What is cyber risk and do we need insurance?

Understand cyber risks and consider whether your business needs insurance

 Cyber risks explained

Simon Taylor

Chartered Insurance Broker Reviewed 13/08/2023

What is cyber risk?

Cyber risk is any threat of financial loss, disruption or damage to the reputation of the business or organisation. Many small businesses or charitable organisations do not belive they are at risk, however quite the opposite is the case. Busineses or organisations with inadequate controls are the most at risk from a cyber event that could cause signficant disruption and damage.

 

How can cyber risks occur?

Cyber risks can occur through ransomware attacks, phishing schemes, vulnerability exploitation, device loss, lack of education, unauthorised use of devices, corporate espionage, and disgruntled employees. Often simple mistakes and potential vulnerabilities can provide the opportunities for attackers to gain access to your system. Attackers can potentially lay dormant for years until they identify a means to achieve what they want. It is worth noting, once the attacker has consolidated their presence, they will be more difficult to find and remove. Many companies attempt to keep details of successful cyber attacks out of the public domain to mitigate the risk of damage to their reputation. Below we have provided examples of cyber related incidents and their outcomes:

Ransomware risk

The insured’s systems were infected with ransomware, impacting the their operational capacity. After evaluating the ransom demand and its options, the insured decided not to pay the ransom and to focus on data recovery. First party coverages under the insuring agreements for Breach Response and Crisis Management, Data Recovery, Business Interruption and third party coverage under the Network Security and Privacy Liability insuring agreements were triggered. The insured engaged counsel and forensics to investigate, remediate, and recover its data. The insured notified its business customers, resulting in numerous customer claims against the insured. An agreement was reached in the amount of £4.5m.

Phishing risk

After an employee’s email account was compromised, a fund transaction was made by a fraudster impersonating the employee, which resulted in £250,000 in fraudulent transfers. First party coverage under Data Breach Response and Crisis Management and Social Engineering Fraud Endorsement was triggered. The insured engaged legal counsel and forensics to investigate and remediate. Fortunately the insured was able to recover its full fund transfer loss and the costs incurred on the cyber claim were limited to the legal and forensic investigation.

Business interruption risk

A malicious actor infiltrated the network of a managed service provider and obtained the personally identifiable information. The incident triggered the Business Interruption, Data Breach Response and Crisis Management coverage insuring agreements. Cover was provided for legal counsel fees, computer forensics fees, notification costs, identity theft monitoring fees, fees for a public relations firm, and fees to operate a call centre to answer questions from impacted individuals as well as associated business interruption costs to enable the company to resume operations. The total amount incurred for the cyber claim was approximately £3.5 million.

Security to protect against cyber risk

Cyber insurance should not be the only line of defence with seeking protection against cyber threats. Businesses should also focus on strengthening their cybersecurity practices to prevent incidents in the first place. Insurers will commonly expect you to maintain a minimum level of controls in order for them to provide your business with the insurance cover. Cybersecurity measures should be combined with cyber insurance, such as employee training, regular software updates, multi-factor authentication, and incident response planning.

Incident response plan

A cyber incident response plan is a document that outlines what an organisation should do in the event of a cyberattack or data breach. These plans are an important part of a business's information security and business continuity measures.

Multi-factor authentication

A multi-step account login process that requires users to enter more information than just a password is important for email accounts and privileged user accounts to your network.

Regular software updates

To prevent known vulnerabilities from being exploited, software must be kept up to date. This means installing patches released by the software developers to close security holes found in their products.

 Cyber risks and security