Like most emerging insurance products, Cyber Insurance initially struggled to gain traction in a marketplace that undervalued it’s importance, but studies now show an incredible 30% annual growth in uptake. If you operate a business and don’t have Cyber Insurance yet, it may be time to consider investing before it is too late.
It isn’t only the introduction of the new Data Protection law, the notorious General Data Protection Regulation that has inspired companies to start taking Cyber Security more seriously. Industry figures show an increasing trend of high publicity data breach incidents impacting global corporations including Sony, Snapchat, LinkedIn, Experian, Forbes, Qatar National Bank, Tesco, Ebay and Yahoo. If you wish to see a more sobering look at the examples of companies who have been the victims of data breachs, check this list of 287 websites that have suffered data breaches from ‘haveibeenpwned.com‘ who also offer users a free service to check if their email address is included in any of the data dumps obtained from high profile breaches. Data breaches in Europe alone are up 36% since 2011. If the hackers can breach systems that are operated by the most highly paid cyber security specialists on behalf of some of the biggest companies in the world, it is logical to assume that your company would be easy pickings.
Cyber Security now needs to be at the forefront of boardroom discussions for businesses and corporations globally. Even as far back as the Stuxnet worm incident in 2009, the need for cyber security has been overlooked. Two years ago in 2016, the world saw a slew of healthcare providing hospitals and facilities hit with ransomware such as the high profile $17,000 payoff by Hollywood Presbyterian Medical Centre to hackers who took their systems hostage using Locky Ransomware for almost a week. Even the Police have been forced to cough up the ransom in the past after admitting the FBI were unable to identify those responsible. Cybercriminal organisations are not going to stop when they can generate income so efficiently; as Adam Kujawa, a Director for popular anti-malware company Malwarebytes commented: “It’s a fantastic money maker; you infect someone, they pay you directly.”
A report by IBM suggested that 70% of impacted businesses have paid the ransom to regain access to their data, and 55% of parents said they would pay to retrieve their digital family photos.
It is clear, the digital landscape has evolved faster than ever imagined, and the rate of growth is not slowing. The reputational damage suffered by Ebay as a result of the 2014 data breach forced them to lower annual sales targets by £150 million. Back in 2012 online retailer Zappos suffered a breach that disclosed 24 million customers details and six years later the Federal Appeals Court have reopened the case to allow those affected to sue the company. Companies become more and more reliant on digital technologies each day as more and more information is converted into digital formats. Infrastructure and investment grows, technologies emerge to optimise efficiency, and the staggering volume of data stored and processed becomes unfathomable.
What is at risk if you don’t have Cyber Insurance?
Reputational damage can be crippling for a company if customers lose faith in how securely their data is handled as evidenced in the Ebay data breach. Financial impact can extend beyond the initial costs to cover regulatory fines, breach disclosure, public relations and legal expenses as demonstrated in the Zappos case reopening after six years. Hacks and infections can lock you out of accessing your own data leaving you unable to trade and losing revenue and opportunities as a byproduct, or worse still, forcing you to pay a hefty ransom to resume operations.
If that’s not bad enough, other considerations for the remedial costs of not having cyber insurance include charges associated with tightening up your network security to satisfy regulators or independent assessors, covering legal liability costsshould the company be sued by affected customers or suppliers, cyber terrorismlike that of Stuxnet that involves the physical destruction or subversion of computer based systems, and even additional fines incurred in relation to PCI-DSS the regulatory standard for secure handling of payment card information in the event cardholder data is affected.
“I’m only a small business, nobody will attack me.”
Famous last words unfortunately, as there is a worrying trend of small businesses being targeted due to their lower and often insufficient cyber security. Your company may not have much of value, but for the minor effort involved, the cybercriminals will come and check for themselves. Between 2014 and 2015, small and medium enterprises fell victim to over seven million cyber crimes.Even if you do not store data about customers, you are still at risk if you rely on computer systems or online resources such as the internet, emails or a website to conduct business. Do not underestimate the threat of random cyber-saboteurs who will attack without reason simply for the cheap thrill or to score points for their own reputation as a hacker.
For more information about Cyber Insurance or the threats facing companies all over the globe, check out our Cyber Insurance product page here. If you would be interested in getting a quotation, you can complete a form here or give us a call on 01782 280 280.
Have you ever suffered from a hack or paid a ransom? Think you know all you need too about the current cyber threat landscape? Do you think Cyber Insurance is important or just a novelty? Be sure to head over to social media and let us know @connect_insure on Twitter and @cibltd on Facebook.
Related Articles:
Aon: Global Cyber Market Overview [PDF]
Pen Underwriting: Everything You Need To Know [PDF]