch which left up to 12m people unable to pay their bills or transfer money.
That is according to Jeremy Smith, leader of the FINEX Global International Technology, Media and Telecom Practice, part of Willis Group Holdings.
Smith said the NatWest incident highlighted the dependency of organisations on their IT infrastructure and the vulnerability of firms when their systems crash.
“The cause of the glitch was reportedly a routine software upgrade,” he said. “Unfortunately, software failures, like data breaches, are very hard to protect against. Even the most tested software can fail and even the highest level of training cannot completely cut out human error. That said there are a number of things organisations and their risk managers can do to reduce the possibility of these incidents happening.
“Although the majority of risk mangers will not be IT experts they can utilise their skills in other areas such as contractual indemnities to alleviate such exposures. Almost all firms outsource their IT and data hosting services to third parties and therefore when evaluating which provider to go for companies should not only ensure that the IT solution is fit for purpose but also check what level of indemnification they are providing for losses.
“In the event your business suffers a major software failure or security breach you need to ensure you can recover as much as possible in contract with your IT/hosting provider. Over and above this, cover is available in the cyber insurance market to assist.
“Cyber insurance products have now been around for over a decade and have come a long way in terms of the breadth of cover offered. Typically the policies cover you for the costs for data breaches and your loss of revenue due to network/software failures.
“However, policies have now developed to cover key IT providers and also acts of cyber terrorism, which were historically excluded. It is important that you work with a specialist cyber broker to ensure that your policy is properly tailored to your needs.”
No comments yet