Help and Contact
Search
Help and Contact

Christian Simpson, Senior Cyber Underwriter on

Why no business or sector is immune from cyber threats

Posted: 24 November 2020

It’s no longer just large corporate organisations which face the threat of cyber attacks. 

Increasingly, evidence shows that businesses of all shapes, sizes and sectors can experience a cyber attack as companies become progressively digitalised and deal with sensitive data which acts as a lure for cyber criminals. A 2020 report revealed that almost half (46%) of businesses had experienced a cyber attack or breach over a 12 month period, up from 32% the previous year.1

Large organisations vs. SMEs

 

Cyber attacks can be expensive. According to research from the Ponemon Institute, the average total cost of a data breach for a UK company is £3.1 million.2  Whilst this can be hard enough for large organisations to swallow, it could mean ‘game over’ for smaller enterprises. 

Not only are SMEs unlikely to have the same financial resources available as their larger counterparts for equipping themselves with cyber security software or sophisticated IT systems, but they’re also less likely to have IT teams, human resources or legal departments to assist where a breach occurs. Costs in the form of financial penalties, legal costs or those associated with reputation management can also add to the financial burden.

£3.1 million is the average total cost of a data breach for a UK company

81% of UK SMEs had suffered a data breach or cyber attack

 

Regardless, a 2020 report revealed that 81% of UK SMEs had suffered a data breach or cyber attack, with 37% confirming multiple breaches.3  There’s a suggestion that some hackers use smaller businesses as a ‘gateway’ to larger organisations. This works by penetrating a smaller company’s network and gaining access to a larger, partner company’s data and information through shared connections and platforms.

Raising awareness of cyber security is essential, as it’s often an innocent employee who inadvertently lets the criminals in; as many as 90% of cyber data breaches were found to be caused by human error in the UK in 2019.4

Cyber threats across different sectors

Whilst no business is immune, certain industries appear to be more targeted than others. Recent data5 showed that the industries which had experienced the highest number of breaches included the healthcare, IT & telecommunications and legal sectors. There are a number of factors which increase the vulnerability of a business to cyber threats.

Sensitive data

Any business which stores sensitive and/ or personal data is of interest to cyber criminals since they can seek to sell this information for profit.; this covers a wide range of sectors from healthcare to financial institutions and educational establishments. The NHS is one such example since it keeps highly sensitive information including medical insurance details, National Insurance numbers and medicine records. In May 2017, the WannaCry ransomware attack prompted NHS England to declare a major cyber security incident which resulted in an approximate overall direct cost to the NHS of £92m with over 19,000 appointments cancelled.

Relationships with third parties/ suppliers

As globalisation results in more interconnected supply chains, the risk of an attack originating through a supplier or third party increases. Many suppliers or parties can contribute to a single product or service and essentially, the more touchpoints, the greater the risk.

Organisations may struggle to gain a clear idea of security vulnerabilities in their wider supplier eco-system due to proprietary data privacy regulations or where upstream or downstream suppliers are distant in the supply chain and based abroad. The automotive industry is one such example.

Increasingly, many legal firms are choosing to partially or totally outsource services to external suppliers. The sensitive information and large amounts of money held by law firms makes them attractive targets for cyber attacks. Further, the increasing use of robotics and automation introduces new attack surfaces which can be exploited by cyber criminals. In 2018. the National Cyber Security Centre6 reported the most significant types of attacks on law firms as phishing (where an entity posing as a legitimate institution seeks to obtain sensitive information), data breaches and ransomware attacks.

Inadequate IT systems

In today’s world, most businesses rely on some sort of IT system or etrade platform, but where these are old or unsupported, they can provide an easy access point for cyber criminals. Conversely, overly complex IT systems can also pose issues due to poor patching or where they ‘talk’ to third party networks. Ransomware, DDoS (distributed denial of service) and SQL Injection are some common types of attack on IT systems. The latter, SQL Injection, is an extremely well known and easily avoidable attack that involves cyber criminals exploiting system vulnerabilities, for example by inserting code into the website search bar which enables them to amend, interact and extract from databases.

 In October 2015, telecommunications company TalkTalk reported it had been subject to a SQL Injection attack, which enabled thieves  access customers’ personal data including names, addresses, dates of birth and financial information. In total 156,959 customers’ personal details were accessed, including the bank details for 15,656 customers. A problem was first identified when internal reports showed its network was operating more slowly than normal. Further investigation found there had been an attack and TalkTalk replaced its websites with a holding page, reported the data breach to the Information Commissioner’s Office (ICO) and started telling its customers. The ICO’s investigation found that TalkTalk had failed to take appropriate measures to keep its customers’ personal data secure and issued its largest ever fine at the time - £400,000.

security on computer

Summary

Whilst certain cyber trends can be observed with relation to type and size of organisation, it’s evident that cyber poses a threat to all businesses which deal in data. Sadly, even charities are not immune, with over a quarter (26%) having reported a breach7.

Robust risk management measures and education on the right cyber-security behaviours are key to helping to prevent an attack or breach from occurring in the first place – and this is what our third and final article in this series will focus on.

About the author

Christian Simpson
Senior Cyber Underwriter

1 Department for Digital, Culture, Media & Sport. Cyber Security Breaches Survey 2019.

2 Ponemon. Cost of a Data Breach Report

3 OGL Computer  State of Technology at UK SMEs: 2020 Research Report. p11

4 CybSafe analysis of data from the UK Information Commissioner’s Office

5 OGL Computer  State of Technology at UK SMEs: 2020 Research Report. p11

6 National Cyber Security Centre. The cyber threat to UK legal sector. 2018 p.5

7 Department for Digital, Culture, Media & Sport. Cyber Security Breaches Survey 2020. p3

Related articles

You might also be interested in these other news and insight features:

lady justice in london
lady justice in london

Press release

Allianz prevents 29% more fraud and announces partnership with Clearspeed

Allianz’s personal lines business has reported a 29% increase in fraud prevention in 2023 compared to the previous year. This spans across all types of insurance fraud from motor claims, home claims and application fraud, and the notable rise of ghost brokers.

Read more
interbrand logo
interbrand logo

Press release

Allianz unveils plan for Olympic Games themed stand at BIBA 2024

As the Worldwide Olympic and Paralympic Insurance Partner, Allianz has unveiled plans for its ‘Paris 2024’ themed stand when it exhibits at the British Insurance Brokers’ Association (BIBA) Conference on 15 and 16 May.

Read more
blue allianz flags
blue allianz flags

Press release

Gracechurch 2024 Underwriting Quality Marque Achievers Announced

Gracechurch, the independent insurance research consultancy, has awarded its inaugural Underwriting Service Quality Marque to two UK regional market insurers in 2024.

Read more
allianz flags
allianz flags

News

The Bournemouth Symphony Orchestra announce new artistic team

The BSO are delighted to introduce their new artistic team ahead of the orchestras 2024/25 season, as Chief Conductor Kirill Karabits announces new chapter after 15 years.

Read more
white allianz flags
white allianz flags

Press release

Allianz UK achieves CII accreditation for 14th year in a row

Employees at Allianz Insurance are celebrating receiving Chartered Insurers Status awarded by Chartered Institute of Insurance (CII) for 2024. This is the 14th year that the Commercial business has achieved Chartered Status.

Read more

ALP | Insight

Allianz Legal Protection partners with Speed Medical to offer enhanced After the Event proposition

Specialist legal expenses insurer Allianz Legal Protection (ALP) has launched ‘PAID+’ in partnership with experienced medical agency Speed Medical. PAID+ is available to clinical negligence and personal injury law firms.

Read more
woman smiling in a business meeting
woman smiling in a business meeting

Press release

Directors and officers insurance insights 2024

Brendan Husband-Whiting, senior Directors & Officers liability account underwriter at Allianz, outlines the risks directors and officers are facing and explains why insurance cover has never been so important.

Read more
Suspected case of whiplash
Suspected case of whiplash

News Article

Insurance fraud - claims exaggeration

In this article, James Burge, head of counter fraud, Allianz Insurance plc, outlines what constitutes fraudulent exaggeration, the impacts on the policyholder and how we should work together to reduce the frequency of claim exaggeration.

Read more
blue allianz flags
blue allianz flags

Press release

World’s #1 insurance brand Allianz boosts presence in UK consumer market

Global insurance giant Allianz is today bringing the world’s number one insurance brand to individual consumer motorists in the UK.

Read more
dj on stage
dj on stage

Insight

Do I need DJ insurance? 4 reasons to have the right cover

Don’t know if DJ insurance is right for you? Find out how the right coverage protects you and your equipment in all circumstances.

Read more
white allianz flags
white allianz flags

Press release

Allianz Commercial names Baillie Peacock branch manager for Chelmsford

Baillie, who previously worked for Aon, will be responsible for delivering the commercial strategy and objectives for the Chelmsford branch as well as fostering relationships with stakeholders and brokers.

Read more
blue allianz flags
blue allianz flags

Press release

Allianz Commercial strengthens regional distribution

Allianz Commercial has announced the appointment of four regional distribution managers covering the South, North, London, Midlands and the South West regions to ensure that brokers across the UK are fully supported within the market.

Read more
white allianz flags
white allianz flags

Press release

Allianz Commercial names Lynn Taylor Birmingham Branch Manager

Lynn, who joins Allianz from Aviva, will be responsible for all trading activity across the Midlands commercial insurance market, working in close partnership with Allianz’s Distribution teams to effectively establish the Allianz Commercial brand throughout the region.

Read more
allianz volunteers with the youthsport trust
allianz volunteers with the youthsport trust

Press release

Allianz and the Youth Sport Trust launch 'MoveNow' festivals

Following the success of the Dare To Believe Festivals in 2016 and 2018 Allianz in the UK is working with the Youth Sport Trust to launch the MoveNow Festivals for 2024.

Read more

Press release

Allianz Group announces revenue of £6.5bn in UK

Full year results for Allianz Group released today reveal that the organisation continued its strong growth in the UK in 2023, achieving a total revenue of £6,563.2m.

Read more
Follow us