Cyber crime – are you prepared?
It’s not if, it’s when... cyber-crime is almost certain to affect your business, such is the onslaught of attacks from the dark web, says Oliver Wharmby.
Cyber criminals are inclined to go after smaller, more vulnerable businesses…”
![Link to PI insurance advertising feature](/wp-content/uploads/2021/05/oliver-wharmby.jpg)
No business is 100% protected against cyber-crime. Cyber criminals are now more sophisticated than ever before and inclined to go after smaller more vulnerable businesses which they see as low hanging fruit compared with more complex larger companies who may have better security systems in place and take more time to penetrate. Most cyber liability insurance policies are reactive purchases rather than proactive. It could be a near miss or a scare or as a result of an incident which is too close to home to ignore. Typically, it’s inspired by a competitor or local agent who has suffered an attack.
Phishing scam
We recently had a property manager with two branches who experienced a breach which was the result of a phishing scam. Their systems were paralysed, bogus emails were sent to their clients and confidential information was downloaded including passport details, account details, address details. The costs of instructing technical engineers to identify how the breach occurred, secure the system and get them back up and running was in excess of £10,000. Further costs in managing third parties, data subjects who were compromised and addressing the ICO concerns amounted to a further £40,000. In addition to the above costs of engaging technical experts and legal advisers, it is very difficult to quantify the loss associated with any brand reputational damage and business interruption from not being able to trade for days and sometimes weeks.
One of the main features of value within a cyber liability policy is the instant response section. When a business suffers a breach, they will need immediate access to a team that can help assist with damage limitation as early as possible. The longer a business’s systems are down the worse it is. The business is often left at the mercy of the cyber criminals until a solution can be found. In the worst cases, cyber policies will pay out on ransom claims to avoid escalating losses from business interruption.
Government co-operation
Insurers are working closely with the UK Government, specifically the NCSC (National Cyber security centre) to notice which trends are fashionable amongst hackers at any given point. This has meant they have developed sophisticated software that will only benefit the newest of policy holders, which can continuously scan the insured company’s domain, which will flag any cyber exposures the entity may have, provide a full risk assessment to policyholders, give advice to companies on how they can improve and manage the risks they may find and then rate the premiums accordingly. This should leave the policyholder feeling confident that IT infrastructure vulnerabilities can be flagged before a claim may arise and not when it’s too late.
Cost to agents
An agent can expect to pay circa £550 for a low level of cyber liability insurance of £100,000 including cyber-crime. This would be based upon no historical claims, income less than £2,000,000, no more than 10,000 individuals personally identifiable information held on record and they would need to be able to demonstrate they have some cyber security systems / controls in place such as regular password updates, file encryption, multi-factor authentication. Cyber Liability Insurance premiums vary depending on coverage and the sum insured. Any business owner that is reliant upon IT systems to trade is exposed and even a policy with a small sum insured is better than having nothing.
Oliver Wharmby is a Director at Mint Insurance.