Guest Post from Apex Insurance
Cybercrime is a borderless problem, where criminal acts are committed online by using electronic communication networks and information systems, but industry experts at Apex Insurance estimate that just 10% of Irish SMEs currently have financial protections in place to rely on in the event of a cyber-attack. However, the financial experts believe that this figure is likely to double, to 20%, over the next 12 – 24 months, as a combination of greater awareness of the prevalence of cybercrime, and a recognition of commercial considerations around business development, drive more and more businesses to take out some form of insurance.
Apex Insurance say that aside from the business risks inherent in not protecting data and information, companies and organisations that do not have cyber insurance cover in place, will increasingly see themselves precluded from doing business with larger organisations that are now insisting on partners and suppliers who have adequate cover in place.
Theo Hoare, Managing Director with Apex Insurance explained,
“A key driver we believe will have a big impact on the market are the tender requirements from large organisations. Bodies such as An Post have already made moves to make it compulsory for any business partners or suppliers to have cyber cover in place before they will agree to do business with them. It won’t be long before others follow suit. In light of this and of increased awareness among the business community in general, we expect in the short to medium term that cyber insurance will be as relevant and as prevalent as other financial protections such as Property, Employer’s and Public Liability insurance.”
Turning the Tide on Cyber Protection
Mr. Hoare said the majority of businesses in the country are exposed to the threat of cyber-crime,
“The level of exposure depends on a myriad of factors – some within the control of the business and some outside of it. To date, business owners have been slow to make the moves necessary to protect themselves with insurance cover, which is reflective in the low take-up of dedicated insurance at present and is indicative of a level of inertia that exists – especially amongst businesses that have not suffered an attack or loss of data. However, thankfully, I think the tide is turning in this regard. Already we are seeing a move away from the traditional, reactive motivations for business owners taking out this form of insurance and increasing numbers are taking a pro-active approach. Until very recently, most people only thought to take out cover on the back of a cyber-attack or attempted attack, whereas now people making an effort to safeguard their business before any such attempts take place.
Cyber Crime in Ireland, Europe and Around the World
Cybercrime costs include damage and destruction of data, stolen money, lost productivity, theft of intellectual property, theft of personal and financial data, embezzlement, fraud, post-attack disruption to the normal course of business, forensic investigation, restoration and deletion of hacked data and systems, and reputational harm.
Mr. Hoare continued,
“Unfortunately, despite the best efforts of security and tech experts around the globe, cyber-crime is a problem that is growing exponentially. It has become a part of our business landscape and I think that’s what people need to accept. We advise that rather than taking a head in the sand approach, business owners and managers must ask themselves what they can do to ensure their business is safe from attack in so far as is possible.”
With this in mind we have outlined 5 easy but imperative steps businesses need to take:
In-house Cyber Awareness & Identification
Technology is often only as good as the people using it. A source of concern from a recent survey was the finding that 50% of Irish people admitted to using the same password across many online applications. Passwords are often shared freely in offices and screens left open or unattended. Businesses will need to implement tighter protocols for protection in this area. Training should be given on recognising potentially dangerous emails and other measures to prevent exposing systems to attacks. Updating IT security software, checking firewalls etc. are all areas to address to protect against cybercrime.
Human error is a factor in all areas of risk management, for instance a person responding to a rogue email or losing a USP key could initiate an incident, despite the best IT security system. Having insurance in place can be a great asset in dealing with an incident and any resulting financial consequences.
Outside Suppliers and Partners
Be mindful of the data & cyber protection precautions that suppliers and other 3rd parties your business deals with have in place. This should be a consideration when selecting who you chose to do business with – particularly when it comes to the providers of services that use or store your data and more sensitive personal financial information.
Regular Reviews of Protection Process and Procedures
We highly recommend reviewing and updating your company IT security measures regularly with staff and management, and with protocol in the event of an attack or emergency.
Look at the Free Protections Available
Cost is often a consideration for businesses but there is a raft of free online tools available. It just takes a bit of homework. For example, email theft is a risk to all businesses and particularly to SMEs – all of the larger email providers have the option of two-step verification. Ideally, businesses would require all staff to use this feature to ensure greater protection.
- Nearly half of all cyberattacks are committed against small businesses.
- Less than 5% of cyber crime is reported to Gardai
- The value of the cyber-crime industry globally has been estimated at $500bn
- Experts predict that cybercrime will cost the world $6 trillion annually by 2021. This figure – up from $3 trillion in 2015 – represents the greatest transfer of economic wealth in history and will be more profitable than the global trade of all major illegal drugs combined.
- Cybersecurity ventures predict that a business will fall victim to a ransomware attack every 14 seconds by 2019, increasing from every 40 seconds in 2016
- Cyberattacks are the fastest growing crime in the U.S., and are increasing in size, sophistication and cost.
Stats in Ireland
- 89% of Irish people say they believe the risk of becoming a victim of cyber-crime is increasing – this is higher than the EU average of 86%
- 36% of Irish people say they are “not well informed of the risks of cyber-crime – which is less than the 51% EU average
- 39% of Irish people have received fraudulent emails/calls looking for personal data
- 15% Irish have had an online account hacked
- 26% have discovered malicious software on an IT device
- 31% of Irish people say they have started using different passwords for different websites in last 3 years