As cybercrime rises and everyday services increasingly rely on technology, public attitudes towards cyber security are changing. We are becoming more cautious about sharing our information and expect organisations to protect it. Understanding the basics of cyber security is more important than ever.
A 2024 study by Vercara revealed that 70% of consumers would stop buying from a company after a security incident, and 58% perceive companies that have experienced a data breach as untrustworthy. The impact of a data breach on companies can be long-lasting, leading to financial losses and reputational damage.
Reputation
System outages and data breaches can significantly damage a business’s reputation. In September 2024, Transport for London (TfL) fell victim to a cyberattack that cost over £30 million. This included £5 million spent on incident response, investigation and cyber security measures. The breach also compromised the personal data of around 5,000 customers, including bank details from Oyster card refunds.
Think about your business: do you depend on just one key customer, a database of repeat clients or funding through donations? If so, a cyberattack impact could cost you that key customer, wipe out your database or stop vital donations and funding.
How a data breach is handled and communicated can be crucial to protecting your company’s reputation. Cyberattack protection, such as cyber insurance, covers the cost of crisis communication experts to help manage the effect of a cyberattack. It also provides cover for credit and ID monitoring for affected clients.
Business Interruption
According to the Allianz Risk Barometer 2025 (see below), cyber incidents ranked as the most significant global risk, with a wider margin than ever. Data breaches emerged as the leading concern, accounting for 61%.
Well-publicised attacks such as WannaCry and MOVEit have highlighted this risk to businesses. The WannaCry cyber attack in 2017 shut down hundreds of thousands of computers worldwide, with hackers demanding a ransom. It caused the NHS to cancel 19,000 appointments, initially costing them £20 million, but the subsequent clean-up of systems and upgrades brought the total cost to £72 million.
The MOVEit data breach began in May 2023 and was a large-scale cyberattack exploiting a vulnerability in the MOVEit file transfer software. It affected over 2,500 organisations worldwide, including major UK companies such as the BBC, British Airways and Boots, exposing the personal data of millions of individuals. The breach’s estimated financial impact is around £8.7 billion.
Strong IT security and the ability to trade again quickly after a cyber incident give businesses a competitive advantage. Speaking to an insurance broker can help you find the correct business interruption cover to safeguard your business.
Data Breaches
Data breaches are all too common. While they can result from hacking, the most frequent cause is human error. Employees may inadvertently click on a link or open an attachment in a phishing email, allowing malware or keylogging software into the system. This can disrupt business and provide hackers access to sensitive information like passwords. Additionally, employees might lose a laptop or mobile device containing important data.
A cyber insurance policy can help in the following ways:
Incident Response
Incident response includes access to a 24-hour helpline that provides forensic and legal advice in case of a data breach or hack. It also covers:
- Notification costs (including notifying affected individuals and handling incoming calls)
- Notifying regulators
- Credit and ID monitoring costs for affected customers
- IT forensic costs
- Legal advice and defence costs
Cybercrime
Social engineering exploits human error. It involves manipulating individuals to gain access to systems and networks or for financial gain. Even with strong IT security, a firewall won’t offer much protection if employees are deceived into clicking a malicious link or disclosing sensitive information, such as banking details.
Social engineering scams, such as phishing attacks, pose significant threats in the UK. In 2024, the Cyber Security Breaches Survey reported that 84% of businesses and 83% of charities experienced phishing attacks, making it the most prevalent type of cyber incident.
These incidents can cause significant damage, exposing sensitive data at the click of a button. While social engineering schemes can be costly for organisations, they are preventable.
You can help protect your business from social engineering scams by educating your staff about phishing attacks and providing them with proper training to recognise fraudulent or suspicious emails. Emphasise the importance of verifying the sender’s email address (this includes reaching out to the user to confirm their identity), checking for typos or grammatical errors in the message and ensuring that any links don’t lead to lengthy or suspicious URLs when hovered over.
Protecting yourself from cybercrime includes implementing strict cyber security policies, conducting regular staff training and ensuring businesses invest in cyberattack protection.
Cybercrime is not typically covered under a standard cyber policy, but some insurers offer the option to extend coverage. Finding the right cover for your business is essential to ensure you are protected in a cyber security breach.
What Should You Do Next?
The rise in cybercrime means that businesses must update their insurance policies to protect themselves against this escalating risk, especially as some businesses now rely more on their digital assets than their physical ones.
Contact our cyber expert, Emma Francis on 01792 704317 or at emma.francis@thomas-carroll.co.uk to discuss your concerns. Thomas Carroll can help you find the right cover for your business, ensuring you are protected in a cyber security breach.
