The report claims that Britain is one of the most targeted nations on Earth, with a third of attacks being directed against small and mid-sized businesses (i.e. those with fewer than 250 members of staff)..
Attacks hit not just the firms targeted, but also their associates, partners and customers through phishing emails.
The investigative report found that cyber-criminals had become increasingly productive, increasingly their success rates from email phishing substantially. They now send only 20 emails for every successful attempt to con or hack their targets.
UK Government statics show that since 2011 cyber-attacks have increased by 65%. For those that have suffered from a cyber-attack, the average cost of a data breach for any SME is between £30,000 – £65,000, for larger organisations that this could increase to £450,000 – £850,000**.
Companies or charitable organisations that are the subject of a cyber-attack could find their trading is affected; as they could suffer reduced income, causing cash flow problems.
The BBC recently reported the following:
TalkTalk shares have fallen sharply as investors continue to shun the firm in the wake of last week’s cyber-attack.
The telecoms company’s shares were down 9% on the Monday morning following when news of the attack first emerged.***
The implications of any cyber-attack are expensive and the costs associated to this can include:
- Cost of notifying personal or corporate clients
- Cost of employing specialist forensic IT experts
- Cost of ID and credit monitoring
- Investigation fees
- Penalties and fines
- Third party liabilities
- Damage to business brand and reputation
- Business Interruption costs
Cyber risks can arise from many different sources, including negligent employees, hackers, malware, stolen or lost computers and mis-sent emails.
McAfee Labs’ 2015 Threats Predictions report sees increased cyber-warfare and espionage, along with new strategies from hackers to hide their tracks and steal sensitive data.
“Cyber espionage attacks will continue to increase in frequency,” the report said ****
Data breaches are now a fact – as sure as death and taxes, but companies can manage the risks related to a data breach and reduce the significant cost that can result from them.
One of the options is to buy an insurance.
Cyber liability insurance (CLIC) has been available for many years but some companies are unaware that they can buy cover.
Most professionals would have attended a risk training session at some time in their career – where the speaker’s options for risk mitigation would have probably included the transfer of risk. A common way of transferring risk is to insure against it.
CLIC has been most successfully used as a risk transfer option in those countries that have mandatory data breach notification laws.
The best example of this is the United States, where 46 of the 50 states have mandatory requirements for data breach notification.
In the UK, the impending draft EU Data Protection Regulation includes mandatory notification of breaches, and it is reported that after three years of arduous discussion, it now certain that the EU’s long-awaited General Data Protection Regulation (GDPR) will finally become law sometime in early 2016.
Any organisation that has either personal or financial information could be the subject of a cyber-attack from Criminals who wish to pursue financial gain through fraud and identity theft; competitors steal intellectual property or disrupt business to grab advantage; “hacktivists” pierce online firewalls to make political statements.
Cyber-attacks are not restricted to financial loss they threaten the countries national security.
All organisations are at risk, but Accountants and solicitors are particularly vulnerable because of the sensitive and often valuable information they hold.
Charities that control donor information or generate income from donations are also a target.
There is also a possibility that where a company Director or charity trustee has not considered the implications of a cyber-attack and the effects on the income on their organisation, in the event of an attack and there is a financial loss, they could be the subject to criticism/legal action from irate shareholders.
Bottom of Form
What does Cyber liability insurance cover include?
- Data breach/privacy crisis management cover. For example, expenses related to the management of an incident, the investigation, the remediation, data subject notification, call management, credit checking for data subjects, legal costs, court attendance and regulatory fines.
- Multimedia/Media liability cover. Third-party damages covered can include specific defacement of website and intellectual property rights infringement.
- Extortion liability cover. Typically, losses due to a threat of extortion, professional fees related to dealing with the extortion.
- Network security liability. Third-party damages because of denial of access, costs related to data on third-party suppliers and costs related to the theft of data on third-party systems.
Some of the elements of a cyber liability cover may be interconnected or overlap with cover from existing products, including those for business continuity, third-party supply chain issues and professional indemnity. Even if this overlap does exist, a decent cyber liability policy will ensure cyber risks are fully catered for. *****
All organisations need to review their cyber policy and whether they can reduce the risk of an attack
Peter Collins (pictured) is a director of bespoke risk solutions http://www.bespokerisksolutions.com telephone +44 (0) 1702 200222