It has been said that there are only two types of companies; those that have been hacked and those that will be. (Robert Muller, FBI Director)
Cyber crime refers to computer or information technology dependent criminal activity. Phishing, spyware, malware, hacking and social engineering are all ways of conducting cyber fraud. Fraudsters are becoming more inventive and many victims are often unaware of the crimes. For many organisations cyber crime is frequently considered too ‘virtual’ to be a threat but the financial and reputational costs are very real.
Data breaches are costly and have risen year on year since 2008; last year the average cost per compromised record increased from £86 to £95*. Multiply that by hundreds or thousands of customer records and the cost of a single data breach incident can be overwhelming for any business. In addition to making sure you have effective internet security software the right cyber risks insurance can help protect your business against damage from cyber-attacks, data breaches and other internet-based exposures.
Serious damage can be inflicted on organisations with computer-controlled processes and machinery e.g. supermarket chiller cabinets for perishable food, manufacturing companies whose machines could be overridden and production disrupted. This disruption results not only in loss of product and production time but also the potential loss of income by not fulfilling client orders. Businesses need to be equipped to not only restore their systems as quickly as possible, but also cover the costs arising from complying with customer requirements and handling crisis management. A standard business interruption policy does not cover a cyber attack unless physical damage is caused by the attack. Cover is available for this through a comprehensive cyber insurance policy
The nature of online trading creates considerable virus, spyware and hacker risk exposures, including theft of customer banking information, privacy liability following a breach of personal identity data, and e-business interruption. These risks may not be adequately covered by traditional standard policy forms. Modern businesses, of all sizes, are vulnerable to this type of attack from a local B&B with an online booking system to large online retail businesses.
IT, media and publishing companies are especially at risk of intellectual property theft and breach of confidentiality. This type of cyber attack is considered a form of industrial espionage, cyber criminals intend to steal intellectual property or other economically valuable commercial secrets such as supplier and customer lists, financial information, contract terms or patents of new products with the purpose of selling it on. The need to protect your business against an attack cannot be underestimated. Such breaches can can result in unforeseen expenses arising from damages to victims of data theft, contractual penalties, investigative costs, regulatory fines, interest on money stolen, court attendance costs and public relations expenses.
In addition to the direct financial costs, reputational damage is the often overlooked cost of cyber crime. Loss of faith in a business that has been the victim of a cyber attack who did not adequately protect their clients, suppliers or themselves will have a longer term affect on the business. Competitors will be swift to take advantage of this situation; winning back customers and suppliers and rebuilding a reputation takes time and money.
So who carries out these attacks and why? Cyber attacks are carried out by a variety of culprits, largely by criminals, with specialist skills. It may not be an organisation’s own data that is the target; some companies are attacked to get information on third parties with whom they deal. For example, hackers can steal a bank’s customers account data. Attacks can also be carried out by disgruntled employees or those who believe they are fulfilling a higher purpose by whistleblowing. Cyber liability is a hot topic, with insurers and brokers alike looking at this new and emerging risk. A report published by the UK government and a global insurance broker, warned of knowledge gaps among business that is holding the UK cyber insurance market back. The government has worked with the Information Assurance for Small and Medium Enterprises (IASME) consortium and the Information Security Forum (ISF) to develop Cyber Essentials, a set of basic technical controls for organisations to use. It offers a certification process for businesses to show they have taken the necessary steps to prevent cyber-attacks. Insurance firms and brokers have backed the scheme.
Sensational news stories help promote the need for cover, but buyers, as always, need to be aware. Many policies that are emerging are very specific in what they cover and what they don’t cover. It is imperative that those buying this insurance think long and hard about the risks they run, and ensure that any policies bought reflect the cover required. An experienced insurance broker will be able to review your risks and provide professional advice on the best cover for your business.
By Ian Sandham, Branch Director of Bluefin Bath
*Source: IBM & Ponemon Institute 2014 Cost of Data Breach Study: UK.
Member since: 23rd September 2013
The dedicated team at Bluefin Bath provides specialist independent advice on business insurance, home & motor insurance, wealth management and financial planning.