Keeping one step ahead of the cyber attackers
THE modern workplace is unrecognisable when compared to those 20 or even 10 years ago, such is the increased reliance on technology to carry out every day business.
And as the way we use computers evolves, the amount of information stored and transferred electronically continually rises, resulting in a remarkable increase in the potential exposures facing businesses.
Among these exposures is the risk of malicious cyber attack from those intent on damaging businesses and whose techniques are evolving as rapidly as the technology they seek to infiltrate.
And it can be costly. A government survey in 2016 put the average cost of cyber attacks for small businesses in the UK between £65,000 and £115,000 and for larger firms, they typically cost between £600,000 and £1.15m.
However, it is estimated that fewer than 10 per cent of UK companies take out specific protection against the threat.
The risk of devastating losses was put into the spotlight recently when a Lithuanian man was charged with tricking two American technology firms into wiring him $100 million (£80m) through an email phishing scam.
Officials at the US Department of Justice said the case was a wake-up call for even “the most sophisticated” firms.
Closer to home, the head GP at a private doctor's surgery in the UK switched on their computer to be greeted with a message stating that every single patient record on the network had been encrypted and that a sum of £30,000 was to be paid in bitcoin in exchange for the decryption key.
To avoid the loss of critical patient data, the ransom was paid and it cost a further £10,000 to remove any remaining malware from the network.
While these are examples of the worst kinds of cyber extortion, attacks can pose other risks such as data breaches, damage to third-party systems and interruption to your own business or networks.
Such is the scale of the problem, Chancellor Philip Hammond pledged in November to invest £1.9 billion over five years to strengthen the UK's digital defences.
According to the government-commissioned Cyber Security Breaches survey for 2016, less than a fifth of business owners provided cyber security training for their staff in the past.
Working with HR teams to develop a clear policy aimed at promoting good security in an age where a lost or stolen laptop or hacked account can instantly compromise the personal data of thousands of customers, or an ill-advised post on a social media site can be read by hundreds, if not thousands, in a matter of minutes.
Traditional commercial insurance policies are unlikely to protect your business against all cyber exposures.
It is prudent therefore to seek professional advice and develop a bespoke strategy to manage risks and build awareness of the potential cyber exposures faced by your company.
A tailored policy can cover a range of costs including IT forensics, public relations advice, legal advice and defence costs, credit and Identity monitoring costs, notification costs, data restoration costs, cyber business interruption and cyber extortion.
Even with policy in place however, performing regular audits and developing cover as new risks emerge is imperative to keep one step ahead of the cyber attackers.
:: Richard Willis is managing director of Willis Insurance and Risk Management