We're sorry but your browser is not supported by Marsh.com

For the best experience, please upgrade to a supported browser:


Research and briefings

Ways to Protect Your Company's Data from Cyber Attacks


According to Marsh’s 2015 Directors’ Risk Survey Report, cyber ranked as the number two external issue concerning directors in the past 24 months. With the ever increasing number of cyber-related incidents worldwide, this is no surprise.

In February, the Oxford School District in the UK was the victim of a ransomware attack, which infected the computer system and denied access to staff, students and administrators for three days. Not only did this cause network interruption expenses, but breach consultation services and forensics will also be required to investigate, examine and analyse the network. As notification is a legal responsibility of entities operating in the UK, public relations expenses may also be incurred to minimize the potential harm to the organisation.

We have not been forgotten here in New Zealand, with several cyber incidents reported to Marsh since the start of the year. One technology company was subject to a targeted attack against a project they were working on for a large corporate customer, resulting in the loss of all the project data.  This caused significant revenue loss to the company, but also could result in forensic expenses, breach response services, and even liability to third parties for the disclosure of sensitive information.

Despite many companies heavily investing in their I.T. security, the escalating stream of publicised cyber events highlights the innovative and determined methods of cyber criminals are not easily evaded. With a network attack requiring a response within minutes, companies must develop and implement an effective cyber resilience programme to reduce the impact to the organisation and protect sensitive data.

This strategy may involve the following assessments:

  • Identifying where your business is most at risk and how much a cyber-attack could potentially cost the company. This will help to define where you should focus your time and resources.
  • Developing a Data Protection Policy to define and manage ways the company can mitigate cyber risk. A good policy may encompass; how data is stored, who has access to systems, how email and internet servers may be used and how to report a cyber incident.
  • Implementing testing systems to ensure your resiliency programme is effective and your employees know what to do in a time of crisis.
  • Determining how the company will respond and recover from a network breach, including notifying affected third parties, managing the media and recovering lost data.

Organisations that have developed cyber resilience programmes are more able to respond effectively to the constantly evolving cyber risk environment. Such preparedness can help to mitigate financial and reputational damage resulting from a network breach.