| News

Vulnerable not valuable – understanding the real risk of a cyber attack

It's easy to become confused about cyber insurance – how it works, why it’s needed and what the real threat to your business is.

News headlines often feature big industry names being hit by a cyber-attack. But alarmingly, research from Aviva has shown that the majority of British SMEs - 86% - do not have any cyber insurance cover in place.

Cyber insurance has a reputation as only being needed by businesses that hold sensitive data – but privacy exposure isn’t the only risk facing businesses today. In fact, cybercriminals are increasingly targeting traditional industries that hold almost no sensitive data at all, whether through ransomware attacks that halt operations or business email compromise scams that result in wiring payments to fraudulent accounts.

A recent UK government report – Cyber Security Breaches Survey 2020 – reveals some sobering facts:

  • 46% of businesses have reported having cyber security breaches or attacks in the past 12 months.
  • Among this 46 per cent of businesses that identify breaches or attacks, more are experiencing these issues at least once a week in 2020 (32%, vs. 22% in 2017).
  • And one in five of this 46 per cent (19%) have experienced a material outcome, losing money or data. Two in five (39%) were negatively impacted, for example requiring new measures, having staff time diverted or causing wider business disruption.

Many SME businesses are at risk not because they hold sensitive data that cyber criminals are seeking to gain, but simply because they are vulnerable to an attack. This is often a combination of a lack of understanding of the risks and exposures, staff awareness and training and not having the right or even any cyber insurance in place.

Managing the cyber risk to your business

Terms like malware, ransomware, phishing and social engineering are now common parlance.  But how many of your staff would recognise a suspicious email or weblink if one arrived in their inbox from a supposedly trusted source?

The Covid-19 pandemic has changed the way many of us now work with remote working set to continue for many businesses to some extent for the long term.

Where in pre-Covid times, a team member may receive a suspicious looking email and be able to ask a colleague for their thoughts before reacting to it, remote working makes that sense-checking much harder and so the potential for clicking on a link that could result in a form of cyber attack is significantly greater.

Remote working has had a massive impact on the adoption of digital solutions, meaning that cyber cover should now be perceived as an essential part of a company’s insurance programme – not just an extra or add-on luxury.

This is where understanding the risks to your business is crucial. Cyber insurance doesn’t just protect against an attack but having the right cover in place can provide you with access to experts to get your business back on track in the event of a cyber incident.

How to protect your business for tomorrow.

With cyber available as part of a packaged product or as a stand-alone policy, how do you find the right solution for your business?

Of course, you can jump online and find a myriad of cyber insurance policies available at the click of a button. But does that give you the peace of mind that insurance is designed to give?

What might seem a cost-effective solution at the time of purchase could in fact prove extremely costly in the event of a cyber-attack if the policy chosen doesn’t provide the cover and support you thought it did.

Talking to an adviser with technical knowledge and a commitment to see the threats, risks and concerns to a business from the owner’s perspective is key. In simple terms, engaging with an experienced insurance adviser to help you understand the solutions that can be put in place is the best way to proactively manage the risks to your business.