Earlier this year, the annual Allianz Risk Barometer identified the top corporate perils based on the insight of risk management experts from around the world. In the UK, it was little surprise to find that the top two primary threats to business is cyber incidents and legislation changes, the latter most likely because of the uncertainties about Brexit.
Business Interruption came in at a close third. An interruption can occur from many events, and businesses are increasingly worried about interruption arising from cyber incidents. If your systems become compromised from hacking, chances are high that business will be interrupted. And who knows how long it will take to recover it all and put extra securities in place?
The loss, misuse or theft of data can be crippling to SMEs. Yet there is still a reluctance among many small businesses to recognise their exposure to cyber risk. Is it because you invested in IT security and believe you’re safe from hackers? Perhaps you don’t think your business is big enough to be targeted. After all, isn’t it only the likes of Tesco, British Airways and Carphone Warehouse who suffer cyber-attacks? Sadly not. Recent research by Hiscox found that 55% of UK businesses had suffered from a hack attack, with many saying that they didn’t think they were at risk.
Let me ask you the following questions:
• Do you have a website?
• Do you use email?
• Is your business dependent on your IT system to operate?
• Do you store data in the cloud?
• Do you make electronic payments?
• Do you take payment by credit card?
If the answer to any of these questions is ‘yes,’ then you are exposed to cyber risk. The extent to which this risk impacts on your business will vary; after all, no two businesses are the same.
As we become more connected through the Internet, and our systems and processes rely more heavily on networks, our cyber risk is increasing. This has serious implications for manufacturing companies investing in industry 4.0 technology.
These days, criminals target companies. Shutting down entire operations, they demand ransoms to release them. Examples of cyber-crime include:
• A cold storage facility endured two days of business downtime and was forced to write off thousands of pounds’ worth of defrosted stock because their warehouse management computer system was hacked.
• A manufacturing company stores all their data offsite via a cloud provider, including sensitive customer, employee and financial data. One weekend, someone – believed to be a disgruntled ex-employee – accessed the account, gained control of their entire data, and held them to ransom to get it back.
• A food trucking company suffered a ransomware attack where cybercriminals encrypted all their data files and requested a ransom of $9,920 in exchange for the decryption key. The hackers had encrypted every single piece of data the company needed to run operations – routes, logistical information, key contacts, and how much stock they had and needed to order. They’d even shut down their payment card processing capabilities.
How would your business respond to something like that? Do you have the resources to deal with an interruption of any scale?
Cyber-crime is now included in the ONS (Office for National Statistics) reports on crime, putting the crime rate back up to levels not seen since the beginning of the millennium. It’s now easier for criminals to do their job digitally than physically, which means that you are nine times more likely to suffer a cyber-attack than a burglary.
Protect Your Business
Just as you install an intruder alarm to protect your physical assets, it is equally important to invest in security to protect your digital assets. Also, ensure that your employees are educated and trained in all things cyber – this is essential to help reduce the risk of someone inadvertently allowing a cyber-attack to occur.
Even when you have invested in prevention, it doesn’t mean that you will not fall victim to cyber-crime. Cyber insurance is designed to protect your business against the financial loss arising from a cyber event, such as theft of funds, data breach or damage to digital assets.
I will explain how a cyber policy works in next month’s newsletter. Meanwhile, consider what would happen if you couldn’t access your computers, or an employee left a laptop on a train, or one of your employees was duped into transferring funds to a fraudulent account. Would you know how to respond?
If you can’t wait until next month, or need some help now on protecting your business from cyber-attack, then do get in touch.