Cyber Security: How it affects every business
By Alan Boal, Account Director, ABL Insurance
Given the current tragic events in Ukraine, it’s notable that June 2022 will mark five years since the ‘NotPetya’ malware attack resulted in a major global incident. Ukraine’s largest airport, energy authority and national bank were amongst the first to be attacked on the eve of the Ukrainian holiday Constitution Day, giving rise to speculation of a politically motivated attack.
However, the malware spread beyond Ukraine, impacting unintended targets and global businesses such as WPP, Merck and FedEx. Shipping giant Maersk was caught-up in the collateral damage, with 49,000 laptops affected and 3,500 of 6,200 servers destroyed. The business cost of NotPetya for Maersk has been estimated at $300m.
Cyber Insurance History
Cyber insurance as a product is relatively new compared to most other Insurance covers and until recent years had mainly been purchased by larger Corporates and/or those with obvious/high exposures e.g. operating online trading platforms or in certain sectors such as finance, banking etc.
There has however been a tidal shift, with cover now purchased by a much wider cross-section of businesses and by much smaller entities. Cyber insurance now forms an essential part of the insurance and risk solution for enterprises of all sizes.
This change is largely due to increased awareness and understanding of the risks faced by Insurance buyers as they react to Legislative developments such as the GDPR, consumer demand for enhanced privacy and data control, increased media reporting of large cyber losses and increased awareness of local firms experiencing damaging data breaches, cyber-attacks and ransomware demands.
In addition, as online trading has increased and reliance upon IT infrastructure deepened, businesses have never been more vulnerable to fraudulent, malicious or inadvertent attacks by criminals as they seek to exploit new weaknesses and opportunities.
Cyber Insurance Costs on the Increase
Insurers like to base premium calculations upon historical claims data, with an actuarial eye on emerging future risks. However, the relatively short lifespan of Cyber cover makes the former difficult to assess and the speed at which new threats evolve makes it difficult to assess future exposures.
Some early entrants to the market have now withdrawn completely after failing to make an underwriting profit and whilst new players have emerged, they have tended to underwrite risk much more carefully.
This has generally set a higher bar for Risk Management as Insurers require greater undertakings from potential clients such as Multi-Factor Authentication. external IT Security Monitoring and enhanced staff training to even secure an offer of cover.
Against the background of a difficult wider Insurance market generally, Cyber insurance pricing has increased steadily over the last number of years with a sharper hike during the past 12 months. Rising Reinsurance costs and increased claims have been the main contributing factors to this.
The remote home and hybrid working patterns adopted by most businesses during the Covid Pandemic have undoubtedly increased risk exposures. Most firms now report their staff are bombarded by phishing emails, malware and scams.
In the rush to enable remote working, many smaller companies couldn`t supply dedicated IT hardware to all their staff who instead used personal devices to continue working.
The use of personal devices and networks without firewalls or suitable security software, along with the reduced oversight of remote employees that comes with remote working has thrown the enhanced risks of the ‘new normal’ into sharp relief.
The importance of maintaining IT security and increasing risk awareness through regular testing and training is becoming ever more evident and is more and more often, an essential part of many organisations' risk management strategies.
Cyber Insurance Claims Trends
Ransomware, whereby criminals seize control of data or systems, lock-out owners and demand payment to release access, has emerged globally as a major source of claims. We have observed an increase in both the frequency and severity of Data Breaches and also Hacking without any specific attempt to obtain financial gain i.e. Cyber Vandalism.
Hackers appear to be moving away from attacks on larger organisations that may result in greater scrutiny from National Governments or Law Enforcement. Instead, the trend is towards the perceived easier target of SMEs.
There is also crossover as regards Cyber Crime – that is, theft of monies or incurred costs as a result of fraud, theft etc. committed with a Cyber element e.g. Funds Transfer Fraud, Escrow Funds Theft etc. For optimal protection, a Cyber Insurance Policy with a Cyber Crime element should be arranged.
Protecting Your Business Against Cyber Breaches
Insurers and Cyber security experts have distilled data on attritional losses and concluded that certain basic Risk Management measures are helpful in preventing incidents.
A high priority is Multi-Factor Authentication, especially for remote access but internally also. Other key measures include Cyber Security Awareness training and random phishing tests for staff, endpoint detection and response and secured/encrypted off-site system and data back-ups.
The ongoing Ukraine situation and tensions with several rogue states have increased fears of cyberwarfare waged by foreign Governments to impact the economic interests of Western democracies. As with the NotPetya attack in 2017, malware has a nasty habit of spreading and companies entirely unrelated to either side of the Russian-Ukrainian war might find themselves caught in the virtual crossfire.
Cyber Insurance is a smart investment for all organisations.
At Digney Grant we advise our clients to undertake thorough Cyber Incident Response Planning and testing. It will be too late to first consider your response in the aftermath of an incident and result in a longer and more expensive business interruption.
We can assist clients with our specially designed Cyber Security Toolkit to aid planning and also with suitable Insurance cover to act as a financial backstop and provide access to specialist post-loss resources e.g. First Response IT Services and Forensic Examination, Data Restoration, PR Advice, Notification Costs, Credit and ID Monitoring etc.
As part of largest Corporate Insurance Broker in NI, Digney Grant is able to assist firms of all sizes by providing professional advice on Cyber risks and Insurance protection. Contact us today on 028 9099 3600.