Protecting your fintech against cyber-crime

Large or small, no business is immune to the threat of cybercrime.  With ever-increasing reliance on technology, the consequences of a cyber-attack can range from temporary disruption of trading to complete financial failure. 

Cybercrime continues to evolve in terms of frequency, cost and complexity and the shift to homeworking brought about by the COVID-19 pandemic have seen cybercriminals further increase activity resulting in some disturbing statistics:

  • In the first 6 months of 2020, there was a staggering 715% increase in ransomware attacks compared to the same period in 20191
  • During the pandemic, there has been a reported 600% increase in malicious emails2
  • A business is now 15 times more likely to have a cyber incident compared to a fire or theft3

Whilst more companies are starting to purchase Cyber Insurance, the take-up of cyber cover in the UK remains low. According to Hiscox’s 2020 Cyber Readiness Report, 58% of cyber-security professionals surveyed said their organisations purchased a cyber insurance policy—either as standalone or as an add-on to an existing policy—compared to 41% in 2019

Some common misconceptions around the need for Cyber Insurance include:

  • Cybercriminals only target large companies 

Whilst cyber-attacks against high profile businesses such as British Airways and Travelex hit global headlines, small businesses are unfortunately not immune to cybercrime. 

Small businesses are often considered low hanging fruits by cyber criminals due to a lack of resources to invest in IT security and staff training. In 2019 46% of micro and small businesses experienced at least one cyberattack or breach4

  • A traditional insurance programme affords adequate protection for the consequences of a cyber incident.  

Unfortunately, in most cases, this is not the case. Cyber Insurance has evolved specifically to provide protection against emerging risks not catered for by a traditional insurance policy.

  •  IT security will provide adequate protection against cyber incident.

Whilst investment in IT security will inevitably make a company less vulnerable to cybercrime, increasingly sophisticated cybercriminals are capable of overcoming even the most robust of security systems

In addition, IT security cannot provide protection against the weakest link in any company’s security systems– human error. The UK Information Commissioner’s Office reported that the vast majority (90%) of UK cyber data breaches in 2019 were caused by human error5

The scope of cover provided under a cyber insurance policy may include (but is not limited to):

  • Costs to recover and/or recreate lost data and restore computer systems following a security breach
  • loss of revenue/profit increased cost of working and loss of future customers due to reputational damage following a cyber event
  • Legal liability as a result of a breach of personal data /confidential information
  • Inadvertent breach of intellectual property rights via cybermedia 
  • Financial loss as a result of social engineering attacks such as phishing scams

Importantly, however, one of the most valuable and often overlooked benefits of a Cyber policy is the critical incident support services provided in the event of a cyber incident to help a policyholder navigate both the immediate aftermath and the longer-term consequences of a cyber attack.

Critical incident support services include:

  • 24/7 access to IT forensics, data breach/legal experts and public relations advisers, to provide support in the event of an actual (or suspected) cyber incident
  • Support in complying with data protection legislation and notification obligations following a data breach
  • Access to specialist ransom and extortion advisers

 

For more information please contact garry.hill@pib-insurance.com