Cyber – the growing peril

Cyber risks are a growing threat. According to the World Economic Forum Global Risks Report 2018, cyber attacks are the third most likely risk facing the globe, after extreme weather events and natural disasters, and the sixth biggest risk in terms of potential impact.

To put this into perspective, cyber attacks were not in the top five risks by likelihood or impact at all in 2017, and cyber attacks have not been in the top five in terms of likelihood since 2014. It is also one of just five risks to appear in both top 10 lists.

“Attacks against businesses have almost doubled in five years, and incidents that would once have been considered extraordinary are becoming more and more commonplace,” the report said. “The financial impact of cybersecurity breaches is rising, and some of the largest costs in 2017 related to ransomware attacks, which accounted for 64% of all malicious emails.

“Notable examples included the WannaCry attack – which affected 300,000 computers across 150 countries – and NotPetya, which caused quarterly losses of US$300 million for a number of affected businesses.”

Accenture’s 2017 Cost of Cyber Crime study found that last year, on average, companies were subjected to 130 breaches every year, compared to 104 a year earlier and just 68 a year in 2012.

Malware was the biggest threat, with 98% of those companies suffering a cyber breach falling foul of a malware attack, compared to 69% being victims of phishing and social engineering attacks and 67% of web-based attacks.

Cyber a problem for SMEs too

And it is not just big corporates or large institutions such as the NHS that are at risk of cyber attacks.

The National Cyber Security Centre (NCSC), which is responsible for the underlying security of the UK’s internet and is part of the government’s communications security service GCHQ, says that around one in two SMEs will experience a cyber breach, and that for micro and small businesses such a breach could run up costs of around £1,400 – much more than the cost of most small business cyber insurance policies.

And with the cyber threat facing UK businesses evolving at an ever increasing rate, the approach to managing cyber risks, and the insurance that makes up part of that defence, also needs to evolve.

Writing in Aon’s 2018 Cybersecurity Predictions: A Shift to Managing Cyber as an Enterprise Risk report, Aon Cyber Solutions chief executive Jason Hogg says this requires a more holistic approach to risk management, something SMEs can learn from.

“Companies’ increasing reliance on technology, regulators’ focus on protecting consumer data, and the value of non-physical assets are causing a convergence of cyber exposures that will require security to be integrated into both business culture and risk management frameworks,” he says.

“Today’s silo-driven approach to cyber risk management will begin to disintegrate in 2018, in favour of a coordinated C-suite driven approach as leading companies begin to view the impact of cyber risk holistically across all functions of the enterprise.”

A growing opportunity

For brokers, this presents a fantastic opportunity for taking cyber insurance products to new customers, and making them aware of the benefits that cyber insurance can bring in terms of mitigating the damage should a cyber attack target a company, and provide financial assistance to put the company back on its feet.

The cyber insurance industry can also find encouragement from the fact that businesses are starting to become more aware of the threat that cyber attacks present for their business, with a survey from Marsh finding that 64% of businesses classed cyber threats as a top five risk in 2017, compared to just 32% in 2016.

The World Economic Forum’s report found similar results, with almost a third of UK businesses ranking cyber attacks as a risk of high concern for being able to do business, with only fiscal crises (36%) and asset bubbles (36%) being picked more often.

And with the incoming GDPR changes introducing fines up to 4% of global revenue for failure to comply with data security requirements (find out more on p6), there has never been a better time for a company to purchase cyber insurance.

It is now up to insurers to make the policies that SMEs need, and for brokers to sell the benefits of taking out coverage.