FOCUS Oxford Risk Management: Vulnerable not Valuable – understanding the real risk of a cyber attack
It's easy to become confused about cyber insurance – how it works, why it’s needed and what the real threat to your business is.
News headlines often feature big industry names being hit by a cyber-attack. But alarmingly, research from Aviva[1] has shown that the majority of British SMEs -86% - do not have any cyber insurance cover in place.
Whilst this can be a conscious decision made by the business owner, it’s often the result of a lack of understanding of the risks and the impact a cyber-attack could result in.
Cyber insurance has a reputation as only being needed by businesses that hold sensitive data – but privacy exposure isn’t the only risk facing businesses today. In fact, cybercriminals are increasingly targeting traditional industries that hold almost no sensitive data at all, whether through ransomware attacks that halt operations or business email compromise scams that result in wiring payments to fraudulent accounts.
A recent UK government report – Cyber Security Breaches Survey 2020 – reveals some sobering facts:
- 46% of businesses have reported having cyber security breaches or attacks in the past 12 months.
- Among this 46 per cent of businesses that identify breaches or attacks, more are experiencing these issues at least once a week in 2020 (32%, vs. 22% in 2017).
- And one in five of this 46 per cent (19%) have experienced a material outcome, losing money or data. Two in five (39%) were negatively impacted, for example requiring new measures, having staff time diverted or causing wider business disruption.
Many SME businesses are at risk not because they hold sensitive data that cyber criminals are seeking to gain, but simply because they are vulnerable to an attack. This is often a combination of a lack of understanding of the risks and exposures, staff awareness and training and not having the right or even any cyber insurance in place.
Managing the cyber risk to your business
The world of cyber insurance is full of terminology – malware, ransomware, phishing and social engineering to name just a few. Most of us are now familiar with these and have at least a basic understanding of what they mean.
But how many of your staff would recognise a suspicious email or weblink if one arrived in their inbox from a supposedly trusted source?
The Covid pandemic has changed the way many of us now work with remote working set to continue for many businesses to some extent for the long term.
Where in pre-Covid times, a team member may receive a suspicious looking email and be able to ask a colleague for their thoughts before reacting to it, remote working makes that sense-checking much harder and so the potential for clicking on a link that could result in a form of cyber attack is significantly greater.
Remote working has had a massive impact on the adoption of digital solutions, meaning that cyber cover should now be perceived as an essential part of a company’s insurance programme – not just an extra or add-on luxury.
This is where understanding the risks to your business is crucial. Cyber insurance doesn’t just protect against an attack but having the right cover in place can provide you with access to experts to get your business back on track in the event of a cyber incident.
How to protect your business for tomorrow
With cyber policy language becoming more standardised, cover being provided as part of a packaged product and as a stand-alone policy, how do you find the right solution for your business?
Of course, you can jump on Google and a myriad of cyber insurance policies can be found and taken out at the click of a button. But does that give you the peace of mind that insurance is designed to do?
What might seem a cost-effective solution at the time of purchase could in fact prove extremely costly in the event of a cyber-attack if the policy chosen doesn’t provide the cover and support you thought it did.
Talking to an adviser with technical knowledge and a commitment to see the threats, risks and concerns to a business from the owner’s perspective is key. In simple terms, engaging with an experienced insurance adviser to help you understand the solutions that can be put in place is the best way to proactively mange the risks to your business.
[1]All data is taken from a survey of 505 British SMEs across the UK, in a wide variety of industry sectors, conducted by YouGov from 12 April – 24 April 2021 on behalf of Aviva.
Helping you reduce the risk of a cyber-attack on your business - We offer a complimentary, no-obligation cyber risk assessment.
This report will provide you with an understanding of where the threats to your business using a simple traffic light system and identify any action that needs to be taken to stop potential cyber risks turning into a real attack.
To request your report – or to find out more, simply get in touch. [email protected] or call 01865 953 111
FOCUS can provide solutions to complex insurance needs including:
- Directors and Officers Liability
- Intellectual Property Protection
- Clinical Trials Liability – including global programmes
- Research and Development Operations
- Property Damage/Business Interruption including
- Public and Employers Liability
- Products and Services Liability
- Errors and Omissions Liability
- Cyber and Privacy Risks
Delivering insurance advice that makes a difference to you and your business
For more information, visit www.focusorm.co.uk
FOCUS Oxford Risk Management Ltd, Seacourt Tower, West Way, Oxford OX2 0JJ