Addressing the range of cyber risks that are presenting pressing challenges to UK businesses in a recent episode of IB Talk, Chris McMurray, cyber lead at Travelers Europe, highlighted how the threat is continuing to evolve. This represents a significant concern for businesses, he said, as it means they have to continue to adapt in order to keep pace with this constantly changing threat.
“The threat itself globally continues to remain high,” he said. “The UK itself doesn’t exist in a vacuum within that, we are equally as affected as anywhere else in the world. Ransomware has not diminished, but has actually evolved as we’ve touched upon. Many service providers now, for example, are being targeted to gain access to a wider range of targets.
“And we’re starting to see a response from the insurance market towards that growing threat. Also now as well with the growing use of connected devices, this obviously increases the threat out there, just simply due to the increased connectivity now, which is pretty much part of our everyday lives.”
Adding to this, James Doswell, senior risk management consultant for cyber at Travelers Europe, noted that he too is seeing the evolution of cyber risk as a threat against all businesses. Travelers’ own experience across its portfolio shows attacks across a range of industries and businesses of all sizes, he said, and while some industries have got a higher threat profile than others, the reality is hitting home for many.
“But there’s still an attitude, in particular among smaller businesses, that cyberattacks aren’t something that’s going to happen [to them], and only happen to bigger high profile businesses,” he said. “According to the UK Government, 39% of businesses suffered a cyberattack in 2022, so far. We also find that enhanced cybersecurity has led to higher identification of attacks.
“And certainly the less mature organisations may not be reporting, or may be under-reporting. Many SME entities fall into that category. Of the 39% of UK businesses who did identify an attack, the most common threat vector was phishing…. Around one in five, that’s 21% of all businesses that reported, identified a more sophisticated type of attack, such as denial of service, malware, or ransomware. And despite its low prevalence, organisations have cited ransomware as a major threat with over half of those businesses having a policy not to pay ransoms.”