British Airways, Marriot Hotels, WannaCry, Wonga to name just a few and now Travelex. The roll call of companies hit by a cyber attack grows ever longer. The disruption and knock-on effects of this cyber menace grows greater and more widespread. The WannaCry ransomware attack of 2018 left the NHS reeling and led to the cancelation of 19,000 medical appointments; the Wonga cyber attack of 2017 compromised confidential data of 245,000 UK customers. To add to these, there have been major data breaches at British Airways and Marriot Hotels which have led to record-breaking Information Commissioners Office (ICO) fines of £183 million and £99 million respectively.
While attacks on big businesses draw headlines, businesses of all sizes are regularly affected by cyber attacks from phishing to ransomware. Hiscox estimates that 55% of UK companies experienced at least one cyber attack in 2019, often with devastating data loss, business interruption and lost revenues. The scale of the threat to business is beginning to hit home, with a recent Allianz Risk Barometer ranking cyber incidents as the top business risk globally for the first time. Yet most companies are unprepared for or protected against this growing risk.
Insurance is one key mechanism that companies can employ to minimise the risk of a cyber attack and to recover quickly if one should occur. Despite this, market penetration rates for cyber insurance are very low, with some surveys suggesting that only between 2% and 20% of businesses have some level of cover in place. Of these, SME’s are particularly under protected, perhaps wrongly believing that they are not at risk and as such, do not need the range of support services that cyber insurance products provide.
Today, cyber insurers provide a range of services that not only give financial assistance in the event of a cyber attack, covering the business interruption costs that are so often the result of a breach, they also give policy holders access to extensive risk management support throughout the policy. This support can address major IT vulnerabilities within the businesses they cover, whether these are technical in nature or have more to do with people and processes. Insurers also provide access to cyber security experts in the event of a breach to help minimise the impact of an event, restore capabilities in a secure way, and address any vulnerabilities that allowed a breach to take place initially.
The UK government is committed to ensuring greater cyber resilience amongst the businesses of the UK, and insurance has a key role to play in this. Travelex may have been the most recent victim of a cyber attack to hit headlines, but it is unlikely to be the last of 2020. In the coming years, cyber insurers will continue to work hand in glove with those that provide improved cyber security services, to ensure that companies of all sizes have the financial peace of mind and quality technical assistance to weather any storm.