Many insurers, MGAs and brokers have now successfully transitioned to remote working operations over the last two or three weeks. That does potentially raise more risks, as staff use a variety of devices to access work related emails.
Now, new research amongst 1,000 UK business leaders has further confirmed that cyber issues are having a major impact on UK businesses – often costing much more than the immediate value of data stolen.
Analysis from Gallagher found that while 14% of firms said cyber-attacks had impacted them in this way, a similar 14% said they had taken a reputational hit – something which in the long-run could cost them valuable customers – and 12% said it had a financial impact, possibly relating to fines. The EU General Data Protection Regulation (GDPR), for example, now means a data breach could mean a fine of up to 4% of annual turnover.
Employees seem widely to be regarded as a weak link for most firms’ cybersecurity efforts. Seventy-one percent of business leaders say they worry about human error causing a cyber-issues, while 64% say they remind employees about the risk cyber-crime presents. This is understandable as according to Gallagher, among businesses who have experienced a cyber-issue, 39% said breaches related to malware where an employee clicks on fraudulent link. A further 35% said staff had been caught out by a phishing emails. Another potential weak spot are events like webinar platforms where hackers can try to access company meetings.
Despite the huge cost of cyber-breaches and the fact many bosses worry about their employees’ ability to prevent them, however, the majority of UK businesses rely on off-the-shelf technology to safeguard themselves. Just 39% have consulted with external experts on how to tailor their cybersecurity measures – potentially offering criminals a way into their digital operations.
There is some useful research from AJ Gallagher here by the way.
Commenting on the findings, Tom Draper, Head of Cyber at Gallagher, said,
“Cyber criminals have become increasingly sophisticated with ways of trying to obtain access to data or a company’s system and it’s hard to remove the risk of human error entirely. However, by businesses taking a comprehensive, multi-layered approach to cybersecurity – including ensuring they have the appropriate insurance in place, establishing effective training programmes for employees and implementing technologies that secure the most sensitive data – they can save both money and resources in the long run.”