David Higgins, Insurance specialist for the Technology Sector discusses the ever present threat of cyber crime facing businesses today.
From brushing our teeth in the morning to monitoring our sleep at night, technology continues to permeate every aspect of our existence.Britain’s technology sector is performing robustly, the UK is currently the fourth largest global market for technology investment, underpinned by £6.3 billion worth of investment flowing into the sector last year. For us in the east, 2018 brought a 206% increase in funds being invested into technology business.
These figures are certainly positive for the tech sector however it is worth noting that the sheer pace of expansion and innovation within the technology sector brings with it unprecedented challenges and potentially significant and unappreciated exposures to risk. The insurance market has been attempting to keep pace with the technology landscape in order to identify and assess the developing risk profiles for the sector.
There are a substantial number of emerging risks facing the tech sector, and to list them all is well beyond the scope of this blog, however I will start by discussing an important cover that should be in the minds of the vast majority, if not all businesses.
Cyber – the need for protection
It has been difficult to miss the high profile cyber incidents that have occurred during the last few years. Cyber incidents have the scope to affect millions of people across the globe, not to mention the costs (both financially and reputational) they may have on business. To give one high profile example, the 2017 WannaCry ransomware incident which affected the NHS did not directly lead to loss of life, however it caused thousands of operations and procedures to be cancelled, and cost the NHS £92 million.
It is worth pointing out a commonly held misconception that small businesses are rarely a target for hackers. However, an annual survey of business leaders, conducted by the research consultancy Opinium, found that 63 per cent of small businesses employing between one and 49 staff reported being a victim of cybercrime in 2018, compared to 47 per cent in 2017 and 55 per cent in 2016. These figures are compounded by research from the UK’s Federation of Small Businesses (FSB) which found that the UK’s small businesses are collectively subject to nearly 10,000 cyber-attacks a day. The business group said that one in five small firms said that they faced a cyber-attack in the two years to January 2019. Over seven million individual attacks were reported over the same period, said FSB, which equates to 9,741 incidents a day. This raises the questions that I hear from many SMEs, namely “why would I be a target?” and “what can hackers gain from attacking my business’s online systems?” The answer is relatively simple: if your business holds personal data such as email addresses, phone numbers and billing addresses, or is reliant on computer systems to carry out daily activities, you are an attractive target for cyber criminals.
Cyber insurance – what does it cover?
Most cyber insurance policies will cover the first-party and third-party financial and reputational costs, if data or electronic systems have been lost, damaged, stolen or corrupted.
For the business involved ie the first-party, cyber insurance cover includes the cost of investigating, recovering data lost in a security breach and the restoration of computer systems, loss of income resulting from business shutdown, reputation management, extortion payments and regulatory/third party notification costs.
Third-party coverages (that result from claims against you) include damages and settlements, and the cost of legally defending yourself against claims of a GDPR breach.
This is a very brief introduction to the way that insurance can help small businesses responds to the increasing threat that cybercrime may pose to their operations. In stark contrast to the complexity of the issue, obtaining a quote for cyber insurance is a relatively simple process, requiring minimal investment of your time.