Cyber Criminals Do Not Care Who Falls Victim

Uploaded on 2024-06-12 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Financial

The first thing to know about cyber attacks is that they are not a new thing at all. In fact, the first recorded cyber attack happened almost 200 years ago in France in 1834, when the attackers sold financial information using the French Telegraph System!

To this day there are still many misconceptions around cyber attack, one of them being how vulnerable businesses are to them. There is a belief that smaller businesses are less at risk, but the reality is that all businesses are vulnerable.

Cyber attacks are not necessarily targeted at you, you may just be collateral damage. The criminals simply do not mind who falls victim; they will use ransomware against you, and they will try to extort money from you
We need to stop thinking about cyber attacks as how they’re portrayed in movies. Cyber criminals are sophisticated, with high-end software, and they spend just as much as a top-end global company on the best technology available.

Why Do Businesses Need Cyber Insurance

The truth is that cyber insurance should form part of every business' resilience strategy. In December 2023, the UK Parliamentary Joint Committee on the National Security Strategy (JCNSS) issued a report on ransomware, detailing its impact on businesses and national security, and how difficult it was to recover from such an attack.

One thing that is resoundingly clear from this report is that businesses who have bought cyber insurance fare better than those that have not.

If you get hit with a cyber attack and you have not got the resources to rebound and recover, your business can disappear. You only need to look in the press to see real-life examples of UK companies that have ceased trading because of a cyber-attack.

Outsourcing your IT does not make your business a lesser risk. Criminals are aware of these outsourced companies and if they can successfully infiltrate them, they don’t just get access to one business but potentially hundreds.

If you look at the SolarWinds attack in 2020, that's a classic example of hitting an outsourcer and getting access to a lot of businesses.

Policies

When you buy cyber insurance, it is a case of you get what you pay for. At the lower end of the scale, the £100 policies would provide just one part of the three most important elements of cover - the incident response element.
But if you look at the most comprehensive cyber insurance available, you’ll find protection that’s not just about intervention but also about preventing a cyber-attack in the first place.

When selecting your cover, you need to be looking at what the cover provides rather than the cost. Ultimately, it’s important to remember that this policy can be the difference between your business existing in 12 months and not.

Cyber Secruity Or Cyber Insurance

I think that both are vital. Robust security measures will help you minimise the risk of an incident. There’s no way we’ll ever be able to guarantee with 100% certainty that an attack won’t happen, but having the support of an insurer with specialist services can be the difference between your business existing in 12 months or ceasing.
When we talk about cyber insurance, you'll hear a term called “proactive cyber”, meaning that insurers are going to give you access to tools to help you to manage your risk and mitigate claims if they do occur.

Ideally, you should not consider cyber insurance to be part of your insurance spend but rather part of your IT expenditure.

If possible, you should put it under the control of your IT director and manager as, in the event of a cyber incident, they are going to be the ones dealing with it and trying to get your business back up and running. They are the team who will need access to these tools and support, and they will need it fast.

Worst Case Scenario

The worst-case scenario is that your business ceases to exist. If you watch the news, you will have seen that a very long-established company called Knights of Old suffered an incident last June which they couldn't survive. The BBC report stated the company suffered a cyber incident, and this has cost them their entire business. That incident alone cost 730 people their jobs.

How Cyber Insurance Could Evolve In The Next Five Years

I think ransomware will continue to be a dominant factor that businesses will need to consider very carefully. Ransomware has changed. When it first appeared, it took the form of targeted attacks and the demand for huge sums of money, whereas now it is more of a scattergun effect. They cast the net wide but demand lower ransom fees, so the severity of these attacks is in theory reducing but the frequency is increasing.

This in turn will inevitably lead to increased pressure on the cost of cover from insurers. In the UK, we are seeing new entries into the cyber insurance market so that may potentially offset the increases being levied because of ransomware.

I think risk management will become more important for clients and could be the deciding factor between being offered cover and not being able to obtain cover.

AI is something to keep an eye on. Cyber criminals are very adept at embracing new technology, probably more so than traditional businesses. I've heard of AI being used to dupe a finance director into making a significant payment that they thought they were discussing with their CEO on a video call, only to discover afterwards that it wasn't the CEO on the video call at all, so I think the insurance industry will be looking to harness AI to help counter the threat that is posed by cybercriminals.

Finally, there's always the unknown. If a major global cyber event occurs, what is the cost likely to be and what impact is it likely to have? What will happen in terms of the cover that's available and all the rates and costs of the insurance?

Marc Rocker is Head of Cyber at Towergate Insurance

Image: Unsplash

You Might Also Read: 

Cyber Insurance For Industrial Companies - Its Complex:

___________________________________________________________________________________________

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Britain's Cybersecurity Business Is Booming
Protecting Data In The Remote Working Era »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Cradlepoint

Cradlepoint

With Cradlepoint customers leverage the speed and economics of wired and wireless Internet broadband for branch, mobile, and IoT networks while maintaining end-to-end visibility, security and control.

Woz U

Woz U

Woz U provides best-in-class technology training for Learners, Higher-Ed and Corporations. We focus on the most in-demand occupations such as Software Development, Data Science and Cyber Security.

Total Cyber-Sec

Total Cyber-Sec

Total Cyber-Sec is a company specialized in providing Professional Information Security and Cybersecurity Services.

Cog Systems

Cog Systems

Cog Systems offer an embedded solution built on modularity, proactive security, trustworthiness, and adaptability to enable highly secure connected devices.

BlueFiles

BlueFiles

BlueFiles enables users to send encrypted files securely while maintaining full control over recipients, access periods, downloads, and printing.

Tier1Asset (T1A)

Tier1Asset (T1A)

T1A is Europe’s leading IT refurbisher. We offer certified data erasure using blancco on site and at our facilities, providing environmentally sound disposal of your used equipment.

Randstad

Randstad

Randstad provide outsourcing, staffing, consulting and workforce solutions in the USA across a wide range of job sectors including IT and cybersecurity.

VirtualArmour

VirtualArmour

VirtualArmour is a managed security services provider with global reach and local attitude.

Cyber Dacians

Cyber Dacians

Cyber Dacians offers Information and Cyber Security Consulting Services. We help you to test the effectiveness of your security defenses and build a secure infrastructure.

Alcon Maddox

Alcon Maddox

Alcon Maddox is a niche recruitment and executive search firm specialised in sourcing exceptional Cyber Security sales and commercial leadership talent. Serving clients across the Middle East & Europe

Presidio Identity

Presidio Identity

Presidio Identity offers a digital-native approach that brings security, privacy, and simplicity to user authentication and digital interactions.

Ampcus Cyber

Ampcus Cyber

Ampcus Cyber specialize in providing comprehensive security solutions and services that are tailored to safeguard our clients' networks, infrastructure, and valuable assets.

Blockfence

Blockfence

Blockfence are a seasoned crew versed in enterprise-grade cybersecurity and crypto, on a mission to collaboratively shape the future of Web3 security.

Cytidel

Cytidel

Cytidel is a vulnerability and risk management platform that utilises threat and business intelligence to help IT Security teams.

BlackSwan Technologies

BlackSwan Technologies

BlackSwan Technologies is reinventing enterprise software through Agile Intelligence for the Enterprise – a fusion of data, artificial intelligence, and cloud technologies.

Equixly

Equixly

Equixly is revolutionizing application security by empowering developers and organizations to build more secure software, elevate their security posture, and stay ahead of emerging threats.