As the world went into lockdown and businesses were forced to move to remote working, cybercriminals have been thriving on the weakened security status of businesses. On average, it is estimated that cyber-attacks have increased fivefold during the last 12 months, and is likely to continue to rise
The impact of moving to remote working and using cloud-based software and technologies has undeniably had an impact on the rise of cyber security threats in the past year. Yet, despite being almost a year into a new way of working, many are still falling victim to attacks without appropriate insurance cover.
For example, last year, statistics revealed around 60-70% of UK SMEs suffered a cyber-attack, and amongst those, only 11% had cyber cover. While we are beginning to slowly see a rise in the number of businesses seeking insurance cover after becoming more aware of the risks of cyber-attacks since the pandemic, we still have a long way to go.
Many businesses are now having to play catch-up with IT security and, as a result, are now facing the consequences.
Without the protection of corporate networks at an office base, organisations have become far more vulnerable, which has naturally increased the chances of attackers managing to successfully gain entry into businesses systems. We are witnessing an uptick both in terms of severity and frequency of cyber security threats, particularly ransomware and social engineering attacks and its devastating to see the damage it can cause for businesses. It is not just the potentially crippling financial loss they are going to suffer in the event of a cyber-attack, but their reputations are also going to be hugely exposed.
As the attackers become more advanced, we are likely to see an increase in targeted and sophisticated incidents in 2021, with attackers focusing their efforts on businesses who can potentially yield a greater financial pay-off. Clever with their approach, we believe that cyber-criminals will begin to target companies who are already under pressure, as they are more likely to cave to ransom demands. Already, the market is witnessing ransomware demands rise from hundreds or thousands of pounds to millions.
Unfortunately, this is the result of businesses being immediately forced to move to new IT systems overnight, which they were not prepared for. Many businesses are now having to play catch-up with IT security and, as a result, are now facing the consequences.
Despite the upsurge in recorded cyber security threats, we are still seeing many SME businesses, and a significant number of bigger firms, still oblivious to the real effects of cyber-attacks and how common they are.
One important thing people tend to forget, is that hackers do not discriminate, neither in favour of the size or type of the business. Just because the cyber breach of SMEs is not all over the news, does not mean you are exempt. And while awareness is certainly better than it was twelve months ago, we are still seeing an increase in the number of businesses looking for insurance cover once they have suffered an attack, which is far from an ideal situation for anybody involved.
In 2021, businesses need to be pro-active in their outlook to cyber-security and seek the appropriate cover before it is too late. When looking for a cyber insurance policy, along with the expected first person and third party covers and extensive cybercrime sections, we would advise to pay close attention to the integrated cyber response service provided by an insurer. That is the backbone of any cyber policy and what will help you in the event of an incident. You should also delve into what the service provider provides and make sure that is a recognised market-leading company, which offers technical forensic investigations, cyber incident management and legal advice.
And while insurance cover is invaluable, there are also several simple steps all businesses must take to prevent an attack. Just as you would not invest in home insurance and proceed to leave your front door open, cyber insurance is no different. View your systems as virtual doors and protect them at all costs! Just a few of our suggestions would be to ensure you have strong passwords or phrases, adjust the settings in your e-mail to cut out phishing emails, apply multi-factor authentication for network logins and secure any sensitive data with encryption.
But, as always, the strongest and weakest links in a business’ armoury is human error. Take the time to train and educate your workforce on the signs and risks of cyber-attacks and how they can individually play a role in preventing a cyber breach from happening.