The Cyber Risk

Brian Sims BA (Hons) Hon FSyI: Editor of Risk UK

Brian Sims BA (Hons) Hon FSyI: Editor of Risk UK

Last year, over 80% of large-scale UK businesses suffered a cyber security breach. On the back of that rather alarming statistic, a detailed report just published by the Government and Marsh – the insurance broker and risk advisor – outlines new joint initiatives devised between Westminster and the insurance community designed to help organisations come to terms with cyber risk and, importantly, establish cyber insurance as part of their dedicated security management toolkits.

‘UK Cyber Security: The Role of Insurance in Managing and Mitigating the Risk’ finds that, while larger firms have indeed taken some steps towards making themselves more ‘cyber secure’, they inevitably face an escalating threat when becoming more heavily reliant upon, for example, online distribution channels while would-be attackers grow more sophisticated.

Worryingly, the new Government report notes a significant gap in awareness around the use of insurance, with half of all those companies interviewed apparently oblivious to the fact that insurance is even available for cyber-based risk.

Indeed, the document issues a ‘Call to Arms’ for insurers and insurance brokers to both simplify and raise awareness of their cyber insurance offer while also ensuring companies understand the full extent of their coverage against cyber attack.

In parallel, an analysis recently published by Frost & Sullivan under the banner ‘Impact of Cyber Security Innovations in Key Sectors’ (News Update, pp6-7) finds that the trend towards developing various layers of cyber security in order to nullify attacks aimed at specific network layers has gathered pace.

The increasing number of connected devices, it seems, is multiplying the probability of cyber attacks on companies across sectors. According to Frost & Sullivan, this is “compelling organisations to adopt cyber security solutions” in order to secure computing resources, information, networks and applications. As such, innovations will be “directed towards fortifying sophisticated technologies” such as cloud computing, big data, wireless communication and the Internet of Things.

Francis Maude, Minister for the Cabinet Office, explained: “Insurance isn’t a substitute for good cyber security, but it most certainly is an important addition to a company’s overall risk management procedures. Insurers can help guide and incentivise significant improvements in cyber security practice across industry by asking the right questions of their customers in terms of how they handle cyber threats.”

Mark Weil, CEO of Marsh UK & Ireland, added: “While critical infrastructures in regulated sectors such as banking and the utilities will be well used to this kind of risk, it’s very much the case that most firms are not and their risk management practices are geared around lower-level, slower moving risks. Companies will need to upgrade their risk management regimes quite substantially to cope with the growing threat of cyber attack.”

The overriding message, then, is abundantly clear. Businesses must examine the different forms of cyber attacks they face, stress-test themselves against them and then put in place joined-up recovery plans configured to bring together financial, operational and reputational responses as one.

About the Author
Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications) Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting. In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector. In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute's George van Schalkwyk Award. An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award. Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site. Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media. Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014 and as Editor of The Paper (Pro-Activ Publications' dedicated business newspaper for security professionals) in September 2015. Brian was appointed Editor of Risk Xtra at Pro-Activ Publications in May 2018.

Related Posts