The very real threat of cyberattacks
Imagine waking up one day to find out that your business has fallen victim to a cyberattack and sensitive customer data has been stolen. This nightmare scenario has become a reality for a growing number of businesses. In this article, Steve Cross, Technical Director, considers the roles that cyber security and cyber insurance can play in protecting your business from this threat.
48% of UK organisations were hit by ransomware in 2020, according to British-based security software and hardware company, Sophos, with 13% of UK organisations reportedly paying the ransom1. In 2021/22, ransomware attacks affected 73% of UK organisations according to the 2023 Cyberthreat Defence Report2, while Digit News3 reports that in 2022, new data shows ransomware attacks in the UK rose by 17% and early data for 2023 shows signs of an uptake in UK ransomware activity. The trend is clear to see: ransomware attacks are on the increase.
Latest ransomware attacks
On 9th February 2023, GOV.UK reported4 that Conti and Ryuk ransomware strains had targeted 149 UK individuals and businesses, including hospitals, schools, businesses and local authorities, extricating an estimated £27 million. And just 12 days into 2023, a high profile cyberattack took place on the UK’s Royal Mail5, with international parcel and letter deliveries affected for nearly six weeks, after it refused to pay a £67m ransom.
Over the past year, the UK’s National Cyber Security Centre (NCSC) part of GCHQ, dealt with more than 60 nationally significant cyberattacks6, including ransomware attacks against the NHS 111 helpline service and the water utility company, South Staffordshire Water.
What is ransomware?
Ransomware is described by the National Cyber Security Centre (NCSC) as a type of malware that prevents you from accessing your device and the data stored on it, usually by encrypting your files. A criminal group will then demand a ransom in exchange for decryption. The computer itself may become locked, or the data on it might be encrypted, stolen or deleted. The attackers may also threaten to leak the data they steal7.
In its annual review, released on 1st November 20228, the NCSC said: “the threat from ransomware is ever present – and remains a major challenge to businesses and public services in the UK”. As the war between Ukraine and Russia continues, they also urged UK organisations to check their cyber defences because of concern about the potential for new Russian cyberattacks.
The reality is that cybercrime is impacting users across the world and, as individuals and businesses become increasingly reliant on internet-connected devices, attackers will continue to take advantage with ever-more sophisticated threats, including ransomware attacks, data breaches and online fraud. Perhaps more than anything, the frequency of attacks underlines the need to have appropriate protection in place before a cyberattack happens, not as a reactive measure after the event.
Cybersecurity measures vary, depending on the size and nature of your business. With the general rule ‘you’re only as strong as your weakest link’ a good place to start, it reinforces the need for staff training, particularly with so many workers now operating remotely, ensuring employees understand how phishing attacks work and the need to be vigilant at all times. Other security measures include the use of firewalls, endpoint protection and multi-factor authentication that can include the use of biometrics such as face or fingerprint scans, as well as updating programmes and systems in recommended timeframes.
The other essential consideration in the mitigation of risk is ensuring your business is protected by transferring risk through an appropriate cyber insurance solution. This is where PIB Insurance Brokers come into the picture. At PIB, we have the resources and expertise to assess the level of existing and emerging risks your business faces and ensure you have an insurance solution in place that provides adequate protection.
A good cyber insurance policy will provide you with access to specialist assistance in the event of a cyberattack, including:
- Advice in relation to the payment or non-payment of any ransomware demand
- Statutory obligations in notifying customers of a data breach
- Public relations advice
- IT forensic investigation costs
- The costs associated with responding to regulatory bodies
The insurance coverage itself will also provide for the rectification of your computer systems, any resultant Business Interruption and the defence of any claims brought by third parties resulting from the attack, subject to policy terms, conditions and excess. Basically, in the event of a critical cyber incident, PIB will ensure your business benefits from specialist, proactive assistance, giving you the peace of mind you are in safe, professional hands.
Connect with PIB
In addition to ensuring your IT infrastructure security protections are to a good level, cyber insurance is one of the key mechanisms a business should have in place to help deal with a cyberattack because, unless you’re very lucky, it really is a case of ‘when, not ‘if’.
Whatever the size of your business, from SME up to large multinational, talk to us about specialist risk management and tailored cyber insurance. Call us today on 0330 058 9863 or email: firstname.lastname@example.org