Cyber-attacks – are you prepared?
Health and Safety Training It can be common in many organisations that the responsibility for Health and Safety training is passed between departments, with no one area really wanting to accept responsibility.
Shirley Greer, an insurance executive at Scrutton Bland, who specialises in insurance for the charity and not-for- profit sector, explains how organisations can help protect themselves against the costs of cyber-attacks. Online cyber-attacks can take many forms, including malicious hacking where criminals illegally access a business or organisation’s data, and only release it when a ransom is paid. But what if it is the data you hold which relates to information about your customer or client that has been breached? With new regulations in place around how personal data should be kept, the financial and reputational implications of a claim against you in the event of data loss could be catastrophic. It is pretty certain that in 1989 when Sir Tim Berners-Lee invented the World Wide Web, he had no idea that his digital system, which has allowed people all over the world to connect and share information, could actually be the very thing which destroys life as we know it. Sounds dramatic? Earlier this year a number of military and security agencies identified cyberwar as being more of a threat to global democracy than terrorism. The facility to control power sources, close down supply chains and leave countries without a functioning financial system are all possibilities and are already seen as credible threats to many nations. Whilst such devastation may seem like a distant threat, the potential financial and human impact of a cyber-attack is a very real. As the ransomware attack on the NHS last year illustrated, cyber-attacks can strike anywhere, can quickly disable complex networks, and are not always financially motivated. A report in The Times stated that in 2017 every UK firm with an internet connection experienced an average of 633 attempts each day to breach their firewalls, with most attacks targeted at devices such as building control systems and networked security cameras. And it is estimated by some that just under half of those attacks were successful.
Indeed almost 20% of our recommendations in 2018 have been related to achieving best practice in creating and maintaining a process for the completion of appropriate health and safety training due to a significant number of cases of poor or incorrect record keeping. These best practice standards should include evidencing that the training has been received by all staff and, or, volunteers and that a regular review or process for any additional or top-up training is in place. So whilst it can be easy to level the blame for unsatisfactory Health and Safety at individual departments or individuals, in fact the responsibility ultimately lies with leadership teams. Insufficient management oversight and poor communication are two of the greatest causes which the Scrutton Bland Internal Audit team most commonly identify as the cause of Health and Safety failures. The approach from the top of any organisation needs to be that Health and Safety is embedded within an organisation and is seen as a high priority at both senior management and board level. Aside from the obvious statutory requirements to comply with Health and Safety legislation, an organisation who can show that they consistently and correctly record their Health and Safety responsibilities and who can evidence appropriate reporting and oversight will always be an organisation who has the wellbeing of its staff and customers firmly embedded within all of its departments and areas.
6 | S C R U T T O N B L A N D | C H A R I T Y +
Made with FlippingBook - Online Brochure Maker