Keep your business cyber safe

10 questions to ask IT providers

As cyber-attacks on UK businesses grow increasingly sophisticated and more common, it’s paramount that businesses have robust systems in place to protect themselves. 

Half of businesses (50%) experienced some form of cyber security breach or attack in the last 12 months, according to the 2024 Cyber Breaches Survey. 

By far the most common type of breach or attack was phishing, affecting 84% of businesses; phishing is where scam messages trick the user and persuade people to share passwords or accidentally download malware (malicious software, often used to steal data). Other common types of attack include impersonation of businesses in emails or online; and viruses or other malware.

There are plenty of steps that businesses of all shapes and sizes can take to improve their cyber security. The National Cyber Security Centre has lots of resources to help.

But one important source of help should be your IT provider. The right provider will play a crucial role in keeping your business safe from cyber threats, helping to identify and fix security weaknesses, ensure company devices are secure and monitor your systems for any suspicious activity.

It’s important that you pick the right IT provider for your business and ensure they have the processes and infrastructure in place to support you. But it can be tricky to know exactly what to expect from your IT provider. With this in mind, we’ve compiled a list of ten questions to ask your IT provider to ensure you’re both on the same page:

1. What cyber risks do you foresee to our business?
2. What experience can you evidence in dealing with cyber-attacks and data breaches?
3. If we suffered an attack, what additional resources can you provide us, how quickly, and at what cost?
4. Do you have Digital-Forensic capabilities?
5. If our backups were compromised, how long would it take you to rebuild our IT environment and restore our data?
6. How would you handle a ransomware incident?
7. How would you handle a data breach, and would you notify stakeholders such as the Information Commissioner’s Office (ICO) or affected individuals?
8. What contractual indemnities would you provide us for our losses associated with a cyber-attack or data breach?
9. Can you commit to a service level agreement?
10. Do you have cyber and professional indemnity insurance?

Stay covered with cyber insurance

Bear in mind, should you fall victim to a cyber-attack, then you may need additional support beyond just what your IT provider offers. They may not be equipped to deal with the complexities of a cyber incident, or support with the financial, legal or reputational damages that may occur. 

That’s why it’s important to consider investing in cyber insurance too. This cover can not only support your business financially if you experience a cyber incident such as a cyber-attack or data breach, but also provide you with access to expertise such as legal and IT specialists to help you to respond and recover quickly and effectively.

Find out more about NFU Mutual’s cyber insurance.