Lingering in your inbox is an email which appears like any other.
But with one click, this innocent-looking message can enable the sender to obtain yours or your clients’ private information, deny you access to your computer system and leave you owing a sizable ransom or other unexpected costs to pay.
This practice is called phishing, a type of cyber fraud which can be conducted via text messages, social media, phone or email. It is one of many cyber attacks which are rapidly increasing.
In recent weeks, cautions have been issued by the National Cyber Security Centre (NCSC) and the Information Commissioner’s Office (ICO) for all UK organisations to step up their vigilance and security measures against cyber attacks.
Amid rising tensions between Russia and the West, the NCSC has urged people to follow its guidance which includes patching up software vulnerabilities, reviewing backups and ensuring your incident response plan is up to date.
Albeit not a new issue, cyber attacks are an ever-evolving problem.
According to Police UK statistics, there were 28,943 official reports of cyber crime between January 2021 to January 2022, accumulating to a loss of £12.8 million. However, research reported by the BBC in February suggests instances of attacks are far higher, with more than three quarters of UK businesses impacted by ransomware alone in 2021.
But as we witness the cost of energy bills, wages and materials soar, is now the right time to consider investing in cyber insurance cover too?
“Cybercrimes are a very real and multifaceted threat which can cause huge financial, reputational and internal damage,” said Richard Brannigan, a director of Birmingham-based specialist insurance broker, The Bletchley Group.
“We have had instances where a client has been targeted with a fake email on a busy day and with one click they have lost £250,000. We cannot stress enough that these instances are really common and on the rise.”
Helping to support businesses financially by investigating cyber attacks, reimbursing losses, or aiding with legal actions following an incident, cyber insurance is essential for organisations that handle client data, conduct electronic transactions or use computers.
Monitoring companies via email traffic, criminals may lie dormant for months, only moving to intercept and redirect a large financial transfer which they know is being paid on a specific date.
Organisations may also be faced with contractual penalties if the data of third parties was stolen or revealed.
If this were to happen, there is a chance your existing insurance policies may not cover you.
“You can get cyber insurance included in some policies as an add-on cover but it will be really basic. If you want the high calibre version, you can buy full cyber cover as a standalone policy,” explained Richard.
“This is better for many reasons as a tailored solution provides more of a 360 degree approach including first party covers in addition to third party liability.”
As data owners, companies need to be aware that in the event of a breach, they can be fined up to €20 million or 4% of turnover – whichever is highest.
Specifically, a full cyber policy covers cyber extortion, meeting ransom demands, data recovery costs, business interruption, costs of informing clients of data breaches, the costs involved in credit monitoring and regulatory fines or penalties.
“If your organisation deals with personal data or conducts online transactions you will be vulnerable to cyber attacks, from faked invoices and stolen bank details to the loss of client information,” said Richard.
“Cyber criminals are more advanced than you or I can imagine and they will target small and medium enterprises as much as they go after large businesses.”
If you would like to discuss how cyber and data liability insurance can help protect your business, please contact one of our team here.