Cyber and the legal landscape

Posted: 07 August 2020

Cyber attacks are increasing in both complexity and frequency, with almost half of businesses (46%) suffering a cyber security breach or attack over the last twelve months.1

Rapid digitalisation of businesses coupled with organisations holding significant amounts of sensitive data has led opportunistic cyber criminals to steal information. Regulation is therefore continually evolving in order to keep pace with new and emerging cyber and data security threats.
 

Cyber and Covid-19

Fears around the potential for cyber security incidents intensified during the Covid-19 (coronavirus) pandemic as many businesses were required to rapidly adopt widescale remote working for their employees. Companies were suddenly faced with balancing a need to keep their workforce online while ensuring systems and networks remained secure, particularly where personal, non-corporate devices were used. Video conferencing apps such as ‘Zoom’ experienced a steep increase in usage during lockdown and consequently became a target for hackers. In response, the National Security Cyber Centre issued guidance for individuals and organisations, warning of cyber criminals exploiting the pandemic for commercial gain through activities such as social engineering methods and phishing emails.
man working from home in kitchen

Directors' responsibilities

While the pandemic shone a further spotlight on cyber security, company directors had already been reminded of their data security duties during the implementation of the General Data Protection Regulation (GDPR) in May 2018. Sitting alongside the UK’s Data Protection Act, GDPR placed ultimate responsibility upon directors and officers for GDPR compliance, leading many to review their cyber security measures and consider the benefits of D&O insurance. 
Statista predicts there will be 75 billion internet-connected devices worldwide by 20252

Code of practice for consumer IoT security

In October 2018 the Government published a Code of Practice for Consumer Internet of Things (IoT) Security aimed at updating laws relating to the manufacture and sale of consumer smart devices in the UK. With predictions of 75 billion internet-connected devices worldwide by
20252, it’s recognised that compromised IoT devices could present a significant threat, especially when connected to other appliances. The new law is designed to ensure such devices are built to communicate securely and that personal data is protected. It’s possible insurers will need to design new products and services for the IoT industry in line with this new legislation.

Insurers and cyber

Of course, insurance companies are themselves not immune from cyber attacks. Cyber criminals know that insurers hold vast amounts of data and personal information on policyholders and this information can be extremely lucrative. However, financial and insurance businesses are also more likely to have some sort of insurance cover against a breach and to monitor potential supplier risks.3

Summary

Cyber remains a relatively new risk and so regulation is still largely playing ‘catch-up’. As the landscape evolves, insurers and brokers must keep abreast of such regulation to support their role in designing suitable insurance solutions and also in their capacity as risk management advisors.
Christian Simpson
Senior Cyber Underwriter

1 Cyber Security Breaches Survey 2020: Department for Digital,Culture, Media & Sport Culture, Media & Sport

2 Statista. Internet of Things (IoT) connected devices installed

base worldwide from 2015 to 2025. 

3 Cyber Security Breaches Survey 2020, Department for Digital, Culture,Media & Sport Media & Sport