Cyber attacks are increasingly being acknowledged as one of the biggest threats facing businesses, a perception helped by a number of high-profile cyber attacks in the last year. Cyber attacks such as WannaCry have made worldwide news headlines, spanning more than 150 countries and hitting more than 300,000 machines across numerous industries. In the UK, hospitals with locked computers were forced to close temporarily, giving a glimpse of what could happen if major national infrastructure is ever compromised by cyber attacks.
The cost in lost productivity of last year’s WannaCry ransomware attack alone was estimated at $4bn. Estimated annual losses from cyber crime now top $400bn, according to the Center for Strategic and International Studies. In 2017, the average cost of a cyber breach was $349,000, according to NetDiligence, whose data is based on actual cyber insurance claims. For a big company the average cost was $5.9m.
Yet many firms are still not opting to buy insurance cover as it is not deemed a threat that will affect their business. In a 2017 report by research and consulting firm GlobalData, just one in ten SMEs in the UK were deemed to be covered against cyber risk. Whilst Allianz suggest that in 2017, 13.7% of SMEs have cyber coverage, an increase from just 2.1% in 2014.
General Data Protection Regulation (GDPR) could change things in 2018, as companies will increasingly have higher regulatory fines to pay. Under the new rules, your firm could be fined up to 4% of turnover or €20m, whichever is the greater, if regulators think you haven’t protected customers’ personal data adequately. According to Lloyd’s, Telecoms Company TalkTalk suffered losses of nearly $100m after its breach in 2015, and this included a £400,000 fine from the UK Information Commissioner’s Office. Once GDPR is in force in May 2018, it is expected these fines will be far greater.
Companies can protect against this exposure by purchasing a cyber liability insurance policy. Such policies provide cover for a number of different perils resulting from a cyber attack, such as: costs of repairing and restoring parts of the insured’s information and assets after they are damaged by a hacker, business interruption, regulatory defence and penalty costs such as those mentioned above, the costs of investigation in to the cause and scope of the breach, payment of reasonable and necessary expenses incurred by the insured such as the payment of ransom for cyber extortion threats, the costs involved in notifying customers that their data has been breached, and public relations and crisis management consultant costs.
Jamie Webb, managing director of Cyber Insure, said:
“Despite increased awareness of cyber related exposures, a number of companies are still not purchasing cover – particularly SMEs that perhaps believe that such attacks will not happen to them. With increasing numbers of ransomware attacks in 2017 it is vital companies protect themselves from such exposures, as threats such as cyber extortion may have a catastrophic financial impact on smaller companies. We have created an insurance product to cater for the needs of SME businesses, which provides peace of mind that a broad range of cyber related exposures will not put companies out of business.”
Cyber Insure is an online platform offering cyber insurance and risk management resources designed to protect businesses from the ever growing threat of cyber related exposures. For more information, please visit www.cyber-insure.com.