The best business advice, opinion, news and expertise in Greater Manchester and further afield.

Thursday, 27 August 2015

Member Blog: Cyber Crime is a real risk to business, do plan and protect yours

By Paul Watts - Branch Director, Bluefin Insurance Services, Stockport

It has been said that there are only two types of companies; those that have been hacked and those that will be. (Robert Muller, FBI Director)

Cyber crime refers to computer or information technology dependent criminal activity. Phishing, spyware, malware, hacking and social engineering are all ways of conducting cyber fraud. Fraudsters are becoming more inventive and many victims are often unaware of the crimes. For many organisations cyber crime is frequently considered too ‘virtual’ to be a threat but the financial and reputational costs are very real.

Data breaches are costly and have risen year on year since 2008; last year the average cost per compromised record increased from £86 to £95*. Multiply that by hundreds or thousands of customer records and the cost of a single data breach incident can be overwhelming for many businesses. In addition to making sure you have effective internet security software the right cyber risks insurance can help protect your business from cyber-attacks, data breaches and other internet-based exposures.

Serious damage can be inflicted on most organisations as almost every business today has a CRM system, they store client data, hold payroll details or use computer-controlled processes and some or all these systems could be overridden or interrupted following a successful cyber attack..  Businesses need to be equipped to not only restore their systems as quickly as possible, but also cover the costs arising from complying with customer requirements and the handling of crisis management. A standard business interruption policy does not cover a cyber attack unless physical damage is caused. Cover is available for this through a comprehensive cyber insurance policy.

The nature of online trading creates considerable virus, spyware and hacker risk exposures, including theft of customer banking information, privacy liability following a breach of personal identity data, and e-business interruption. These risks may not be adequately covered by traditional standard policy forms. Modern businesses, of all sizes, are vulnerable to this type of attack from a local B&B with an online booking system to large online retail businesses.

Manchester is considered to be a 'beta' global city, rated as the second most globally influential city in the UK after London**. The region is now an economic knowledge-led centre, with research and enterprise clustered around the University of Manchester. Typical industry areas include: digital and creative services, biotechnology, advanced manufacturing, environmental technologies, tourism, global sports brands, media and real estate.

Businesses that rely on information or research as part of their everyday business, such as IT, media, biotechnology and publishing companies are especially at risk of intellectual property theft and breach of confidentiality.  This type of cyber attack is considered a form of industrial espionage, cyber criminals intend to steal intellectual property or other economically valuable commercial secrets such as supplier and customer lists, financial information, contract terms or patents of new products with the purpose of selling it on. The need to protect your business against an attack cannot be underestimated. Such breaches can can result in unforeseen expenses arising from damages to victims of data theft, contractual penalties, investigative costs,  interest on money stolen, court attendance costs and public relations expenses.

In addition to the direct financial costs, reputational damage is the often overlooked cost of cyber crime. Loss of faith in a business that has been the victim of a cyber attack who did not adequately protect their clients, suppliers or themselves could have a longer term affect on the business. Competitors will be swift to take advantage of this situation; winning back customers and suppliers and rebuilding a reputation takes time and money.

So who carries out these attacks and why? Cyber attacks are carried out by a variety of culprits, largely by criminals, with specialist skills. It may not be an organisation’s own data that is the target; some companies are attacked to get information on third parties with whom they deal. For example, hackers can steal a bank’s customers account data. Attacks can also be carried out by disgruntled employees or those who believe they are fulfilling a higher purpose by whistleblowing.

Cyber liability is a hot topic, with insurers and brokers alike looking at this new and emerging risk. A report published by the UK government and a global insurance broker, warned of knowledge gaps among business that is holding the UK cyber insurance market back.  The government has worked with the Information Assurance for Small and Medium Enterprises (IASME) consortium and the Information Security Forum (ISF) to develop Cyber Essentials, a set of basic technical controls for organisations to use. It offers a certification process for businesses to show they have taken the necessary steps to prevent cyber-attacks.

Sensational news stories help promote the need for cover, but buyers, as always, need to be aware. Many policies that are emerging are very specific in what they cover and what they don’t cover. It is imperative that those buying this insurance think long and hard about the risks they run, and ensure that any policies bought reflect the cover required. An experienced insurance broker will be able to review your risks and provide professional advice on the best cover for your business.

*Source: IBM & Ponemon Institute 2014 Cost of Data Breach Study: UK).
** Source, Globalization and World Cities (GaWC) Research Network, Loughborough University.

No comments:

Post a Comment