Cyber Attacks – Why we need to pay attention

Cyber attacks are becoming more and more common place. Being insured against the risk may have been seen as a ‘nice to have’ but these days, any size of company might be targeted. The BPMA has covered a number of sessions including safeguarding data and here, Towergate Insurance, one of the BPMA’s Preferred Providers spells out the risks and why looking at cyber should be part of every business plan.

The Mail on Sunday reported a cyber attack on exclusive jewellery firm Graff. Cyber criminals are alleged to have leaked up to 69,000 confidential documents including private details of David Beckham, Donald Trump, Oprah Winfrey and Sir Philip Green. They are thought to have demanded tens of millions of pounds in ransom money to stop the release of further sensitive information.

What type of cyber attacks might you experience?

Recent research shows 86% of businesses experience fraudulent email issues or being directed to fraudulent sites. 26% of businesses have found others impersonating the organisations emails or online. This happened several times to the BPMA in 2020 and 2021 and a number of industry organisations. 16% of businesses have come into contact with viruses, spyware and malware and 9% have experienced hacking or attempted hacking of online bank accounts. This doesn’t cover the ransomware demands (8%), unauthorised use of computers, networks or servers (6%) or by staff (5%) and other breaches (5%) – it’s a murky cyber world out there so you might need protection!

What is cyber insurance?

It’s a good question. Cyber & Data insurance covers losses relating to damage to, or loss of information from, IT systems and networks. Cyber is a very real, current threat to UK and Worldwide businesses. Existing insurance policies such as commercial combined, management liability or professional indemnity insurance may provide very limited elements of cover against cyber and data risks. But they are unlikely to be sufficient and businesses could find themselves exposed.

It is important that you understand if and what cover you have and how it would respond in the event on a cyberattack or incident. Some policies will help you to respond to said attack, with 24/7 helplines to give immediate, practical assistance to mitigate costs; others will help to restore equipment and software after an attack.

Clients should particularly consider purchasing cyber & data insurance if they:

• Hold sensitive customer details such as names and addresses or banking information
• Rely heavily on IT systems and websites to conduct their business
• Process payment card information as a matter of course.

Ransomware demands up to £1 million no longer unusual

Ransomware attacks have really hit the headlines in recent weeks, with companies such as Colonial Pipeline, CNA, Toshiba and JBS all the victims of cyber criminals. In the case of Colonial Pipeline significant disruption was suffered by the US East coast energy infrastructure network, and Colonial ended up paying a $4.4 million ransom.

Lindsey Nelson, Cyber Development Leader at market leader CfC Underwriting, says she is not surprised that such blue-chip companies can be targeted in this way. “Criminals are going to go after companies who are vulnerable, providing them with the path of least resistance, rather than companies who are valuable,” she says. “But the large Fortune 500 or FTSE companies typically have the perfect combination of being both extremely lucrative, while unfortunately having limited barriers of entry for criminals to penetrate their networks.” “There can be several motivations behind criminal activity ranging from political state actors to hacktivists to rogue employee scenarios, but largely what’s fuelling crime is financial gain, and blue-chip companies are often targeted either directly or through smaller subcontractors and suppliers to gain access to their systems.”

Equally, she says, as ransomware now largely involves an element of data exfiltration, allowing criminals access to financial information including the net profits of a company, it easily enables them to ask for a larger monetary demand by way of extortion. “Larger companies also tend to be incentivised to pay the ransom demands quickly due to the fear instilled by either strict fines or penalties under privacy legislation and to avoid subsequent negative publicity from the media resulting in customer attrition.”

Frequency and severity on the increase?

We often hear repeated in the wider media that both the frequency and severity of cyber-attacks, (not limited to ransomware demands), are on the increase, but as far as Nelson is concerned, this picture is not necessarily an accurate one. “Everyone in the insurance industry will have a vested interest in keeping both frequency and severity of cyber claims down, however, unlike some of the headlines, the frequency of cyber claims hasn’t increased in a significant way relative to the increase in the number of policyholders,” she says. “What we are concerned about is the severity of cyber claims due to proliferation of ransomware attacks against businesses, and the extraordinary extortion demands making the headlines which, in a relatively young line of insurance, can easily overtake the profitability of cyber as a line of business. Long gone are the days of Wannacry where the average demand was £300 per victim; it’s not unusual these days to see extortion demands of up to £1M per victim, and that’s true across any industry, territory or size of business.”

Managing cyber risk

However, she adds, while it’s not possible to stop cyber-crime in the foreseeable future, there are ways to appropriately manage it across client, broker and insurer channels. “Cyber insurers are increasingly seeing the benefit of providing continuous scanning services on behalf of their policyholders to find vulnerabilities specific to their business, driving the frequency of claims down and helping shut a company’s digital windows and doors closed. Providing an experienced, multi-disciplinary – and crucially – in-house incident response team will also help.”

BPMA members can access advice through the dedicated help email – members should log into the BPMA site to access details for Towergate and speak to Richard Davies. You can also assess your cyber risks by visiting their website and taking the 3-minute cyber test at towergate.com