Cybercrime - it’s a case of ‘when’ not ‘if’…

Since March 2020, when the pandemic caused many processes to move online and employees to work from home, worldwide cyber incidents have increased dramatically.

Last year in the UK, the National Cyber Security Centre (NCSC) took down 2.3 million cyber-enabled campaigns and offered support to 777 significant incidents. They also removed 50,500 scams and more than 90,100 malicious URLs.

In 2021, 40% of businesses experienced some form of cyberattack, showing quite clearly that cybersecurity is a huge issue and must be taken seriously. As technology develops, cybercrime gets more sophisticated, and it becomes increasingly difficult to differentiate between a legitimate communication and a malicious one - making it a case of ‘when’ and not ‘if’ of a cyberattack occurring…

Top two risks

According to the latest Directors and Officers Liability Survey 2022, cyberattacks and data loss are the top two concerns, bringing with them regulatory risk, threat of fines and penalties, and the risk of health & safety/environmental prosecutions. Cyber extortion currently sits in third place, generally occurring as ransomware and distributed denial of service attacks (DDoS).

Cyber security breach

A cyber security breach can result in many issues, ranging from damaged hardware, a computer virus and hours lost handling the attack to a criminal investigation and damages claims from third parties, with reputational damage a real possibility. Whatever the nature of the attack, there are real-life consequences, affecting personal data, time and money, and disruption of key services.

Staff complacency

A recent survey by SME insurer Superscript (5th May 2022) found that 34% of employees were unaware of what preventative measures their company had taken to prevent cyberattacks, and 45% said they were unconcerned, as they expected their employer to have insurance in place to cover losses. 40% of respondents felt that upholding cybersecurity best practices wasn’t their responsibility!

With 67% identifying social engineering, email fraud and phone hacking as significant risks, it highlights the need to educate employees about taking responsibility for their actions and knowing what to do in the event of a cyberattack.

Cyber insurance

One of the most important weapons a business can have against cybercrime is cyber insurance. In the event of an attack, this provides protection in a number of ways: covering the costs involved with investigations, legal fees, contacting affected parties, support with PR costs and getting back on your feet as soon as possible with a suitable IT system. Depending on the level of cover, paying a ransom can be covered, although this is seen as a last resort.

By seeking professional advice and committing to protect yourself with adequate cover, businesses can significantly mitigate the risk of cyberattack. To find out more, talk to TMD. We can advise on the level of cover you need to have in place, giving you the peace of mind that help is on hand should you fall victim to a cyberattack. To find out more, please call us on 01992 703 000 or email: insurance@mcdonaghs.co.uk

Sources:

https://www.insurancetimes.co.uk/news/staff-complacency-increases-cyber-risk-for-firms/1441074.article

https://www.insurancetimes.co.uk/news/uk-cyber-rates-soar-amid-market-challenges-/1440219.article

https://www.insurancetimes.co.uk/news/dandos-top-two-risks-are-cyber-attack-and-data-loss-wtw-and-clyde-and-co/1440951.article