Cyber crime is an ever-growing threat to business around the world. High profile cases of cyber attacks and data breaches regularly hit the headlines, such as Talk Talk’s customer data breach, and more recently the Wannacry ransomware that targeted the NHS computer system. The effects can be eye-watering – Talk Talk’s data breach is estimated to have cost the company £42 million.
Businesses of all sizes are constantly targeted by hackers, and often SMEs and smaller family businesses do not have the necessary protection – both in terms of cyber insurance, and more general cyber risk management.
Cyber crime in the UK
Only a third of UK firms have a formal cyber policy in place covering cyber risk.
46% of all UK businesses have identified at least one breach or cyber attack in the last 12 months. For medium-sized firms this is 66%.
The main types of breaches are:
- 72% fraudulent emails
- 33% viruses, spyware or malware
- 27% online impersonation of the company or staff
- 17% ransomware
Of those firms that detected a breach, 37% say that they are a monthly occurrence.
Consequences of cyber crime and data breaches
19% of UK businesses have suffered material damage as the result of a cyber attack. Of those:
- 23% have suffered a temporary loss of files or network access
- 20% have had systems corrupted
- 38% have had to implement new protective measures
- 34% have lost staff time to dealing with the breach
A Stanhope Cooper client recently incurred a £70,000 loss through a social engineering scam. Social engineering involves a hacker impersonating a senior member of staff (most commonly via email) in order to transfer company funds into an external account. The client was able to recover the funds through their insurer as their cyber policy specifically covered this risk, but not all policies do and not all companies are covered.
Business interruption as a result of a cyber attack
Normal business interruption cover will only operate following material damage to the property insured. For example if there is a fire in a factory meaning goods cannot be produced and stock held, the loss will be compensated.
However because damage caused by a cyber attack is often not physical (eg. If a computer system cannot be accessed following a ransomware attack) then the Business Interruption cover will not operate. This is despite the fact that a business may be suffering a significant loss whilst they are unable to access systems, customer information, and essentially run their business.
A cyber policy would respond in this instance. It is a crucial part of any company risk management, and should not be overlooked.
Insurance as part of cyber risk management
Hackers are becoming more and more sophisticated in their methods of attack. At the same time, as reported by Tech Republic, there is an alarming simplicity in accessing the necessary software to put together a hacking campaign, meaning that the number of attacks will continue to rise.
Businesses can no longer ignore the threat of cyber attacks. A cyber insurance policy that is specifically tailored to the business and the potential risks it can face is crucial in protecting it.
Stanhope Cooper provide tailored cyber insurance cover for small and medium-sized businesses. We work with specialist cyber insurers to ensure that the right cover is sourced, at the best price.
If you would like to know more, feel free to give our team a call on 0207 776 9791. Or email us with your enquiry at firstname.lastname@example.org