Search for insurance help

Managing Cyber Risk: 7 Tips for IT Professionals

Cyber-attacks are continuing to rise, yet we know finding cyber-criminals is no easy task. In fact, it’s rare they’re caught or held accountable for the damage they cause.

With increasing reliance on outsourcing IT services to third party providers, IT professionals are finding themselves at risk as individuals and organisations commence legal proceedings following a cyberattack.

So, what are the Duty of Care responsibilities for IT Professionals?

People and businesses of all shapes and sizes have a legal responsibility to take all reasonable measures necessary to prevent activities that could harm people and, or their property. The negligent or reckless behaviour of an individual or organisation may make them liable for any losses or harm due to that behaviour.

Reassuringly, many industries and professions have long-established codes of practice and standards that serve as a guide for legal decisions.

Industry Standards

Believe it or not, there are no widely accepted industry standards that protect clients from cyber-attacks. As such, much debate remains on whether service providers should bear any liability for cyber-attacks.

So, therein lies the challenge. At what point does the Duty of Care responsibility begin or end for an IT service provider?

A common practice for IT service providers is the use of contract disclaimers or detailed service level agreements that exclude liability for cyber breaches. However, without clear industry guidelines, the disclaimer may not stand up to scrutiny in a court of law.

Thus, while IT Service providers can clearly define their terms, limitations and their actions to protect against cyber breaches, the contracts may not offer complete protection from liability.

However, there are steps IT professionals can take to manage their risk.

Here are 7 actions IT Professionals can implement today based on recommendations by Brooklyn Underwriting:

1. Check you have Cyber Insurance
General business or professional insurances often exclude cyber insurance. Talk to your insurance broker about your insurance program and risk exposure. They can advise on the most appropriate policies for your business needs and guide you through the options for mitigating or transferring risk to insurance.

2. Ensure your IT systems are secure

Management Liability insurance is designed to provide protection to both the business and its directors or officers for claims of wrongful acts in the management of the business.

A business insurance pack can provide cover for your business premises and contents, against loss, damage, theft or financial loss from an insured interruption to the business.

Purchase up to six products under one Business Insurance Package. 

2. Ensure your IT systems are secure
While you may not be able to make your IT Systems iron-clad, you must take all reasonable steps to ensure they are secure and cannot be accessed via client networks. Segregate your networks where possible. Alert clients to new threats and record any conversations or emails.

3. Implement an update schedule
Implement regular software and anti-virus updates to detect malware using an endpoint detection and response tool. Ensure you have a critical and non-critical patch management program, plus secure backups that you test annually.

4. Implement strict password management
Set multi-factor-authentication and a regular password change schedule for all access to your network and client networks. Additionally, schedule regular team training to ensure staff can identify and report phishing email scams or other potential cyber threats.

5. Clearly define your terms of engagement and responsibilities
Detail and agree your terms, terminology and responsibilities for cyber security in all contracts and service agreements. Where you have responsibility, invest in training to ensure your team possess the skills to meet your duty of care. Be diligent in reporting system issues to clients and agree the actions, costs and timeframes required to fix any issues. Be sure to respond promptly to any service complaints and keep a record of all events, conversations, and emails.

6. Mitigate cyber risk
With uncertainty on liability, it is critical to mitigate the risk of cybercrime. Therefore, take all the necessary steps to reduce the risk of a cyberattack for you and your clients. Afterall, it may reduce the impact on customers, suppliers and other affected parties and may reduce the likelihood of a claim against you or your client.

7. Prioritise training
No matter the appeal, if a new or existing client requests work that is beyond your expertise, it is advisable to consider whether to undertake the work.

Equally important is ensuring your team maintain and regularly upgrade their skills. Ensure your team stays up to date on regulatory requirements and how to tackle emerging cyber threats.

Transferring cyber risk to insurance

Clear Insurance helps businesses identify, understand, and manage business risks, including cyber security risks. Our risk and insurance review assesses your risk exposure and recommends the most appropriate ways to transfer risk to insurance.

Contact Clear Insurance today for advice.

This article is based on an original article titled ‘Where does it end? An IT professional’s duty of care responsibilities’ by Brooklyn Underwriting, a division of AXA XL.

General Advice Warning: This advice is general and does not take into account your objectives, financial situation or needs. You should consider whether the advice is appropriate for you and your personal circumstances. Before you make any decision about whether to acquire a certain product, you should obtain and read the relevant product disclosure statement.

All information above has been provided by the author.

Clear Insurance, ABN 41601916689, AFSL 548953

This article originally appeared on Managing Cyber Risk: 7 Tips for IT Professionals and has been published here with permission.

Related articles

Comments (0)

Related insurance brokers

Review rating
16 reviews

Featured Featured

Shane Brady

Stone Lane Broking & Risk Advisory

  • Typically replies within
    a few minutes
  • Review rating
    183 reviews

    Featured Featured

    Nilima Pokala

    SureInsure Insurance Advisors

  • Typically replies within
    a day
  • Review rating
    58 reviews

    Featured Featured

    Laura Meyer


  • Typically replies within
    a few hours