Risks of cyber attacks

Insurance brokers have a unique opportunity to become businesses’ trusted adviser on cybersecurity, to help mitigate the potentially significant damages and costs caused by attacks.

Businesses need to wake up and act now to fully protect themselves against the risk of cyber attacks to avoid facing monumental bills, significant reputational damage and even years of litigation. Although most businesses are concerned about the risk of a cyber attack, there still is not enough awareness of the true risks to their operation, with many still seeing the matter as purely an IT issue, rather than as a key commercial risk that affects all parts of a company.

Matthew Martindale, director in KPMG’s cybersecurity practice, warns against businesses only considering the short-term implications of a cyber attack, including only seeing costs in possible ransoms: “Dealing with things like reputational issues and litigation in the aftermath of a breach can add substantial costs to the overall loss”.

A 2017 government cybersecurity survey found only one third (33%) of UK businesses had a formal policy that covered cybersecurity risks; and only one in 10 (11%) had a cybersecurity incident management plan in place.The costs also cannot be underestimated: recent research by Lloyd’s claims that a major global cyber attack has the potential to trigger £40bn of economic losses. The report also reveals the stark truth of the situation where, although demand for cyber insurance is increasing, the majority of these losses are not currently insured, leaving an insurance gap of tens of billions of pounds.Although recent attacks including WannaCry and Petya, with their wide spread of victims including the National Health Service, car manufacturers, airlines and universities, are perfect examples that highlight the need for cyber cover, the demand since those stark warning stories has not surged.

The threats, however, have increased. The insurance sector has been a rise in ransomware claims, from just a tenth of all cyber insurance claims last year to almost a quarter, according to insurer CFC Underwriting. Many companies have taken advantage of this by launching cyber-specific insurance products to capture what they presumed would be a huge uptake in security. In June, technology giant Apple teamed up with Cisco to help their business customers get discounts on cybersecurity insurance premiums,which seems as good a sign as any that businesses really should be taking the threat seriously.

But the future is looking bright for insurers. The upcoming General Data Protection Regulation (GDPR) in 2018, with its increased obligations on companies regarding protecting personal data, is expected to help cyber insurance, especially as many businesses will also look for support during the transition. The insurance sector must also step up to be ready for the regulatory implementation. It is a very high level data-gathering sector, where personal and sensitive data supports decisions.

Educating businesses is the key to secure the success of cyber insurance.

Note: The present material represents a review of the article which may be accessed here.