The United Kingdom has witnessed a surge in cyber-attacks, impacting businesses, organisations, and individuals alike. In this blog, we’ll explore two scenarios: one where a company suffers a cyber-attack with Cyber Insurance in place and one without to illustrate why Cyber Insurance matters for UK businesses.
The recent NHS Cyber-attack – and what it shows us
Cyber crime hit the headlines again recently when the NHS suffered a ransomware attack in June. Hackers targeted pathology services provider Synnovis, disrupting critical healthcare operations. More than 1,130 planned operations and 2,190 outpatient appointments were postponed at King’s College Hospital NHS Foundation Trust and Guy’s and St Thomas’ NHS Foundation Trust. The attack severely impacted pathology services, affecting patient diagnoses and treatment.
The cyber-attack on Synnovis is believed to have been carried out by the Russian cyber gang Qilin. According to the BBC, the data uploaded to Qilin’s darknet site and Telegram channel includes patient names, dates of birth, NHS numbers, and descriptions of blood tests. It is currently unclear whether test results are also included in the data. Business account spreadsheets detailing arrangements between hospitals, GP services, and Synnovis have also been uploaded.
The NHS incident underscores the importance of robust cybersecurity measures and, just as importantly, Cyber Insurance, which can provide financial protection against ransomware attacks and cover costs related to breach response, legal fees, and business interruption.
Only around four in ten businesses have Cyber Insurance
According to the Cyber Security Breaches Survey 2024 conducted by the Department for Science, Innovation & Technology, half of businesses (50%) report having experienced some form of cyber security breach or attack in the last 12 months. Medium businesses (70%) and large businesses (74%) are particularly affected. The most common type of breach is phishing (84% of businesses).
Among those identifying any breaches or attacks, the average cost for each business (of any size) was approximately £1,205. For medium and large businesses, this cost was approximately £10,830.
While most businesses have implemented cyber hygiene measures, including updated malware protection, password policies, and network firewalls, only around four in ten businesses (43%) are insured against cyber security risks.
To demonstrate the tangible benefits of Cyber Insurance, we’ve created two fictional scenarios that use real events as their foundation.
Scenario 1: Ransomware strikes an e-commerce startup – without Cyber Insurance
A small e-commerce startup sells fresh, organic dog and cat food online. The company relies heavily on its website, customer database, and payment processing systems.
- The cyber-attack: On Friday night the pet store is hit by a ransomware attack. The attackers exploit a vulnerability in the website's content management system (CMS) and encrypt crucial customer data, such as personal information and payment details. They demand a hefty ransom in cryptocurrency in exchange for decrypting the data.
- The aftermath: The pet store’s website goes offline, disrupting sales and customer interactions. News about the breach erodes customer trust, affecting the brand's reputation. The company faces legal liabilities for failing to protect customer data. They consider paying the ransom but worry about encouraging future attacks. The lack of Cyber Insurance exacerbates their predicament.
- Insurance protection: Unfortunately, the pet store, like six out of ten businesses in the UK, didn't prioritise Cyber Insurance, and their existing business insurance doesn't cover cyber-related losses. Without adequate Cyber Insurance, they must bear the costs of investigation, data recovery, legal fees, and potential fines. Worse still, they must arrange these services quickly without knowing where to start. The pet store struggles to recover without financial assistance.
- Lesson learnt: This incident highlights the necessity of taking proactive measures to manage risks. It’s crucial for businesses, especially startups, to invest in Cyber Insurance to minimise financial losses and safeguard against cyber threats.
Scenario 2: A phishing attack targets a high street estate agent – with Cyber Insurance
Our second hypothetical example is an established high street estate agent. It relies on various systems to run its business, including customer relationship management (CRM) and property valuation software and holds sensitive customer data.
- The cyber-attack: A sophisticated phishing attack targets the estate agents. Malicious emails trick employees into revealing login credentials, allowing the attackers to gain unauthorised access to client data.
- The aftermath: Client data is compromised, leading to potential legal claims. Business operations are disrupted, and the estate agent faces reputational damage.
- Insurance protection: The estate agent, however, has comprehensive Cyber Insurance. Its policy covers data breach response, legal expenses, and business interruption. Importantly, the insurer plays a key role in assisting with incident response, cyber forensics, and recovery. The company promptly notifies affected clients and minimises reputational harm, while its Cyber Insurance covers legal costs.
- Lesson learnt: Cyber Insurance allows the estate agents to respond effectively and minimise losses.
Don’t be one of the 57% without Cyber Insurance
To sum up, the 2024 Cyber Security Breaches Survey has shown that businesses, public institutions, and charities in the UK are experiencing more cyber-attacks. It also revealed that only four out of ten companies (43%) have Cyber Insurance. These findings should be a warning to anyone who hasn't yet taken out Cyber Insurance.
Remember that Cyber Insurance helps businesses deal with and recover from the financial costs of cyber incidents. These include operational disruptions, mitigation expenses, legal fees, damage to reputation, and regulatory fines. Additionally, insurance companies now require specific cybersecurity measures before offering cover. Businesses need to show their commitment to cybersecurity to qualify for insurance.
At its core, Cyber Insurance functions as a financial fail-safe, mitigating the impact of data breaches, cyber-attacks, and network outages. While it can't prevent these incidents, it significantly reduces a cyber-attack's financial and operational fallout.
Contact us
Visit our Cyber Insurance page for more information. Alternatively, you can call: 020 7280 3479 or email: enquiries@thecleargroup.com