Cyber-attacks, in all manner of variants, rose to unprecedented levels in 2016 and the world seemed to truly start waking up to their considerable risk, damage, and costs. And well we might, because the predictions for 2017 and beyond are that, this is a risk that is only going to grow.
Make no mistake, there’s almost no threat to a business currently greater than those posed by cyber-attack, with 85% of business leaders surveyed suggesting they are more concerned about an attack of this kind than any other risk in their business. An attack, hack or attempted breach on your business’ digital network or IT system is no longer a case of ‘If’ but ‘when’ and has been called “one of the most significant technological challenges of the next decade” for businesses the world over.
Barely a week goes by without some high-profile attack being reported. In just the final few months of last year did we see calamitous breaches at Yahoo and Tesco Bank; not to mention the allegations of electoral interference that have come out of the Trump v Clinton campaign; of which we have unlikely heard the last.
But if you think these attacks are the preserve of the high-profile, and that your small operation is too far below the radar to be a target, then think again. SMEs are very much in the cross-hairs, targeted by cyber-criminals.
These are not small matters, not by a long-stretch. The average cost of an attack on a business is estimated to be in excess of £300,000 – a figure eye-watering enough to put many SMEs out of business. Add in the untold damage to reputation, trust, and customer relations, and you have the potential for some extremely gloomy scenarios.
For those working in the regulated sectors, the threat can be particularly ominous; given the compliance issues surrounding data breaches and compromise.
As company directors, board members and business leaders wake up to this considerable threat, so there is sure to be an increase in the demand for mitigation, protection, and cover. Quite simply, when the threat of a potentially devastating attack is so real, why would you NOT seek cover to protect against it?
So, what are the risks?
Cyber-attack is a bit of a catch-all title; not really reflective of the fact that such threats can arise in any number of ways. So, if you’re to try and mitigate the risk, you need to know the types of risks you’re mitigating against. Such as these nasties that were ‘all the rage’ in 2016, and look set to continue wreaking havoc in 2017.
The practice of phishing is one of the oldest types of cyber-threat; it’s been around for just about as long as the existence of emails. But where as once these ‘spammy’ emails would be nefarious attempts to look like your bank in an attempt to gain personal details, these days things have gotten a lot more subtle, and a whole lot more nasty.
Modern spear-phishing tends to take the form of a seemingly official (and innocuous) email sent to a business address. They come from individual names, posing as customers or partners or similar; and will have an ‘invoice’, ‘delivery note’ or some other type of attachment that the recipient might be used to receiving on their daily workload.
Attachments that will contain malware that can cause untold damage.
Spear-phishing was the single largest vehicle for attacking a business for cyber-criminals in 2016, and its effectiveness and simplicity of attack will ensure that this remains a major threat in the months ahead. And, with significant increases in social media phishing, this a vulnerability ripe for protection and cover.
This is potentially one of the scariest threats currently faced by businesses across all sectors. Again, not an especially new threat, but one that became very prominent and extremely pervasive in 2016.
Ransomware is a nasty piece of malware that, if it gets onto your system, locks you completely out – essentially hijacking your network and all the data upon it, until you pay a ‘ransom’ to the culprit to ‘free’ the system.
Why should we fear this, in particular?
Because, if you are hit, there really is, according to the FBI only one way to rectify the problem: PAY UP.
Ransomware attacks are expensive – in some cases extortionately so – and hugely damaging to the reputation and trust of an organisation. And when a financial settlement is the only way out, after an attack, then businesses really do need to be considering what kind of cover they can get, should the worst occur.
Cyber-attacks are expensive, damaging, and virtually inevitable
Companies large and small are slowly waking up to the considerable, and near inevitable risk posed from cyber-attacks. It’s the reason that there’s increased investment in cyber-security measures, and that the issue is migrating from the IT department to the C-Suite in terms of importance.
But given the potential consequences, both financial and cultural, that an attack can deliver, it surely behoves business leaders to explore the appropriate cover in the same fashion they might protect against storm, flood, or fire.
Their challenge is to understand the cover they need. The industry’s challenge, to demonstrate the cover that’s available.