All businesses are at risk of cyberattacks. Cybersecurity insurance is fast becoming a business necessity.
Yet when we talk about cybersecurity and insurance, we tend to use a lot of specific terms, some of which may be unfamiliar to you. So we put together this essential cybersecurity and insurance glossary, to help you understand some of the risks your business might face.
Got any questions about cybersecurity? Want to discuss your cybersecurity risks? We have a team of experts on hand to help. Call us on 0208 290 9080 or email us at firstname.lastname@example.org.
Ad Hoc Network
A computer network that does not rely on any pre-existing infrastructure, such as routers or access points – hence, “ad hoc”. Rather than using this infrastructure, all devices in the network will be configured to communicate with each other, with no central control over who can join. As a result of this lack of control, Ad Hoc networks are comparatively insecure, and are therefore unsuitable for business use.
A record of what individuals have been doing on your computer systems. This makes it easier for cybersecurity teams to monitor network activity, and to assess the root causes of cyberbreaches.
Brute Force Attack
A system of hacking whereby the hacker will use a program to identify a password for a system by simply cycling through every possible password.
A company or individual regulated by the Financial Conduct Authority (FCA). Insurance brokers work with a panel of insurers from across the market to find you the cover you need at the best price. Learn more about the work of insurance brokers.
When a policyholder demands payment from their insurer for an event for which they’re covered, it’s known as an insurance claim. The person making the claim is known as the claimant.
Any situation where a third-party manages the information infrastructure used by other organisations. For example, a business might store data on “the cloud” – an online storage facility owned and operated by a third-party provider.
Denial of Service or Distributed Denial of Service (DDoS) Attack
A type of cyberattack in which hackers will flood a system with connection requests. This will overwhelm the system, making it impossible for legitimate connections to get through. As a result, the whole system can crash. A Distributed Denial of Service (DDoS) attack is similar, but on a much greater scale, with hundreds of thousands of systems around the world simultaneously overwhelming a single organization’s system.
Disaster Recovery Plan (DRP)
A business continuity plan that details how your business will recover in the event of a cyberbreach, in terms of system restoration, data recovery, reputational management, and so on.
When a cybercriminal gains entry to a system yet remains passive. Instead, they’ll spy on secure transmissions in order to gather useful information for a more serious attack in future. This might also be known as a Passive Attack, where a cybercriminal monitors a transmission without disrupting it.
A line of defence within your computer network. Your firewall will attempt to filter the traffic between your network and the wider internet to ensure that only authorised traffic can gain access. But in order to remain effective, firewalls need updating regularly. A chief responsibility of cybersecurity teams is to ensure that all cybersecurity systems, from firewalls to antivirus software, receive regular updates.
In insurance contracts, indemnity is the principle that an individual or an organisation that suffers a loss should, as much as is possible, be restored to the same financial position they were in immediately prior to the loss.
IT Security Policy
A set of policies and procedures governing how people use the IT systems in your business. An IT Security Policy might set rules for password security and sharing, two-step authentication, and policies for storing data and taking devices off business premises.
A cyberattack that aims to bring down Wi-Fi networks through clogging them with transmissions that are on the same radio frequency.
The state of being legally obligated or responsible. For example, employee liability insurance covers employers for their legal responsibilities to their employees.
A piece of malware (see below) that will activate automatically once certain conditions are met. For example, a cybercriminal might plant some malicious code that will only become active at a certain time on a certain date. Logic Bombs might lie dormant on a system without the user realising there’s a problem, until it’s too late.
Another word for “virus” – this is a piece of malicious software (hence, malware) that cybercriminals use to exploit systems as part of their cyberattacks. For example, they might use malware to steal confidential data, or to encrypt it remotely as part of a ransomware attack (see below).
A measure of how effectively your network can perform under strain. A resilient network might use multiple devices, set up so that, should one fail, the others will automatically take over.
A method for assessing your network’s security. Cybersecurity teams might use the various techniques in a hacker’s toolkit, from manual breach attempts to automated tools, in order to identify vulnerabilities in the system. Once they find these vulnerabilities, of course, they can work to secure them.
A type of cyberattack in which cybercriminals will send emails that claim to be from official bodies (such as banks and shopping sites) or from known contacts (such as a co-worker or a manager). These emails might request the recipient sends some sensitive information, such as a login or bank details. Or they may simply request the recipient clicks a link, which could install malware on their device and leave the entire system vulnerable to subsequent breaches.
The wording of an insurance contract, outlining who is covered, what they’re covered for, and how much they’re covered for. Any individual insured under an insurance contract is known as a policyholder.
The amount a policyholder must pay for their insurance cover.
A type of cyberattack in which a cybercriminal will remotely lock your computer, and keep it locked until you send them money – a ransom payment. If you don’t pay the ransom, you’ll either lose access to your data or the cybercriminal will make your data public, meaning you’ll then have to deal with all the financial, reputational, and regulatory damages that follow a data breach.
Any data that you want to keep confidential. Examples might include logins, bank details, customer information, payroll information, and so on.
A form of phishing that relies on text messages (SMS – hence, smishing) instead of emails.
Anyone involved in a claim beyond the insured or their insurer who has suffered a loss. Some insurance policies specify third party liability – the legal obligations that the insured has to a third party.
A thorough audit of all the treats your business currently faces, online and offline. Did you know, for instance, that cybercriminals are more likely to target smaller businesses over larger businesses?
Malware that hides inside a seemingly innocent program.
Another word for “malware” – the two terms are basically interchangeable.
A form of malware, or a computer virus, that can replicate itself to spread to other devices across your network.
Zero Day Attack
This is essentially a term for a “new” form of cyberattack, whereby cybercriminals exploit vulnerabilities that were previously unknown to software or antivirus developers. Businesses need robust cybersecurity policies because cybercriminals are constantly looking for new vulnerabilities to attack – what works to keep your systems safe today will not necessarily work tomorrow.
Protect Your Business From Cybercrime
No business is entirely safe from cybercrime. Understanding the risks you face is the first step to managing these risks.
Yet in the event of a data breach, cyber insurance will cover your business’s liability as well as your ability to manage the impact on both your systems and finances.
If you have any questions about business insurance, or if you want to discuss your cyber insurance needs, we have a team of experts ready to help. Call us on 0208 290 9080 or email us at email@example.com.