header image


September 2016

What is Ransomware?

Definition: A type of malicious software designed to block access to a computer system until a sum of money is paid.

Although ransomware is usually aimed at individuals, security experts have warned that ransomware is the fastest growing form of computer virus and it’s only a matter of time before businesses are targeted as well.

How does it work?

Like other computer viruses, it usually finds its way onto a device by exploiting a security hole in vulnerable software or by tricking somebody into installing it.

The virus then sets to work encrypting the user’s files. Once the computer is effectively locked down, it demands a fee – often in bitcoins because it is less easy to trace – for the return of the files.

The fee is generally one or two bitcoins – the equivalent of about $500 (£330).

Is there anyway to get round it?
Sometimes it is just a threat, but mostly the virus really does encrypt files. The only way to retrieve your files without paying the ransom is to go to a backed-up version.

Who is behind it ?

It tends to be organised crime. They do make millions out of it. It’s opportunistic.

Recent research by Palo Alto Networks and industry partners suggested one family of ransomware known as Crypto Wall had generated about $325m (£215m) for the gang behind it.

In the volume of cybercrime space, ransomware is one of the most prolific problems we face. Credit card theft is getting to the point where the value of each card is very low. As a result, ransomware has stepped into that gap and giving a higher value return for each victim.
To discuss cyber security for your business please speak with Jon Davies on 01625 547754 or email jonathand@riskworksbusiness.com.

August 2016

Love your collections – we do too with specialist covers

It is true that in Britain we are a nation that loves to collect things from fine art to stamps to medals, coins, even comic books or toy cars. In fact, the things we choose to collect are as diverse as those who do the collecting.

Some may be older collectors who have built up extensive collections over many years while others are younger collectors who are just starting out.

There are many different types of collections hidden away in people’s homes, some of which are high in monetary value, and some of which are high in personal value.

Either way, as your collection becomes more important, so does your choice of insurer. It is therefore vital to have the correct cover in place to cover against the unexpected such as fire, flood or theft. Do not assume that your general home contents policy will cover the true value of your collections, as some will only cover a portion of this.  It is imperative to know what is and what isn’t covered.

Standard covers are generally aimed at the mass market so you need a specialist insurer and policy that understands the individual characteristics of your items in greater depth to ensure that the underwriting is accurate.

So, whether it’s a Botticelli or a Banksy, diamond bracelets or doll’s houses, at Riskworks our insurance covers all areas. Some of the special features of collection insurance are detailed below:

  • ‘All Risks’ cover anywhere in the world
  • Risk management advice and assistance
  • High single article limits
  • Agreed values on the collection, making claims settlements much quicker
  • Payment for depreciation following insured damage
  • Defective title insurance
  • Automatic cover for new acquisitions
  • Cost of emergency evacuation of the collection
  • Specialist loss adjusters used with access to top restorers.

Collections can increase in value

As a collector, it is worth bearing in mind that some items in your collections can increase in value quickly and can take you well over a standard content insurance limit. If you have your collection well catalogued with a full inventory and valuation it will make it easier to identify single items and collective limits.

If you need help or guidance on how to protect your collections or indeed just want to know a little bit more about the special features detailed above and how they work for you then, please talk to Emma Patrick, Private Clients Manager on 01625 547754 or email emmap@riskworksbusiness.com

May 2016

Employer’s Liability Insurance – the only business insurance required by law.

What is it?

Employers’ liability insurance protects you against claims made by your employees for injuries and illnesses they suffer at work. It pays any compensation you’re liable for and your legal defence costs, too.

Who needs it?

The policy wording uses a really broad definition of ‘employee’, it’s safe to say that most UK businesses probably do. To make sure as many people as possible are covered, ‘employees’ aren’t just limited to permanent staff under contract. They don’t even have to be paid.

If you are an employer you are legally obliged to have employers’ liability insurance. You can be fined up to £2,500 for every day you do not have appropriate insurance

Who does it cover?

Your policy should cover claims brought by:

  • all permanent employees
  • contract, casual and seasonal employees
  • labour-only subcontractors

An employee is someone:

  • who has National Insurance contributions and income tax deducted from their salary
  • whose location, hours and conditions of their work are controlled by their employer
  • who cannot be replaced by their employer if they are unable to work



Your policy should also cover claims brought by:

Don’t fall into the easy trap of thinking that because they’re not really ‘your’ staff, they’re not really your responsibility. They are – and so is their welfare.

Who doesn’t require this insurance?

Apart from publicly funded organisations, the only businesses that don’t need employers’ liability insurance are:

  • Companies where the owner is the sole employee, owning 50% or more of the issued share capital.
  • Family businesses notincorporated as limited companies where all employees are closely related to the business owner (for example father, son, brother, sister, husband, wife etc).


How much cover do I need?

A minimum of £5m for each claim. You’ll find most insurers only offer £10m.

What happens if I don’t have it?

The Health and Safety Executive (HSE) enforces the law on employers’ liability. If a health and safety officer comes knocking, you could be fined £2,500 for every day you should’ve had cover but didn’t, and £1,000 for not displaying your insurance certificate.

It’s likely you’ll be given a few days’ grace to sort your policy rather than fined there and then. But it’s best not to chance it, particularly when cover costs relatively cheaply in comparison.

Anything else I need to know?

When you obtain your policy documents, place your employers’ liability certificate in an easily-noticed spot on your office wall. If you don’t have a wall, you can store it electronically. Just make sure your employees know how to access it.

Employee claims for injury or illness

If you are an employee and you have suffered an injury at work or become ill as a result of your job, you should speak to your employer who will contact their insurer about making a claim.

If the company you worked for has gone out of business you may still be able to make a claim for compensation directly through the company’s insurer. You can trace your former employer’s insurance provider through the Employers’ Liability Tracing Office (ELTO)

Not sure if any of this applies to you?

The HSE have a handy guide for employers. It’s everything you need to know about employers’ liability in one document. If that doesn’t cover it, please feel free to give us a call. We’re happy to talk you through it.


March 2016

Top tips for educating employees about Cyber Security

Over the last year the world has become well accustomed with the idea of cyber data breaches. It seems like a new huge data breach has been reported week after week. From Talk Talk to Ashley Madison, with each breach exposing more records than the last.

While these threats are most often initiated by outsiders such as programmers writing malicious code designed to grab corporate data, remove confidential customer information and/or raid company financial data – cyber criminals are too often able to gain access due to employees’ ignorance and/or negligence.

It is therefore vital for every business to educate employees about cybersecurity, to train them before a breach occurs. Below is a list of tips that can help you educate your employees and develop policies that will help mitigate ever-growing cybersecurity risks.

Regularly Talk to Employees

It’s important for companies to include cybersecurity training on a regular basis, explaining the potential impact a cyber incident may have on your operations. Employees need to know their obligations, especially when it comes to mobile data. It’s not enough to require an annual review and signing of an “I have read and understand company IT policies” statement.

Remember Top Management and IT Staff

Top managers are often the target of cyber criminals because of their higher level of access to critical corporate and customer data. This increased access has a much bigger damage/financial payoff for the hackers. IT staff are also more susceptible, given their administrative access over the network.

The Weakest Link

Any network is only as strong as its weakest link. Explain to employees that while your company is making its best effort to secure the company’s infrastructure, it’s critical that employees fully engage and do their part in following company policies. Policies should be sophisticated enough to cover all possible attack vectors.

Regular Sessions

Companies should have regular, focused sessions with employees to explore different types of cyber attacks. Threats change, new people come on board, and employees get caught up in their day-to-day activities, sometimes losing focus on the security threats presenting themselves. Consider having regular lunch and learn sessions, and encourage employees to use what they learn at home on their own computers.

Social Engineering

Warn employees to pay special attention to social engineering ploys they will find in social media, blogs and emails. It’s also important to point out that many cyber incidents begin with a phone call from someone posing as a co-worker asking seemingly innocuous questions. Meanwhile, they are actually gathering information about the company and its operations.

Recognising an Attack

Train employees to recognise an attack. It’s essential that companies have policies in place that assume they’ll be infiltrated. Don’t wait to react. Have a documented remediation plan in place and update or review it frequently. Communicate step-by-step instructions about what employees should do if they believe they’ve witnessed a cyber incident.

Training should include specific rules for email, web browsing, mobile devices and social networks. Don’t forget the basics, such as physically unplugging the machine from the network and notifying the admin of any suspicious emails, activity or lost devices.

Regularly Test Employees

Companies should regularly test their employees’ cybersecurity knowledge and tie the results back into the training curriculum. It’s important to make it fun and/or rewarding, with incentives for prompt responses.


If an incident happens, give employees a heads-up as soon as possible. A lack of transparency or improper handling of a cyber incident may significantly increase the impact of the event. Issue instructions to employees about how to speak to the public and the press about the incident. Have an internal communications plan and PR strategy in place before anything happens.

Consider insurance for cyber incidents

Internet and network exposures are usually excluded from traditional insurance policies. Riskworks, however, works with leading cyber risk insurers to develop cyber risk insurance protection. Ensure you have it covered:

Call Jon Davies from the Riskworks Business Services Cyber Team on 01625 547754 to discuss further.


February 2016

Underinsurance – Do your sums add up?

The consequences of being underinsured are often a reduced pay out from an insurer, when you need it the most.

Research clearly shows that most UK homes greatly underestimate the value of their general contents and possessions.

Why are so many homes across the UK underinsured?

Accumulation: Our possessions grow over time – another set of crockery, mirror, painting, vase or clock. We also purchase more personal possessions like jewellery, watches, phones and technological gadgets amongst other accessories.

Upgrading: We replace our belongings with better models over the years. Sofas and beds and from external plastic to teak furniture.

Interests broaden: Music and book collections, pottery and works of art all come at a price.

Leisure pursuits widen: Golf clubs, trollies and gadgets; sporting apparel and fishing equipment. The list is endless.

Prices changing: Items move in and out of fashion and as demand increases, so do prices. Consider types of furniture or collections you may have.

Children happen: Bringing a whole new variety of furniture, gadgets and toys which become more and more sophisticated.

Riskworks Private Clients Manager, Emma Patrick comments:

In the UK there are over 60,000 domestic house fires every year. These range from small frying pan fires to homes being completely destroyed. Most claims are for partial losses. However, if you suffered a total loss could you replace your home and your possessions for the figure quoted on your policy?

To discuss your options, speak with Emma on 01625 547754 or email: emmap@riskworksbusiness.com

December 2015

Top 10 Cybersecurity Tips for SME’s

For a number of years the average small or medium sized business was an unlikely target for a cyber-attack.

Fewer rich pickings and relatively unknown brand worked in their favour as it wasn’t worth the time and effort for the average cyber-crook or delinquent hacker. But not anymore.

Smaller companies are becoming increasingly eye-catching because they often have weaker and more vulnerable online security.  They are also performing more business than ever online and holding greater amounts of information, much of which may include personal details of customers, suppliers and staff. To a hacker that translates into a potential treasure trove of sensitive data behind a door with an easy-to-pick lock. And if you have large businesses as customers or clients, you’re an even more attractive target as you are also an access point to them.

Cybersecurity is about protecting your computer-based equipment and information from unintended or unauthorised access, change or destruction.

You can never be totally safe but most online attacks can be prevented or detected by basic security practices for your employees, putting effective processes in place and protecting IT systems. These security measures are as critical as locking your doors and windows or putting your cash in a safe and, with more customers demanding their suppliers are secure, this is now becoming a business necessity.

Here is the top ten list of cybersecurity tips to help protect you and your business:

  1. Train employees – establish security practices and policies for employees and create a culture which takes cybersecurity seriously
  2. Protect your systems – install latest software updates to protect against the latest online threats. Carry out inside-out and outside-in penetration testing.
  3. Provide firewall security – ensure this is correctly configured. If employees work from home, ensure their home system(s) are protected too.
  4. Don’t forget mobile devices – make sure laptops, tablets and smartphones all have appropriate safeguards and reporting procedures in place if lost or stolen
  5. Backup – check all critical data is regularly (preferably automatically) backed up to a secure offsite location.
  6. Control physical access – secure building entry points, consider CCTV installation, ensure visitors are properly managed and IT area access points are kept locked.
  7. Secure your WiFi – if you have a WiFi network for your workplace, make sure it is secure and encrypted. Do not allow visitors to use this. Instead provide a secure and separate guest network if you want to offer this facility.
  8. Payment cards – if you take card payments, make sure validation and anti-fraud systems are in place and that you are fully PCI compliant. Don’t use the same computer to process payments and surf the internet.
  9. Restrict employee rights – staff should only be given access to systems they need for their jobs and should not be able to install new software without permission.
  10. Password policy – require employees to use unique passwords which are changed at pre-set times. Consider implementing multi-level access authentication to highly sensitive systems.


Ensure your business is protected before it is too late. Contact Jonathan Davies part of the Riskworks Business Services Cyber team on 01625 547754 or email jonathand@riskworksbusiness.com

October 2015

Four professional indemnity insurance myths explained

Professional indemnity cover is a legal requirement

In fact, the only type of business insurance that’s legally required is employers’ liability insurance. If you have one or more employees, you could be fined up to £2,500 a day if you don’t have an EL policy in place.

On the other hand, insurance covers like professional indemnity and public liability insurance are not required by law. However, there are some professional bodies and regulators that require their members to have professional indemnity insurance. This includes solicitors, accountants, financial advisers, architects, and chartered surveyors.

Certain clients will also require you to have a certain level of professional indemnity insurance, for example governments and local authorities. Other organisations may also specify a level of insurance cover in their contracts.

 It’s probably not relevant to my business

As we’ve mentioned, there are some professional bodies and regulators that make professional indemnity insurance compulsory for the professions they regulate. But even if you’re not running a business like a law firm or an accountancy, it could still be an important cover to consider.

Professional indemnity insurance is designed to offer protection for businesses that give advice, handle client data, or deal with intellectual property. It can cover you for things like negligence, unintentionally breaching copyright, or for losing client data.

Obviously this is quite a wide remit, and if you run a business that works closely with clients or that offers some kind of professional service, it’s likely to be useful. It’s a popular cover for businesses that do web design, IT consultancy and journalism, as well as the trades we’ve already mentioned.

 You only need it if you do shoddy work

It’s true that this is a cover that’s primarily designed to cover you in the case of making a mistake in your work.

But there are two important aspects to consider here. Firstly, it’s possible for any business, no matter how professional and experienced, to make a mistake. You could offer advice that seems to be watertight at the time but later turns out to be faulty.

Secondly, and perhaps more crucially, your client could accuse you of making a mistake even if you haven’t actually done anything wrong. If you’re wrongly blamed for the financial loss of your client, then the cost of defending yourself against a compensation claim could be really high. This is where a good professional indemnity policy really comes into its own: it can cover legal costs as well as compensation claims

 I’d only need a small amount of cover

Both legal costs and compensation payments can be eye-wateringly high, which is why professional indemnity cover limits reach into the millions of pounds.

It can be difficult to estimate how much cover you need, but it’s a good idea to think about the type of clients you work with, and what kind of financial loss they could suffer if something went wrong.

For example, if you run an IT consultancy business and you support a company with a call centre that manages hundreds of sales calls a day, a mistake in your work could potentially cost the company a huge amount of money in lost sales. Or if you’re an architect and you work on high-value construction projects, then a mistake in the plans that leads to a problem with the building could be very costly to fix.

On the other hand, you can opt for a lower cover limit if the scope of your work is more modest.

To discuss your requirements and more contact the Riskworks Business Services team on 01625 547754

September 2015

Cyber Liability Insurance: No longer a want but a need for businesses

Cyber insurance is an important ingredient for companies as it covers the damage and liability caused by a cyber attack, which is usually excluded from traditional liability coverage.

Stricter data privacy notification laws, government incentives, cloud adoption and the increase in high-profile hacks and data breaches have all contributed to the significant increase in the need for cyber insurance cover in todays’ evolving business environment.

All companies regardless of size or number of employees face varying levels of risk, which increases the need for a cyber-insurance policy.

Here we look at two business areas that require such cover:

  1. Companies that store data from external sources like retailers, healthcare companies and financial services firms
  2. Any company that stores employee data.

Customer information, such as payment details and addresses are the Holy Grail to hackers.  Obviously, companies that store internal and external data should seriously consider a policy as they have the most to lose.

A point to note is that according to PWC’s June 2014 Managing cyber risks with insurance report, risks can often come from within – which puts both external and internal data at huge risk.  According to the report, “a systemic cyber risk can stem from internal enterprise vulnerabilities and lack of controls, but it can also emanate from upstream infrastructure, disruptive technology, supply-chain providers, trusted partners, outsourcing contractors, and external sources such as hacktivist attacks or geopolitical actors.”

Unfortunately, for many organisations across the UK, the complexity in finding a suitable cyber insurance policy, coupled with the underwriting process can be daunting and considered too much hassle. At Riskworks Business Services we have a full CyberSeal initiative from penetration testing and IT security measures to Cyber insurance policies bespoke to your business requirements and coupled with experienced personnel in place to assist you through the whole process.

What business owners and managers are not aware of is that purchasing cyber insurance is affordable and ultimately a good exercise that provides the opportunity for them to take a closer look at their internal technology and security policies. Companies need to make sure they have the optimum technology in place to protect their information, before implementing a cyber-insurance policy. Without the right protection in place, companies will find it incredibly difficult to procure an affordable insurance policy and could potentially lose millions if they suffer a data breach.

Selecting the right policy is not as hard, nor as expensive, as some may think. Yet, when it comes to cyber insurance, not having a robust security system in place is the equivalent of admitting that you left the front door wide open when your house was burgled.

The correct systems need to be in place before business owners, executives and risk managers can make such an important purchase. Security acts as the vaccination, while insurance is a cure should the worst happen.

Talk to Jonathan Davies at Riskworks Business Services on 01625 547754 to find out how we can guide you through the Cyber world.

August 2015

Top Ten reasons to buy Directors’ and Officers’ cover

Common misconceptions:

“Isn’t Directors’ & Officers’ (D&O) cover only for those running publicly traded or very large businesses?”

“I’m never going to be in the position where I could be sued by one of my employees or stakeholders.”

“It’s just too expensive to consider on top of all of my company’s other insurance costs.”


Here are the top ten reasons to buy D&O insurance for you and your business:

Reason one – Directors’ personal assets are at risk

If a director has been accused of breaching their duties, they are personally liable to defend the claim. Their personal assets are potentially at risk if they do not have adequate D&O cover.

Reason two – Investigations by regulators are getting more and more common

Investigations and fines imposed by a regulator or body such as the Health & Safety Executive are one of the primary drivers of claims in the current UK business climate

Reason three – Defending a legal action can be costly

Legal costs for defending allegations against the company or one of its directors can often run into tens of thousands of pounds.

Reason 4 – Employment practice claims remain a large threat to directors

In an increasingly litigious society employment practice claims such as sexual harassment or wrongful dismissal can result in astounding settlements

Reason 5 – Your investors can sue you

If investors lose value in their shares as a result of a director or company’s alleged misconduct they could seek compensation via the courts.

Reason 6 – Protection in case of bankruptcy or insolvency

If faced with bankruptcy or insolvency, creditors may pursue legal action against directors if they feel that they have not acted in their best interests.

Reason 7 – SMEs are just as vulnerable as large companies

SMEs are not exempt from D&O claims, they face exactly the same risks and regulations as their larger peers, but often do not benefit from in-house HR or legal teams

Reason 8 – D&O claims are NOT covered under any other liability policy

A common misconception is that alleged misconduct by directors or companies is covered under other liability policies such as Professional Indemnity.

 Reason 9 – D&O insurance is more affordable than ever

A D&O policy can cost from under £500 per year, yet the total cost of a D&O claim can run into hundreds of thousands, if not millions of pounds.

Reason 10 – D&O helps attract talent

Not having D&O insurance in place may put off talented individuals from joining a company as they will not be protected.

Speak directly to the Riskworks Business Team on 01625 547754 to discuss your needs and requirements.

August 2015

Student safety tips and insurance cover – what they need to know

It’s the time of year when your son or daughter is about to start university. They are going to be living away from home, probably for the first time. As you know it is a big wide world which, needs a whole lot of experience to navigate in a safe manner and of course, do they have the insurance in place to assist should anything happen. We’d like to share some tips on staying safe both in their new home and when they’re out and about living the student lifestyle in a new town.

Safety inside their new home – keep it locked and marked.

Ensure all their personal belongings are security-marked. Not only will it make it less desirable to thieves but it’ll also be a lot easier for police to track should it be taken. It only takes a short time to administer so it is important to get your child to add their student ID number and the name of their college or university on any valuable items, such as laptops, tablets, mobile phones, iPods, game consoles, etc. Prevention is often easier than cure.

Generally when students first move away from home, they often start off in halls of residence or university accommodation, which could give them a false sense of security. They might be tempted to leave the door to their study bedroom open if they’re just popping down the corridor to chat to a friend.

It’s important to make them aware that their possessions aren’t safe unless they’re locked away. Opportunist burglars often target student accommodation and with so much portable, expensive kit in every study bedroom it’s hardly surprising. Encourage students to get into the habit of always locking their door when they’re out – even if just for a few minutes.

A common problem experienced with university accommodation is that it can get very hot. Communal heating is usually turned up, so students do tend to leave their bedroom windows open for air and ventilation. If your child’s study bedroom is on the ground floor remind them to close and lock the window when they go to sleep, otherwise a burglar could easily climb inside.

If your child has opted for privately-rented accommodation, security is then more of an issue. If your child goes to a city university then it will be important to know the sort of neighbourhood they’re in and the potential risks associated with the area. Not only do they need to ensure their own room is safe and secure but, they’ll have the added responsibility of making sure the property is safe. It might be a good idea to collate a list of questions to ask landlords when they’re house-hunting, especially about the kind of locks the doors and windows of the property has – most insurers require a mortice deadlock or rim lock conforming to British Standard.  More information can be found on the National Union of Students website http://www.nus.org.uk/en/advice/student-safety/

Staying street smart – keep possessions in sight or bags fastened

Today’s students often carry around at least £1,000 worth of technical gadgets every day. So, whether they’re in a lecture hall, the library or surfing the web in a coffee shop. Remind them to keep all their expensive items in sight and to check that their bag or rucksack is properly fastened. If they leave anything unattended it could disappear – a few seconds is all it takes for a thief to relieve you of a laptop or mobile device.

Cover for student belongings included in our policies as a matter of course.

However careful your child is, there is still the slim chance that they will be the victim of a burglary or robbery, so for complete peace of mind it’s best for them to have contents insurance in place.

Our specialist home insurance policies here at Riskworks Business automatically include student contents cover for your children as a matter of course. Speak to Emma Patrick on 01625 547754 to discuss further. www.riskworksbusiness.com.

Riskworks Business Services | Fulshaw Hall |
Alderley Road Wilmslow | Cheshire | SK9 1RL Telephone:
01625 547 754
Riskworks Business Services Limited are authorised and regulated by the Financial
Conduct Authority

Company registered in England No.: 3778537
Follow us on Twitter