Companies face dual risks as cyber criminals use coronavirus to front frauds and concerns are raised that remote working will increase the costs and response times necessary to resolve data breaches.
Businesses are being urged to take out cyber insurance to mitigate against risks created by escalating digital dependency fuelled by the COVID-19 pandemic.
The warnings come after the National Fraud Intelligence Bureau reported that 86% of fraud is cyber-enabled and the Department for Culture, Media & Sport noted [PDF] that 32% of businesses and charities had identified a cyber security breach or attack .
Covid-19 has created further worries. This month Interpol warned that "....due to the sudden, and necessary, global shift to teleworking, organisations have had to rapidly deploy remote systems, networks and applications. As a result, criminals are taking advantage of the increased security vulnerabilities arising from remote working to steal data, generate profits and cause disruption."
ECHO, the European Network of Cyber Security Centres, has also sounded the alarms, stating in May that: "...“…this pandemic offers cyber attackers unique opportunities to leverage existing attack tactics, techniques and procedures to exploit new opportunities created by a massive increase of employees working from home, children using home computers for schooling, as well as the human factor and emotions caused by the pandemic.”
But it's not just the actions of digitally enabled criminals that are causing concern. The restrictions and imperatives that accompanied the pandemic accelerated companies digital transformation plans, with Work from Home swiftly becoming integral to the "new normal."
In-depth research by the Ponemon Institute for IBM's Cost of a Data Breach Report [PDF] found that 76% of respondents believed remote working would increase the time taken to identify and contain a data breach. 70% said it would increase the cost.
Whilst noting that 52% of breaches were the result of malicious attack, 25% were caused by "system glitches" and a further 23% by human error.
Breaches of GDPR and other legal frameworks such as the Network & Information Systems and Privacy & Electronic Communications regulations can be costly. In 2019-20, the Information Commissioner's Office conducted over 2,100 investigations and levied fines of up to £500,000 in the wake of data breaches [PDF].
How can Cyber Insurance help?
"Cyber insurance can be reactive and pro-active, restorative and preventative" explains RBIG's commercial director, Stephen Hodgson (pictured left).
"Insurers recognise that it is in their own interests to help their policyholders engage in best practice in order to better manage cyber security risks. This could insurers providing access to specialised services, including assessments of staff susceptibility through simulated exercises, training modules and regulatory updates.
Prevention and cure
"Whilst prevention is better than cure, should a business suffer a cyber attack or data breach - malicious or accidental - then a cyber insurance policy can assist by restoring losses, enabling reputation management and securing systems and procedures to prevent similar breaches," says Stephen.
RBIG can advise on and arrange a range of cyber insurance solutions. These can cover first and third party liabilities, including risks such as personal and commercial data breaches, cyber extortion - very much in the news this year - denial of service (DoS/DDoS) attacks, telecommunication services fraud and regulatory breaches.
Aside from covering direct financial losses, policies can protect against dependent business interruption - loss of income and expenses caused by a computer failure upon which your business relies.
Other benefits can include public relations support to help protect corporate and brand reputation and betterment which provides cover to enhance security following a breach to help prevent a similar breach in future.
Time to take cover
"Cyber insurance has been something of a Cinderella cover, far from the top of the priority list," comments Stephen, citing evidence from the Association of British Insurers which reported that just 11% of UK businesses purchased specific cyber insurance policies last year.
"Given the risks, that the cost of data breaches can run into the millions and that COVID-19 has in effect forced the digital transformation of so many businesses, now is very much the time to take cover."
He added that the ABI has also highlighted cyber insurers' high payout rates which, at 99%, is one of the highest claims acceptance rates across all insurance products.