Business Leader recently spoke to Freddy Knight – the Innovation Director for one of the UK’s leading cyber insurance providers, Optimum Speciality Risks (OSR) – to discuss how his innovative company is disrupting the industry, and helping businesses prepare themselves against future risks.
Can you tell us about OSR?
OSR was founded in 2018 and rebranded and relaunched in 2019, following my arrival as Innovation Director to launch our SME product, Optimum Cyber Plus.
Optimum Cyber Plus is a unique insurance offering and was created to help make the premium cyber insurance and cybersecurity solutions bought by large, corporate organisations accessible to local insurance brokers and their SME clients.
Until its release in 2019, small business owners in the UK had to choose between two realities; Pay hefty premiums for comprehensive cyber insurance solutions that, in most cases, were totally out of proportion to the rest of their insurance/risk management spend, or pay a more reasonable premium for a budget solution which, in the majority of cases, were lacking in appropriate coverage, response services and risk management capabilities.
Our policies start at £75 and provide a combined, partner led insurance and risk management package worth in excess of £3,000.
All of our policyholders are provided access to a suite of complimentary risk management aides, including a one-hour consultation with one of the UK’s leading GDPR consultancy practices, GDPR123; online employee awareness training modules covering cyber-crime, data protection and cyber security; a free vulnerability scan from KryptoKloud and two days free consultancy to resolve any issues highlighted; access to a Cyber Essentials Certification and Management from Berea (Cyber AMI); and ten licences for Firewall and Backup Solutions via Avast Business Pro Plus.
As a result, were you recently a finalist for a prestigious award?
That’s right, we were shortlisted for Cyber Newcomer of the Year at the Advisen Cyber Risk Awards 2020 in New York. There were some amazing businesses in our category and to have the work we are doing acknowledged, on a stage like that, made us all immensely proud.
What measures should businesses have in place to protect against cyber threats?
There are a million and one different approaches that an organisation can take to manage their cyber risk, but for SME businesses, putting the following measures/services in place will stand them in great stead; employee awareness training modules; quality antivirus solutions including offsite data back-ups; and a comprehensive cyber insurance program, including risk management support
It’s important to remember, however, that cyber security is continuous and business owners shouldn’t rest on their laurels if they have already implemented these suggestions. Threat actors only need to be successful once to cause disruption, whereas a business’s defences need to be successful every time.
What cyber security risks are most prevalent right now?
Whilst not a specific attack or threat, I think that businesses need to be aware of one factor more than any other when it comes to cyber security, and that is their resilience and ability to continue to operate following a cyber event.
Increasingly, from our own cyber insurance claims data, we have seen the mishandling of a cyber event become responsible for some substantial losses, so it is essential to ensure your organisation has access to a proper incident response service.
How are cyber-attacks becoming more sophisticated?
Phishing attempts are becoming more and more sophisticated by the day, and many experts see this trend continuing through 2020 and beyond. More businesses provide training on matters of cyber security now than ever before and the criminals know this. They are forever advancing their techniques in line with technology innovations like AI, machine learning and, I imagine in the not too distant future, quantum computing too.
How can you train staff to be aware of the threat of cyber security?
OSR policyholders automatically receive access to an online suite of training modules to educate their employees on subjects like email and password security, virus and malware protocols, phishing, social engineering and remote working. Combining an insurance policy with an employee training platform is just one way in which we are helping to change that cyber insurance narrative, from one of fear to one of education and understanding.