Cyber attacks and the motor industry

  • By Anton Hilton
  • 09 Nov, 2016

The motor industry isn’t immune from the ever-pressing threat of cyber crime. With high profile data breaches and attacks across a wide range of sectors reported extensively in the media, Government statistics reflect the risk.

81% of large and 60% of small businesses have suffered a cyber security breach in the past year – and those are the ones we know about!

Traditional security considerations for motor traders and fleet owners alike usually centre on the physical risk, from premise security to keys and anti-theft devices.

However, the data held on computer systems is a valuable asset that needs protection as the breadth of potential threats – both from internal and external sources – is wide ranging. Common examples include phishing, malware and spyware, hacking and distributed denial of service (DDOS) attack. This is concerning as the consequences can be devastating: reputational damage, business interruption and customer data theft, with potential criminal proceedings.

Vehicle Connectivity

The increasing rate of data exchange isn’t just a risk to the motor trade or fleet business itself. For the industry, the pathway to automated vehicles requires an increasing level of interconnectivity and communication between vehicle control systems and the environment. This exchange makes the vehicle susceptible to risk just like any other device in the web of interconnectivity.

For cyber criminals, attacking vehicle systems means some of the most sensitive and valuable data is available. Apps and services used to pay congestion charges and tolls gives access to bank details whilst insurance and tax details could facilitate personal identity fraud. Business phones synchronised to the vehicle leaves business critical data potentially on offer and developments such as keyless entry allow physical security to be bypassed.

Furthermore, details on the location of the vehicle can also be tracked. This means that criminals are able to locate vacant premises, leaving them vulnerable to a physical attack.

Reducing the risk

There are several key measures that motor traders and fleet owners alike can carry out to minimise the risk of cyber-attacks on their business, including:

  • Conduct training – educating staff in how to securely use the company’s systems and recognise potential breaches
  • Keep systems up-to-date – securing ‘patch’ software to automatically update programs to fix security vulnerabilities and carry out regular scans 
  • Monitor removable media – limit access to removable media , such as memory sticks, and scan them before uploading data to company software
  • Manage and monitor IT systems and networks – control the access of staff, limit the number of privileged users, monitor activity and log and analyse unusual activity
  • Create a disaster recovery plan – produce and test plans to ensure the business is prepared in the event of an incident
  • Establish anti-malware protection – scan for malware across the business
  • Protect networks ­– implement network security controls to protect networks from internal and external attacks

Cyber Essentials

The Government’s 10 Cyber Security Steps details how organisations can protect themselves in cyberspace. In addition, they have recently published ‘Common cyber-attacks – Reducing the impact’, explaining what to look for in a cyber-attack and how to protect your business.

What’s more, a number of cyber security schemes and services are available. Cyber Essentials is a government-backed initiative that aims to help companies protect themselves against common cyber-attacks. The scheme both identifies the security controls that businesses need to put in place and focuses on five essential mitigation strategies, in order to make sure businesses address their cyber security effectively. UK businesses can apply for certification under this scheme – it is now a mandatory requirement for certain central government contracts and is more frequently being requested as a minimum requirement in commercial tenders.

For a no obligation motor trade insurance quotation please contact Forum Insurance on 020 8909 2899
By Anton Hilton 27 Nov, 2017

Crowded places are – and will remain – attractive targets for international and “home-grown” terrorists and so an important element of any counter-terrorist strategy is to create safer places and buildings that are less vulnerable to a terrorist attack. This is especially so for leisure, hospitality, retail industries.

Cost of terrorism

Companies still significantly underestimate their potential exposure to the related risks and losses, especially to the increasing indirect risks from terrorism elsewhere. For example, the Paris attacks in November 2015 paralysed Brussels’ tourism and retail sectors some 320 kilometres away and had a lasting impact on the city’s commerce.

Many UK companies are unaware – or have underestimated – the financial losses that could occur if a key supplier or business partner (in the UK or internationally) were unable to operate for a significant period of time.

The human and financial cost of terrorism is growing rapidly. The Institute of Economics and Peace has estimated that the direct cost of terrorism to the global economy in 2014 was $52.9 billion – a ten-fold increase since 2000 – and the indirect costs at $105 billion.

Practical steps

Companies can’t predict all possible threats to their business. However, by working through a range of potential scenarios and consequences it is possible to make informed judgements and set appropriate priorities.

The following process is an effective way for companies to think about improving the management of these risks:

Step one: identify the threats.Understanding terrorists’ intentions and capabilities, what they might do and how they might act, is a crucial first step to assessing potential threats.

Step two: decide what you need to do to.Priorities should fall under the following categories: people, physical assets, information and process (supply chains and the operational process required to support the business).

Step three: identify measures to reduce risk.Companies should introduce new proportionate measures that: deter would-be terrorists; 
aid detection of intrusion; and
delay any attempts at intrusion.

Step four: continually review your security measures.Security and contingency plans should be rehearsed and reviewed on a regular basis to ensure they remain accurate, workable and up-to-date.


Terrorism Insurance

Since the IRA attack on the Baltic Exchange in London in 1993, the UK established a mutual government reinsurer, Pool Re, to provide a backstop to insurers that offer terrorism cover on business property and business interruption policies. This has worked well and despite £600 million of claims from 13 separate incidents there has been no use of public money.

However, the increasingly interconnected nature of global commerce means that UK organisations are not only exposed to events in the domestic market but many also have international exposures through the global reach of their business activities. Companies can also be impacted via a change in consumer behaviour in the aftermath of a terrorist attack.

New threats and new risks require new insurance solutions and one insurer is now offering a contingent Loss of Attraction cover, for example.

As always if you have any questions regarding your business insurance please contact Forum Insurance on 020 8909 2899

By Anton Hilton 27 Nov, 2017
Here are some of the measures IT professionals believe are essential for protecting against cyber crime:

  1. Install anti-virus, web filtering and firewalls. The best way to secure against a cyber attack is to prevent an attacker entering your system in the first place. Implementing anti-virus, web filtering and firewalls are a must – and ensuring they are always up-to-date.
  2. Keep software updates up to date!
  3. Before you start shopping with any online retailers look for the security information in the address bar to ensure you see the letters “https:” to indicate that it’s a secure site. You might also see a little padlock symbol in the same line.
  4. Consider using an alternative form of payment that protects you a little more. An online payment service like PayPal has strong safeguards in place, and can serve as a go-between for you and the retailer – you can even use your regular credit card as a payment method within PayPal.
  5. In order to shop on any online retailer’s web site, you will most likely be required to create an account. When you do establish an account, it’s important to choose a strong password that has a combination of letters, numbers, and symbols, and don’t forget to throw in a mixture of upper and lower case.
  6. It is also recommended to create unique passwords, meaning you don’t use the same password for multiple websites.
  7. Check your credit cards routinely during the coming weeks to make sure there is no unauthorised activity, and remember to alert your bank if you have reason to believe that your identity has been compromised.
  8. If you have a business, keep your employees trained to be careful what they click on if receiving deals! They may not be from the well known brand they appear to be from – and this could spread a virus throughout your company’s system.
By Anton Hilton 20 Nov, 2017

Amish joins the family business after successfully managing the business through a change period, structuring the team to serve it’s core markets. Mamtora studied at Aston University prior to joining the family business some 4 years ago. In his new role he will be responsible for growing the business in both existing and unchartered sectors.

Managing Director Barry Mamtora said, “I am delighted Amish has chosen to join the family business and take it to the next stage. We have celebrated 25 years in business and I have every confidence Amish will maximise insurer partnerships and leverage our buying power to deliver the best risk management solutions for our clients.”

A number of key achievements have driven Forum’s growth in the past few years including the expansion into petrol forecourts where they have gained significant market share.

This appointment hails the next phase of growth for Forum Insurance.

Amish Mamtora said, “I am delighted to be appointed director at such an exciting time. The opportunity to continue Forum’s success story and utilise technology to our advantage is key to my plans for the future. It is an exciting time for independent broking.”

Forum Insurance are developing an ongoing client consultation programme, ensuring our diverse client base are best placed to understand the individual risks to their business.

Amish continued, “As a family business we share a common passion for excellent customer service and look forward to working even closer with our clients, delivering traditional personal service. This opens up some very exciting opportunities for our employees."

More Posts
Share by: