Today, technology is part of everything we do. Whether in business or socially, the use of technology is widespread.
20 years ago, the use of technology was marginal in business. As a result, insurance portfolios reflected traditional risks, such as fire, flood and theft. Fast forward to 2018 and the explosion in the use of technology means that there is huge potential for a cyber breach. We explore the major cyber risks for businesses below.
Top 3 Cyber Risks for Businesses
1) Human Error: Lost and stolen laptops and mobile phones
What happens when one of your employees loses their mobile phone or has their laptop stolen? In one case, a care facility had a laptop stolen and on the laptop was a post-it note with the computer password on it. The data breach cost the company between £150,000 – £175,000, massively outweighing the cost of the physical theft of the laptop.
Employee awareness on cyber risks is vital in preventing a breach. Most cyber breaches will be as a result of human error. Although you have a stringent of IT controls in place, human error is difficult to avoid and manage.
2) Hacker
How would an attack on your systems affect your business? One growing threat is Ransomware, which accounts for almost 40% of successful attacks. Ransomware breaches doubled last year and could double again this year. The latest report by Malwarebytes showed that:
• 54% of UK companies were found to have been hit by a ransomware attack.
• 32% of UK companies lost files after refusing to pay a ransom.
• 63% of companies experienced severe downtime.
• Just 4% of organisations are “very confident” in their ability to stop ransomware.
Ransomware works by infecting your IT and encrypting your data until a “ransom” is paid by you. High profile Ransomware cases include the NHS WannaCry ransom attack in 2017, which is estimated to have cost the NHS £92m. Maersk ransomware resulted in them having to reinstall and overhaul most of their infrastructure of 4,000 servers and 45,000 PCs. They also suffered significant business interruption which crippled them for a week and were still feeling the effects a month later. It is estimated to have cost them between $250-$300m.
3) Social engineering and spear phishing targeted at employees
Social engineering is how criminals take advantage of human error. You can have excellent IT security, but that firewall won’t mean much if your employees are tricked into clicking on a malicious link or disclosing banking information. Social engineering involves manipulating people in order to gain access to systems, networks or for financial gain.
Social engineering scams, such as email attacks and phishing scams accounted for over 25% of cyber-incidents earlier this year, affecting organisations across various industry sectors. These incidents can cause serious damage, compromising sensitive data at the click of a button. Although social engineering schemes can cost organisations over £1 million, they are preventable.
You can help your business avoid social engineering scams by communicating with your staff about phishing attacks and providing them with proper training to identify fraudulent or suspicious emails. Emphasise the importance of checking that the sender’s email address seems valid (this includes reaching out to the user to confirm their identity), that the message doesn’t contain any typos or grammatical errors and that the links don’t have lengthy, suspicious URLs when your mouse hovers over them.
How can cyber insurance help?
Cyber insurance is available to support your business in the event of a data breach or if your business is subject to a hack that affects your systems. The insurance not only covers the cost in the event of a breach, but also helps you manage the breach and helps protect your reputation.
Some key covers available on a cyber insurance policy include:
1. Incident response
This includes a 24hour helpline that you can call in the event of a data breach or hack for forensic advice and legal advice. It will also include:
• Notification costs (notifying individuals affected and taking the incoming calls)
• Notifying Regulators
• Credit and ID monitoring costs to affected customers
• IT forensic costs
• Legal advice and defence costs
2. Cyber business interruption
Business interruption from a cyber event is a key concern for businesses due to the escalating number of cyber incidents, such as ransomware. Traditional insurance policies, such as commercial combined/office policies don’t cover business interruption as a result of a cyber event. Cyber insurance can cover the loss of income as well as additional costs that may occur.
3. Data restoration and IT forensic costs
Costs of a hack can be significant. Cyber insurance covers your IT forensic costs and data restoration which can add up quickly.
4. Privacy liability
Following a data breach, the insurer will pay on your behalf sums that you have become legally liable to pay as a result for example of disclosure of personally identifiable information or breach of confidentiality.
5. Public relations advice
A cyber-attack or data breach can create media and public interest. Cyber insurance covers the costs of engaging specialist crisis containment advisors or other experts such as a PR agency to minimise reputational damage to your business.
Take action to protect your business today
If you need advice on how to safeguard your business from the increasing threat of cyber crime, contact our cyber expert, Emma Buckley by calling 07904 197 113 or emailing emma.buckley@thomas-carroll.co.uk.
