By Emma Hughes, New Business Broker
‘Cyber’ is an emerging risk and SME businesses need to be aware of the level of exposure they face. Typically a business would want to protect their physical assets but when it comes to cyber you are insuring the intangible – data, customer information, and intellectual property. Arguably data or information has become one of the most important assets to a business and worth many times more than the physical equipment it is stored upon.
There is no doubt that the implementation of GDPR in May 2018 shone a spotlight on the growing need for cyber insurance with 66% of organisations more concerned about their cybersecurity than they were a year ago. Despite growing concerns 43% of British SMEs admit to having no business continuity, disaster recovery or crisis management plans in place. In order for these businesses to create a thorough business continuity plan they must first understand and identify the risks they face.
After the catalyst of GDPR businesses are now beginning to address cyber exposures but the focus on data breaches is detrimental in providing a comprehensive cyber risk solution. For example, almost a third of CFC’s (a top UK cyber insurer) cyber claims are a result of the theft of funds, which is a significant risk for almost any business and has been for quite some time. Cyber insurance goes beyond simply providing cover, ultimately cyber insurance has a role to play in helping businesses to understand where to put their limited IT security spend, and hopefully put it in better, more effective areas.
Cyber-crime is the fastest growing crime in the world, affecting businesses of all sizes and sectors. In Britain 46% of SMEs admitted to suffering at least one cyber security breach or attack in the last 12 months. To illustrate this the insurer Hiscox has set up a typical small business server to record how many attempted cyber-attacks happen in real-time. By mid-day almost 27,000 attacks had been attempted.
Every cyber-attacker will have their own purpose ranging from the ransom of data to malicious destruction. Often breaches are not discovered until weeks or months after the event, by then untold damage could have been caused.
Businesses need to start asking themselves what would they do if they found out that they had been the victim of a cyber-attack? WannaCry in May 2017 and NotPetchya in June 2017 raised the question of when businesses are affected, who do they call? There is no state-provided IT security service. Although the UK has the National Crime Agency and GCHQ they are focused on protecting national infrastructure, rather than individual businesses [..] the state has not provided the services to support businesses, and that is what the cyber insurance industry is doing.
The impact of a breach can be felt for many months, even years after an event. Although a system may be back up and running within a matter of days the effects of reputational damage and lost data can be felt long after. Every single breach will be different and there is no ‘one size fits all’ solution. For example a business that receives their income on a contractual basis could be more exposed to long tail financial loss, as the cancellation of monthly or annual contracts could very quickly result in sizeable financial losses being incurred. It is unlikely a traditional business interruption policy would respond in this instance so it will have to be written in to the cyber coverage. Regardless of your business type or size there is an exposure to be mitigated.
Now is the time to start addressing Cyber as a very real and tangible risk to your business. The threat of a cyber-attack is ever growing and it has the potential to impact your business in the same way as fire or flood. Please do not hesitate to contact us on firstname.lastname@example.org or 01642 240400 if you would like to discuss Cyber cover for your business.
Graham, Luke. “Cyber Insurance, the Great Fire of London, and the need for digital fire figthers in the modern day” Accessed October 24th, 2018. http://dev2.cityam.com/263335/cyber-insurance-great-fire-london-and-need-digital-fire
CFC News. “Cyber Claims Case Study: Software Shutdown” Accessed October 24th 2018. http://cfcunderwriting.com/media/3219?topic=1
CFC News. “Top Five Reasons To Buy Cyber” Accessed October 24th, 2018. http://cfcunderwriting.com/media/3186?topic=1
CFC News. “2018 Survey Reveals Concern About Cybercrime Continues To Rise” Accessed 24th October 2018. http://cfcunderwriting.com/media/5632?topic=2
Aviva PLC. “Supporting UK SMEs to address vulneratbilities” Accessed October 24th, 2018. https://broker.aviva.co.uk/news/article/695/supporting-uk-smes-to-address-vulnerabilities/
CFC News. “Beware The Data Breach Bear Trap” Accessed October 24th, 2018. http://cfcunderwriting.com/media/3283?topic=1
Erimus Insurance Brokers is a trading name of Teesside Insurance Consultants Ltd. Registered in England No. 2043783.
Authorised and regulated by the Financial Conduct Authority No. 307660.
Directors: P.J. Davison, S.D.E. Hughes, I. Miller ACII, S.S. Pinnell. Non Executive Director: G. Lumby MBE, FCIBS.
Company Secretary: C. L. Nolan.