Quote

Real risk facing software companies (part 1)

Microsoft systems that link neatly to Microsoft Word are a thing of the past. Software and applications now need to speak to all different types of applications in our increasingly digital world. Software and IT applications are so heavily interrogated that mistakes are inevitable.

Likewise, data is everywhere and there is an expectation of 100% availability.  

This all increases complexity. It also increases the likelihood of things going wrong. When things go wrong, and where there is a blame there is often an insurance claim!

So what are the real risks software companies face? When we talk about ‘real risk’ we mean quite simply real things that we have seen go wrong. We’re going to talk you through real examples, removing specifics to protect commercial interests. 

So, what can go wrong? 

Vulnerabilities and cyber attacks

With the world moving towards IOT (the internet of things) and cloud provisions, your data is everywhere. Most software providers now offer software as a service, and host customer data on their own system. 

Not a week goes by where a vulnerability in a system or application is spotted. Sometimes it’s too late, and these vulnerabilities are exploited by cyber criminals immediately. Sometimes, patches are required (and installed quickly!) to manage these vulnerabilities.  

Software companies can be hit by both sides when things go wrong. Not only that, but as early adopters of new technology, you are also exposed to any risks that early adoption brings. 

The first hit is internal; the pain and costs associated with a cyber-attack occurs. Being the software provider, it can fall at your door to resolve problems as soon as possible. You would need to absorb increased costs of securing your systems and rebuilding any damage caused to the system by the hackers. You would then need to dedicate every ounce of resource to get things back up and running.

The second hit is third-party claims. If your systems are compromised, and even worse if your clients’ data is compromised, you run a real risk of a legal battle. What we mean by this is clients bringing claims against you for the loss of data, downtime or any other association financial losses your clients believe they have suffered as a result of your systems being compromised and hacked.

All is not lost however; if you manage to secure robust insurance, you can get help with both sides of these problems. 

Date, government, and state funded activity

Another trend we have noticed, is foreign criminals seeking data and IP and the subsequent claims involving software firms that can follow.

We live in an uncertain world. Government departments are particularly at risk with criminals from outside the UK looking for any opportunities to source and steal government data. The government relies on thousands of pieces of software, from the infamous test and trace software to records concerning tax and welfare. There are many companies and software providers that work with both local and national government, so their data and IP is particularly sensitive and of particular value to foreign criminals. 

Whether you work directly with the government or not, your data is no less important. Cyber criminals don’t just target governments. We are all at risk, no matter what size of business we operate, we can all be targeted. Even the largest businesses in the UK such as British Airways, Tesco or Virgin, as computer world explains, can be targeted. If these large companies can be exposed by cyber criminals, almost any company can. The best course of action is to secure the highest level systems protections possible (within our budgets), and then add that extra layer of protection to help us when things go wrong, namely insurance

Look out for our next article where we’ll cover the risk deriving from ‘our people and theft’, copyright infringement and client complaints.

Whinney Insurance are experts in insurance. Discover how we can help protect your business from risk, with bespoke cover for your industry. Contact us now.