Cyber business interruption is considered by 49% of businesses to be their biggest concern in the event of a cyber breach according to the Institute of Directors recent policy report “Cyber Security; underpinning the digital economy”
The report, sponsored by Barclays carried out a survey of 1000 businesses which showed that one in eight members suffered damage as a result of a cyber business interruption attack. Of this 11% suffered actual financial loss which demonstrates that cyber crime can impact on the balance sheet of businesses in a significant fashion. Interestingly only 28% of these incidents were reported to the police.
Some other highlights of the Institute of Directors Policy Voice Survey were as follows:-
- 57% had a formal cyber/information security strategy in place
- 49% said they provided cyber awareness training for employees
- 43% didn’t know where their data was physically stored
- 72% experienced social engineering scams
- 20% hold cyber insurance (with 21% unsure if they did have this)
- 21% are considering the purchase of cyber insurance
The survey demonstrates that cyber security is taking a much higher profile within businesses and they are now actively improving their cyber security but there is room for considerable improvement. There were many key moments in 2015 with the high profile breaches of TalkTalk and Ashley Madison which has made businesses look up and think ” could this happen to us”? The answer is of course “yes” and in fact could be happening right now with an average breach taking six months to discover.
Richard Benham, Professor of Cyber Security Management , the author of the report has identified four key trends that are likely to become increasingly important in the coming years:-
- Cyber in the boardroom – cyber risk is now at boardroom level and cyber risk strategies are likely to be formulate here.
- Cyber education – the UK government will play an important role through the promotion of Cyber Essentials and the instigation of courses such as The National Awareness Course.
- The Cloud – this will rise in prominence but businesses most not ignore the management of their data.
- Cyber insurance – this form of insurance has developed in recent years to cover both first and third party exposures of a businesses , whilst still an evolving product it is being considered by more businesses and this is likely to increase.
The Institute commented “Our report shows that cyber must stop being treated as the domain of the IT department and should be a boardroom priority. Businesses need to develop a cyber security policy, educate their staff, review supplier contracts and think about cyber insurance.”
The report concludes highlighting that cyber security is an international threat, the suggested key is to have in place a credible plan that can assess the large spectrum of threats and how these can best be managed by a business.
UK businesses can achieve this through robust cyber security management , this should be complemented with cyber insurance on the basis that coverage is appropriate for the business and that it is not recognized to be the “cure for all evils” in the cyber threat landscape that exists today.
A cyber insurance policy can provide coverage for cyber business interruption by way of standard coverage or a bespoke policy endorsement therefore helping a business to manage this cyber peril.