As sophisticated cyberattacks increasingly target businesses, the world's specialist insurance market is warning them to be properly prepared or face significant financial losses that could kill their business.
According to Lloyd's report, entitled “Closing the gap – insuring your business against evolving cyber threats,” businesses face the rising threat of ransomware, such as last month's Wannacry and the recent Petya attack, distributed denial-of-service attacks, and CEO fraud.
The study, which was made in partnership with
KPMG and
DAC Beachcroft, cited Lloyd's underwriter
Beazley, for instance, as having seen a fourfold increase in ransomware attacks on its customers from 2014 to 2015. It also predicted that this number will double this year.
Study findings also revealed that financial services firms are the most targeted by organised cybercrime, and named retail as another sector that's seeing increasing cyberattacks.
Oil and gas, meanwhile, can fall victim to espionage and occasional high-end disruptive attacks as they find themselves caught in national politics, the study said.
The study also revealed the susceptibility of the public and telecommunication sectors to espionage-focused cyberattacks.
Commenting on the study findings, Lloyd's CEO
Inga Beale stressed the need for adequate protection against looming cyber threats.
“The reputational fallout from a cyber breach is what kills modern businesses. And in a world where the threat from cybercrime is when, not if, the idea of simply hoping it won’t happen to you, isn’t tenable,” she said.
“To protect themselves businesses should spend time understanding what specific threats they may be exposed to and speak to experts who can help handle a breach, minimise reputational harm, and arrange cyber insurance to ensure that the risks are adequately covered.
“By reacting swiftly to mitigate the impact of a cyber breach once it has occurred, companies will be able to minimise the immediate costs and their exposure to subsequent slow burn costs,” she said.
Matthew Martindale, director in KPMG's cyber security practice, also cautioned businesses to prepare against a breach's long-term damage: “Dealing with things like reputational issues and litigation in the aftermath of a breach, can add substantial costs to the overall loss. Businesses really need to start thinking about the cyber risk holistically rather than one that is currently very short sighted.”
This sentiment was echoed by Hans Allnut, partner and head of cyber & data risk at DAC Beachcroft, who said businesses should not only focus on immediate business impact, which he said “may only be the tip of the iceberg,” but also legal consequences which could take months, even years to deal with.
“Once notified, it is not uncommon for regulatory investigations to take more than a year before they reach a conclusion, “ he said. “Subsequent litigation can take even longer, particularly because the law surrounding data security and privacy is a relatively evolving area. In one UK data protection case, it took three years and a failed appeal before the litigation was finally settled.”
Related stories:
Cyber insurance volume increases by 35%
Are New Zealand boards managing cyber threats?