Last year, over 80% of large-scale UK businesses suffered a cyber security breach. On the back of that rather alarming statistic, a detailed report just published by the Government and Marsh – the insurance broker and risk advisor – outlines new joint initiatives devised between Westminster and the insurance community designed to help organisations come to terms with cyber risk and, importantly, establish cyber insurance as part of their dedicated security management toolkits.
‘UK Cyber Security: The Role of Insurance in Managing and Mitigating the Risk’ finds that, while larger firms have indeed taken some steps towards making themselves more ‘cyber secure’, they inevitably face an escalating threat when becoming more heavily reliant upon, for example, online distribution channels while would-be attackers grow more sophisticated.
Worryingly, the new Government report notes a significant gap in awareness around the use of insurance, with half of all those companies interviewed apparently oblivious to the fact that insurance is even available for cyber-based risk.
Indeed, the document issues a ‘Call to Arms’ for insurers and insurance brokers to both simplify and raise awareness of their cyber insurance offer while also ensuring companies understand the full extent of their coverage against cyber attack.
In parallel, an analysis recently published by Frost & Sullivan under the banner ‘Impact of Cyber Security Innovations in Key Sectors’ (News Update, pp6-7) finds that the trend towards developing various layers of cyber security in order to nullify attacks aimed at specific network layers has gathered pace.
The increasing number of connected devices, it seems, is multiplying the probability of cyber attacks on companies across sectors. According to Frost & Sullivan, this is “compelling organisations to adopt cyber security solutions” in order to secure computing resources, information, networks and applications. As such, innovations will be “directed towards fortifying sophisticated technologies” such as cloud computing, big data, wireless communication and the Internet of Things.
Francis Maude, Minister for the Cabinet Office, explained: “Insurance isn’t a substitute for good cyber security, but it most certainly is an important addition to a company’s overall risk management procedures. Insurers can help guide and incentivise significant improvements in cyber security practice across industry by asking the right questions of their customers in terms of how they handle cyber threats.”
Mark Weil, CEO of Marsh UK & Ireland, added: “While critical infrastructures in regulated sectors such as banking and the utilities will be well used to this kind of risk, it’s very much the case that most firms are not and their risk management practices are geared around lower-level, slower moving risks. Companies will need to upgrade their risk management regimes quite substantially to cope with the growing threat of cyber attack.”
The overriding message, then, is abundantly clear. Businesses must examine the different forms of cyber attacks they face, stress-test themselves against them and then put in place joined-up recovery plans configured to bring together financial, operational and reputational responses as one.