Cyber crime - staying a step ahead

Posted: 2 December 2019

“It could be you”. A phrase once used optimistically for a national lottery campaign becomes rather more sobering when applied to the world of cyber-crime. Any business large or small faces the very real threat of a cyber security breach incident and globally, cyber-crime is on the increase, rising by 67% over the last five years1.

A cyber breach can have serious financial repercussions for a business, with losses reaching up to 25% of a company’s revenue2. Potential additional costs range from customer breach notifications, regulatory compliance fines and loss of intellectual property. On an operational level, there may be business disruption and an impact to supply chains, which in turn could lead to reputational damage.

Such attacks may be financially or politically motivated or committed by a disgruntled current or former employee. Types of attack include hacking, ransomware (where a criminal locks down a computer then demands a ransom to restore it) or distributed denial of service (DDoS) attacks. Today we see the development of more sophisticated and devastating viruses (e.g. Shamoon) that are designed to wipe clean computer equipment of all data including boot records, which effectively destroys the machine.

Many businesses may perceive the likelihood of an attack to be minimal, citing protection from IT security software. However, reports of governmental agencies being hacked prove that any organisation is susceptible.

The key actions following a cyber breach are to identify, contain and remove the threat as quickly as possible. However it seems it’s taking longer for companies to do this; the average mean time to contain (MTTC) a breach increased from 66 to 69 days between 2017 and 20183. This is partly due to the increasingly sophisticated nature of such attacks.

Whilst most data breaches occur as a result of a malicious or criminal attack, nearly half of cyber security incidents can be attributed to system glitches or human error. This illustrates the importance of awareness campaigns to educate employees on the right behaviours. It’s important for business leaders to understand their company’s exposure and have incident response, business continuity and IT recovery plans in place. Directors may also want to consider cyber insurance policies which offer pre-breach and post-incident response services as part of cover.

A combination of risk management practices, insurance and robust incident response plans can all help companies prepare for an attack and stay one step ahead of the cyber criminals.

This article was originally published in Modern Insurance Magazine (Issue 41). It may not be replicated in any other publications.

1Ponemon Institute LLC (2019). The Cost of Cybercrime. Ninth Annual Cost of Cybercrime Study. Accenture

2Arthur, J. (2019). Why the mid-market is prone to cyber attack. [online] Grant Thornton UK LLP. Available at: https://www.grantthornton.co.uk/en/insights/why-the-mid-market-is-prone-to-cyber-attack/ 

3Ponemon Institute. 2018 Cost of a Data Breach Study: Global Overview. 2018