The cyber security threats SMEs need to be aware of in 20213rd March 2021
As the world went into lockdown and businesses were forced to move to remote working, cybercriminals have been thriving on the weakened security status of businesses. On average, it is estimated that cyber-attacks have increased fivefold during the last 12 months, and is likely to continue to rise
Matt Drinkwater, Cyber & Financial Lines Underwriting Manager, explains what the future of cyber-attacks may look like and how best to prepare your business
The impact of moving to remote working and using cloud-based software and technologies has undeniably had an impact on the rise of cyber security threats in the past year. Yet, despite being almost a year into a new way of working, many are still falling victim to attacks without appropriate insurance cover.
For example, last year, statistics revealed around 60-70% of UK SMEs suffered a cyber-attack, and amongst those, only 11% had cyber cover. While we are beginning to slowly see a rise in the number of businesses seeking insurance cover after becoming more aware of the risks of cyber-attacks since the pandemic, we still have a long way to go.
Many businesses are now having to play catch-up with IT security and, as a result, are now facing the consequences.
Without the protection of corporate networks at an office base, organisations have become far more vulnerable, which has naturally increased the chances of attackers managing to successfully gain entry into businesses systems. At NMU, we are witnessing an uptick both in terms of severity and frequency of cyber security threats, particularly ransomware and social engineering attacks and its devastating to see the damage it can cause for businesses. It’s not just the potentially crippling financial loss they’re going to suffer in the event of a cyber-attack, but their reputations are also going to be hugely exposed.
As the attackers become more advanced, we are likely to see an increase in targeted and sophisticated incidents in 2021, with attackers focusing their efforts on businesses who can potentially yield a greater financial pay-off. Clever with their approach, we believe that cyber-criminals will begin to target companies who are already under pressure, as they are more likely to cave to ransom demands. Already, the market is witnessing ransomware demands rise from hundreds or thousands of pounds to millions.
Unfortunately, this is the result of businesses being immediately forced to move to new IT systems overnight, which they were not prepared for. Many businesses are now having to play catch-up with IT security and, as a result, are now facing the consequences.
Despite the upsurge in recorded cyber security threats, we are still seeing many SME businesses, and a significant number of bigger firms, still oblivious to the real effects of cyber-attacks and how common they are. One important thing people tend to forget, is that hackers do not discriminate, neither in favour of the size or type of the business. Just because the cyber breach of SMEs isn’t all over the news, does not mean you are exempt. And while awareness is certainly better than it was twelve months ago, we are still seeing an increase in the number of businesses looking for insurance cover once they have suffered an attack, which is far from an ideal situation for anybody involved.
In 2021, businesses need to be pro-active in their outlook to cyber-security and seek the appropriate cover before it is too late. When looking for a cyber insurance policy, along with the expected first person and third party covers and extensive cybercrime sections, we would advise to pay close attention to the integrated cyber response service provided by an insurer. That is the backbone of any cyber policy and what will help you in the event of an incident. You should also delve into what the service provider provides and make sure that is a recognised market-leading company, which offers technical forensic investigations, cyber incident management and legal advice.
The strongest and weakest links in a business’ armoury is human error.
And while insurance cover is invaluable, there are also several simple steps all businesses must take to prevent an attack. Just as you wouldn’t invest in home insurance and proceed to leave your front door open, cyber insurance is no different. View your systems as virtual doors and protect them at all costs! Just a few of our suggestions would be to ensure you have strong passwords or phrases, adjust the settings in your e-mail to cut our phishing emails, apply multi-factor authentication for network logins and secure any sensitive data with encryption. Our article on ‘Protecting against cyber attacks during the lockdown‘ gives more information.
But, as always, the strongest and weakest links in a business’ armoury is human error. Take the time to train and educate your workforce on the signs and risks of cyber-attacks and how they can individually play a role in preventing a cyber breach from happening.
For more information about CyberSafe Insurance or our e-trade solution, contact your NMU Development underwriter or our cyber team;