It’s often been said that where there is chaos, there is opportunity – and while no insurance broker would have wished for the recent global cyberattack it certainly presents a chance to educate clients on what is increasingly becoming a “must-have” area of cover.
New research from insurance broker Lockton has shone the spotlight on just how far behind the UK is when it comes to preparedness for attacks similar to that which occurred on Friday. It found that just 8% of UK businesses are checking for hacking activity daily, while only a third (32%) are doing so at least once a month.
What’s more is that 27% admits that their staff is not prepared to deal with a breach, despite 60% thinking they are well prepared overall.
“UK companies are clearly underestimating their risk by thinking they are well prepared for a cyber security breach,” Peter Erceg, Lockton’s senior vice president, global cyber & technology said. “The current crisis reveals the huge vulnerability of businesses to the ever-present threat of cyberattack and their failings in keeping pace with its rapid evolution.
“Aside from the widespread inconvenience, the cost of a data breach can be profound, running into millions of pounds for larger organisations, with additional hits to reputation, customer base and business opportunities.”
Speaking to Insurance Business, Graeme Newman (pictured), chief innovation officer at
CFC Underwriting, outlined that incidents like last Friday’s are increasingly common even if not usually on this scale.
“Ransomware has been on the rise over the last 18 months and last year it was the single largest source of cyber claims,” he said. “We’ve been trying to hammer home the message that cyber is not just about data breach, and this event is proof that there are far wider and more damaging risks that businesses need to be concerned about. We’re not particularly surprised as we deal with events like this every single day.”
According to Newman however, this latest breach may present an opportunity for brokers as he would “be amazed… if businesses didn’t really stop and think about the structure of their insurance programs and the value of cyber insurance following the publicity of this event.”
“I think this event has opened everyone’s eyes to the scale of the problem,” he added. “Rather than an opportunity to sell a new product this is a clear opportunity for brokers to help assist and educate their clients.”
However, with cyber insurance the same question tends to loom large – how do you convince your clients they actually need it, with many assuming it only happens to large corporations such as Yahoo, and InterContinental Hotels, which were both recently targeted? This incident may change that perception, said Newman.
“In the last 12 months 90% of our cyber claims came from organisations with less than £50 million in revenue,” he explained. “Ransomware in particular is something that tends to hit small businesses the hardest. There will be plenty of news stories emerging over the coming weeks about small businesses that have been badly affected.”
For brokers though, the approach shouldn’t just be to try and “sell” cyber insurance – it should be to offer a more complete package of advice to clients about cyber, with insurance being part of that equation.
“There are some very basic steps that everyone can take to help reduce the risk of being affected by ransomware,” explained Newman. “Taking patch management seriously, and ensuring all operating systems and applications are up to date is the most critical one, alongside taking regular, comprehensive off-line back-ups. Brokers can also assist with providing their clients with access to training and education. Helping users to spot potentially malicious emails is your first line of defence.”
Related stories:
New ransomware attacks may hit today, experts say
Ransomware: The good and the bad for cyber insurers