Rapid digitalisation of businesses coupled with organisations holding significant amounts of sensitive data has led opportunistic cyber criminals to steal information. Regulation is therefore continually evolving in order to keep pace with new and emerging cyber and data security threats.
Cyber attacks are increasing in both complexity and frequency, with almost half of businesses (46%) suffering a cyber security breach or attack over the last twelve months.1
Cyber and Covid-19
Fears around the potential for cyber security incidents intensified during the Covid-19 (coronavirus) pandemic as many businesses were required to rapidly adopt widescale remote working for their employees. Companies were suddenly faced with balancing a need to keep their workforce online while ensuring systems and networks remained secure, particularly where personal, non-corporate devices were used. Video conferencing apps such as ‘Zoom’ experienced a steep increase in usage during lockdown and consequently became a target for hackers. In response, the National Security Cyber Centre issued guidance for individuals and organisations, warning of cyber criminals exploiting the pandemic for commercial gain through activities such as social engineering methods and phishing emails.
Directors' responsibilities
While the pandemic shone a further spotlight on cyber security, company directors had already been reminded of their data security duties during the implementation of the General Data Protection Regulation (GDPR) in May 2018. Sitting alongside the UK’s Data Protection Act, GDPR placed ultimate responsibility upon directors and officers for GDPR compliance, leading many to review their cyber security measures and consider the benefits of D&O insurance.
Code of practice for consumer IoT security
In October 2018 the Government published a Code of Practice for Consumer Internet of Things (IoT) Security aimed at updating laws relating to the manufacture and sale of consumer smart devices in the UK. With predictions of 75 billion internet-connected devices worldwide by
20252, it’s recognised that compromised IoT devices could present a significant threat, especially when connected to other appliances. The new law is designed to ensure such devices are built to communicate securely and that personal data is protected. It’s possible insurers will need to design new products and services for the IoT industry in line with this new legislation.
20252, it’s recognised that compromised IoT devices could present a significant threat, especially when connected to other appliances. The new law is designed to ensure such devices are built to communicate securely and that personal data is protected. It’s possible insurers will need to design new products and services for the IoT industry in line with this new legislation.
Insurers and cyber
Of course, insurance companies are themselves not immune from cyber attacks. Cyber criminals know that insurers hold vast amounts of data and personal information on policyholders and this information can be extremely lucrative. However, financial and insurance businesses are also more likely to have some sort of insurance cover against a breach and to monitor potential supplier risks.3
Summary
Cyber remains a relatively new risk and so regulation is still largely playing ‘catch-up’. As the landscape evolves, insurers and brokers must keep abreast of such regulation to support their role in designing suitable insurance solutions and also in their capacity as risk management advisors.
About the author
1 Cyber Security Breaches Survey 2020: Department for Digital,Culture, Media & Sport Culture, Media & Sport.
2 Statista. Internet of Things (IoT) connected devices installed
base worldwide from 2015 to 2025.
3 Cyber Security Breaches Survey 2020, Department for Digital, Culture,Media & Sport Media & Sport.
