Large or small, no organisation is immune to the threat of cybercrime. With ever increasing reliance on technology the consequences of a cyber-attack can range from temporary disruption of trading to complete financial failure.
Cybercrime continues to evolve in terms of frequency, cost and complexity and the shift to homeworking brought about by the COVID-19 pandemic has seen cyber criminals further increase activity resulting in some disturbing statistics:
- In the first 6 months of 2020 there was a staggering 715% increase in ransomware attacks compared to the same period in 20191
- During the pandemic there has been a reported 600% increase in malicious emails2
- A business is now 15 times more likely to have a cyber incident compared to a fire or theft3
Whilst more organisations are starting to purchase Cyber Insurance, the take up of cyber cover in the UK remains low. According to Hiscox’s 2020 Cyber Readiness Report, 58% of cyber-security professionals surveyed said their organisations purchased a cyber insurance policy - either as standalone or as an add-on to an existing policy - compared to 41% in 2019.
Some common misconceptions around the need for Cyber Insurance include:
Cybercriminals only target large organisations
Whilst cyber-attacks against high profile organisations such as British Airways and Travelex hit global headlines, small organisations are unfortunately not immune to cybercrime.
Small organisations are often considered low hanging fruits by cyber criminals due to lack of resources to invest in IT security and staff training. In 2019 46% of micro and small businesses experienced at least one cyber attack or breach.4
A traditional insurance programme affords adequate protection for the consequences of a cyber incident.
Unfortunately, in most cases this is not the case. Cyber Insurance has evolved specifically to provide protection against emerging risks not catered for by a traditional insurance policy.
IT security will provide adequate protection against a cyber incident.
Whilst investment in IT security will inevitably make an organisation less vulnerable to cybercrime, increasingly sophisticated cyber criminals are capable of overcoming even the most robust of security systems.
In addition, IT security cannot provide protection against the weakest link in any organisation’s security systems - human error. The UK Information Commissioner’s Office reported that the vast majority (90%) of UK cyber data breaches in 2019 were caused by human error.5
The scope of cover provided under a cyber insurance policy may include (but is not limited to):
- Costs to recover and/or recreate lost data and restore computer systems following a security breach
- Loss of revenue/profit, increased cost of working and loss of future customers due to reputational damage following a cyber event
- Legal liability as a result of a breach of personal data /confidential information
- Inadvertent breach of intellectual property rights via cybermedia
- Financial loss as a result of social engineering attacks such as a phishing scams
Importantly, however, one of the most valuable and often overlooked benefits of a Cyber policy is the critical incident support services provided in the event of a cyber incident to help a policyholder navigate both the immediate aftermath and the longer-term consequences of a cyber attack.
Critical incident support services include:
- 24/7 access to IT forensics, data breach/legal experts and public relations advisers, to provide support in the event of an actual (or suspected) cyber incident
- Support in complying with data protection legislation and notification obligations following a data breach
- Access to specialist ransom and extortion advisers
PIB Insurance Brokers recognise organisations have differing levels of cyber exposure and work with specialist cyber insurance providers to deliver tailored cyber insurance solutions.