“‘Silent’ cyber risk leaving millions of UK businesses underinsured” warns Gallagher

Of the 1,000 businesses recently surveyed by Gallagher (the global insurance broker, risk management services and consulting firm), almost two-fifths (39%) of senior decision-makers in UK companies say cyber attacks are one of their biggest concerns, yet the majority of businesses (82%) don’t have specialist insurance in place to cover them against the cost and impact of a cyber attack.

The issue of ‘silent’ cyber exposure is being caused by UK business leaders thinking traditional insurance covers them, when in reality a standard policy is unlikely to offer cyber cover. Under a fifth (18%) of businesses have a standalone cyber insurance policy, with many business owners buying a policy direct from an insurer (43%) without the advice of a broker, leaving them potentially unaware of the risks to which their business may be exposed.

Business leaders may also feel that their business is protected against cyber risk as they have invested in technology. 42% of bosses have invested in ‘out of the box’ technology, but only a minority (39%) have taken specialist external advice, leaving many making business-critical decisions, potentially without the knowledge required.

Of those businesses surveyed, the majority of leaders in larger organisations cite cyber attacks and data breaches as a big issue (59%), compared to a minority of bosses running firms employing 50 people or less (19%). Last year, a third of all businesses (32%) admitted they had been subject to a cyber security breach or attack, showing that the risk is considerable to businesses of all sizes.

Phishing attacks

The most common type of cyber issue to impact UK businesses is phishing attacks (identified by 80% of businesses that experienced a problem), impersonation in e-mails or online (28% of businesses) and viruses, spyware or malware including ransomware attacks (27% of businesses).

Tom Draper, head of cyber at Gallagher, said: “The issue of cyber crime is one of the biggest risks facing businesses today. Clearly, there are practical steps businesses can take to help protect against cyber attacks, but unfortunately the risk remains significant and many businesses are leaving themselves exposed to financial and reputational damage if they don’t consider having specialist insurance in place.

Draper continued: “It’s evident from our research that many bosses believe they’re covered in the event of a cyber attack. However, traditional or off-the-shelf business insurance policies don’t typically provide cover for cyber-related issues. While there’s evidence to suggest larger businesses are more commonly targeted, small and mid-size businesses are still very much exposed to cyber security breaches or attacks and may not have sophisticated protection in place. Cyber criminals will be aware of this vulnerability. They’re also liable to be caught up in cyber attacks aimed at third party suppliers or those targeted at common systems and software, such as the cloud, on which their business may rely.”

Industry sectors 

On an industry sector basis, there are also major discrepancies in bosses’ views on cyber attacks. Over half (54%) of leaders in the manufacturing sector believe cyber attacks are an issue mainly for other types of organisations, followed closely by healthcare leaders (at 42%) and 44% of those in transport. The reality is that all three of these sectors are at high risk of cyber attacks or data breaches.

Draper added: “Our data shows that bosses in some industries think they’re less likely to be targeted, but the reality is that the majority of businesses now have some exposure to cyber crime. Both healthcare and manufacturing are industries that have been singled out as being at high risk.”

He concluded: “In healthcare, this is due to the nature of the customer information that’s handled. The manufacturing sector, which includes automotive, electronics and pharmaceutical companies, is particularly vulnerable because cyber attacks are primarily financially motivated and therefore likely to target businesses where the attackers can demand a high amount of money as well as sell information to competitors.”

About the Author
Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications) Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting. In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector. In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute's George van Schalkwyk Award. An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award. Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site. Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media. Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014 and as Editor of The Paper (Pro-Activ Publications' dedicated business newspaper for security professionals) in September 2015. Brian was appointed Editor of Risk Xtra at Pro-Activ Publications in May 2018.

Related Posts