Blog: Cybercrime - it’s time to make the protection as real as the threat



Gordon Duncan
Gordon Duncan

By Gordon Duncan, partner and head of corporate at Lockton Companies LLP

 

It is one of the more dispiriting aspects of the human condition that any advance in knowledge or ingenuity is almost immediately subverted by the criminal mind and bent to the pursuit of ill-gotten gains.

So it was with the internet, the early days of which promised so much in terms of the liberation of information. Now it is a hotbed of criminality, and the thief’s den of choice for those who no longer need to physically go out and rob someone.

Cybercrime is now a fact of life, seemingly as inescapable as death and taxes. And it is a particular headache for businesses, for whom the web is the artery through which the lifeblood of commerce flows.

Companies are no longer being targeted by the traditional lank-haired teenager in the back bedroom. Organised crime is in on the act and the Centre for Economics and Business Research estimated last year that cybercrime costs UK business £34 billion a year, including £18 billion in lost revenue.

Large businesses - the most lucrative targets - are still the primary victims, with 90% having experienced a breach, according to the2015 Information Security Breaches Survey, compared with 74% of smaller enterprises.

It’s not as if business is not thinking about this. Much corporate soul-searching goes into finding ways to offset risk in the new digital environment, and the most obvious way to do that is to put in place insurance cover.

But the staggering fact is that, while 52% of businesses believe that they have cyber attack cover in place, the fact is that less than 10% actually do. That leaves the vast majority of British businesses tragically vulnerable.

It is hardly surprising that uptake of cyber liability insurance has been most prevalent in jurisdictions, such as the US, where there are mandatory requirements for data breach notification.

Mandatory notification is now being introduced in the UK, from May 2018, through the mechanism of the EU’s General Data Protection Regulations, and it is very unlikely that this will be halted by any aspect of Brexit negotiations.

As the costs of a security breach rise - the expense and brand damage implicit in notifying affected users can be horrendous - cyber liability insurance will come to seem as sensible a precaution as fire and flood.

But the complexities of information security are daunting, and the first step for potentially-affected businesses will be to engage with a reputable and professional broker who can cast a net widely and expertly over the teeming shoals of insurance providers.

It is vital for businesses to be transparent with a broker about expenses, costs and any exclusions which might militate against a claim. The primary aim - now and for the foreseeable future - is to identify a broker who can, in turn, identify the company needs and vulnerabilities and tailor a policy to accurately reflect those risks.