Why now is the perfect time for businesses to consider Cyber Insurance
During the COVID-19 lockdown, businesses across the UK have had to adjust to the new normal of having staff working from home. For many businesses, this is an entirely new way of operating – and one that raises a whole new level of risk that businesses need to consider.
Here, our cyber risk specialist Andy Hall explains why cyber risk should be an important consideration for businesses during these unprecedented times…
According to a recent survey by cybersecurity company Darktrace, hackers have launched a wave of cyber-attacks trying to exploit the large number of homeworkers. The proportion of attacks increased from 12% of malicious email traffic before lockdown in late March to more than 60% six weeks later. The attacks have increased in sophistication, with various phishing campaigns ranging from offering government relief to health information supposedly from the World Health Organisation.
Most notably, we are seeing hackers employing business email compromise techniques and phishing scams to steal credentials by using coronavirus to trick vulnerable employees to click on corrupt links – perhaps by suggesting the link contains important COVID-19 information.
Many businesses have found themselves suddenly looking for new software and systems to improve their cybersecurity, and often overlooking the human element. In most cases this is the ‘weakest link’, especially with many employees working under increased pressure through lockdown, distracted by home-schooling children and worrying about their loved ones.
Cash flow is king during these difficult times and due to the vast numbers of daily electronic transactions, criminals have increased the number of phishing attacks to intercept and steal funds – with one insurer reporting that funds transfer claims increased by over 40% during the first six weeks of lockdown.
The COVID-19 pandemic has also highlighted the relevance of Business Interruption risk and how a company could survive after a major disaster or event. Cyber risk is often perceived in the insurance industry as a privacy ‘Liability; risk, when in fact the true exposure for most industries lies with first party exposures, business interruption and incident response. Most major cyber insurers have reported that over 90% of insurance claims stem from the financial losses to the business itself rather than any third party liability with costs often running into the £000s.
Our cyber risk specialist, Andy Hall, says:
“If the pandemic has taught us one important lesson, it’s that preparedness is key. I have worked with many businesses over the years and my key mantra is “be prepared”. I discuss cyber risk daily with my clients and, aside from the insurance and risk transfer piece, helping them develop a tried and tested cyber disaster recovery plan and IT risk policies are an important part of the jigsaw puzzle in this complex arena.
“So in summary, do I think there is a greater risk of being hacked whilst we are working from home rather than in the office? Most certainly yes. It has increased the number of ways the criminals can compromise your business and has most definitely given the attackers a different route into your IT Network.”
Here are some simple questions to consider when assessing your homeworking cyber risk:
- Have your employees been trained to spot and manage phishing emails?
- Has Multi-factor authentication (MFA) been enabled on your email accounts or VPN?
- Are home routers & WiFi networks secure and default passwords changed?
- Is your VPN secure, updated, and patched? Do employees switch off the VPN out of hours?
- Are your employees using teleconferencing tools such as Zoom or WebEx. Does the tool allow end-to-end encryption? Is it turned on? Patched?
- Are employees using a personal device rather than a business owned computer? What is the security on that device?
- Backup, Backup and Backup!
Andy has worked extensively with our clients and IT teams to help to manage and transfer Cyber risks against incidents such as online/email fraud, ransomware, denial of service attacks and data loss.
If you would like to contact Andy to discuss further please contact him using the details below, or via your usual BHIB contact.
Tel: 0116 2819152