Cyber attacks aren’t going away. Email will continue to be the main distribution method and social engineering practices (tricking users) will continue to evolve.
- With data breaches becoming more common and high profile, there is a need for increased diligence from directors concerning cyber security, to prevent claims arising
- Directors in the US are potentially vulnerable to cyber-related directors and officers claims, and the trend is almost certain to cross the Atlantic
- To prevent exposures, cyber risk management must become the responsibility of directors
No company is too small to face a cyber attack, and the increasing regularity of such incidents means that as cyber breaches become more common, claims against directors, following losses suffered by the company, will no doubt increase.
These are the 5 most common cyber attacks to be aware of:
1. Phishing – emails are sent from an allegedly trusted source asking for sensitive information
2.Spear Phishing – a specialised attack on a particular person in your company
3.Physical baiting – leaving an infected piece of hardware such as a USB stick in the office in the hope someone uses it and infects the network
4.Pretexting – an attacker pretends to be a colleague or a supplier and asks an individual to provide sensitive information.
5.CEO fraud – posing as a member of senior management in order to trick someone to transfer money to a specified account
In 2015, 74% of small UK businesses have experienced a cyber breach. It is estimated cyber crime costs British businesses £34 billion a year and can also have a devastating effect on a company’s reputation. UK cyber attacks have risen 40% in the last year and the UK is now the European country targeted most by cyber criminals.
While cyber attacks on major corporations such as TalkTalk and Wetherspoons may generate more media interest, SMEs are increasingly being targeted by cyber criminals too.
Recently, a small family business in St Ives, Cambridgeshire, lost more than £26,000 after falling victim to a sophisticated email fraud, and UK charity, the National Childbirth Trust, apologised to 15,000 new and expectant parents after their registration details were accessed in a data breach. These scenarios demonstrate the varying nature of cyber threats and the associated risks.
Cyber risk management is an issue that should be at the heart of boardroom discussions, and not one that is solely an IT department problem.
Although it is impossible for SMEs to completely eliminate the threat from cyber criminals, there are measures they can take to reduce the risk.
For example, more than 1,000 UK businesses have adopted Cyber Essentials, a government scheme to protect firms against some of the most common online threats, including viruses, malware and hacking.
Businesses can also build a human line of defence against cyber attack – for example by educating staff on the types of scams that cyber attackers use by and encouraging employees to report these types of scams to their company’s IT department.
Please speak to one of our commercial insurance experts for more information on this important topic.
Source: Zurich Insider