Technology has also allowed businesses to collect vast amounts of data, assisting in their growth and development. Alongside the benefits, there are increased risks, including those of breaching laws and regulations designed to protect personal data, such as GDPR, and from criminals looking to exploit businesses’ reliance on technology, for example, by way of ransomware attacks and phishing scams. Though technology can remove an element of human involvement, it is still there and with it the risk of human error, where a single seemingly minor mistake can have significant detrimental consequences for a business. In fact, the UK’s Information Commissioner reported 90% of reported cyber data breaches were caused by human error. The efficiencies of technology have also contributed to an expectation of prompt delivery of goods and services. If you can’t do it, someone else will. These are all challenges that many businesses now face which may previously not have featured very highly on their risk register.
Though it is reported by the Department for Digital, Culture, Media & Sport that 78% of UK businesses identify cyber security as a high priority for their senior management with 32% of businesses having identified breaches or attacks in the last 12 months including phishing attacks, and others impersonating an organisation in email and ransomware attacks, the Association of British Insurers advised that only 11% of businesses are thought to have specific cyber insurance. With the majority of businesses not incorporating specific cyber cover into their insurance programme, the concern is they may rely on their traditional commercial insurance programme, which may have changed little over the years, to adequately cover these emerging and fast-evolving risks. Unfortunately, most of those traditional commercial policies are not equipped or intended to provide the broad range of covers needed, for example:
There is always going to be an exception to the rule, but even if the cover is provided it is unlikely to fully address the risks that a business is exposed to from a cyber incident. As cyber incidents have increased, the specific cyber insurance product has been evolving. As well as providing businesses with the financial and legal support needed following an incident to ensure minimal disruption and loss of profit to the company, many cyber insurers are taking a more holistic approach to their clients’ risks by assisting them in preventing incidents or, should an incident occur, minimising their disruptive effects in monetary terms and on their hard-won reputation.
There is still a lot of variance in cyber products offered by the market, with different insurers providing varying degrees of cover and risk management services. It is therefore critical that a business works with a broker who has the expertise to align the risks faced by the business with the most suitable cyber insurance product.
Technology is here to stay and in the future, it is only expected to feature to a greater extent in our business activities, as will the associated risks. Businesses who have not already considered these risks and identified how they can be addressed may, with the click of a link in an email, be left counting the cost.