Business Insurance
Personal Insurance
Ransomware has been a key issue for UK business for several years now and we have seen the landscape change from high volume attacks asking for relatively small ransom demands to a strategy which has seen the number of demands plateauing, but the amounts being demanded from companies that have been successfully penetrated increasing dramatically.
Russia Ukraine War
During 2022 Ransomware attacks appeared to have slowed down somewhat, probably as a consequence of the Russia Ukraine conflict (as many of the groups historically involved in the proliferation of such attacks were based in these areas). However, cyber security experts and insurers are now reporting that during Q1 2023, that that Ransomware is again on the rise.
March 2023 increase in attacks
According to the NCC Group’s March 2023 report (https://www.nccgroup.com/uk/resource-hub/cyber-threat-intelligence-reports/)-
When considering Cyber Incidents, the perpetrators of this type of crime are not teenagers sitting in their bedrooms at home typing on a keyboard. They are multi-million pound businesses running very sophisticated software attempting many attacks against random targets simultaneously.
Questions to ask
Therefore, businesses should ask themselves how they would respond to a Ransomware attack? Indeed, the first question they should consider is whether they have the expertise, and the second question is do they have the financial resource to deal with any kind of Cyber Incident in the first place? If the answer is “No” to either of these questions, then they should consider offsetting the risk to a specialist insurer.
Choosing your Cover
In terms of insuring against Cyber Risks, it is important that consideration is given to choosing a broker that truly understands the covers available and that businesses look at the depth of the cover available rather than simply the lowest premium available. The Ransomware limit available under the policy is therefore a very important element of the cover to consider.
This expertise will provide clear advice, particularly around onerous conditions which are prevalent with several insurers. It is no good having a policy, if this won’t pay out in the event of a loss where a simple breach of a condition, which could have been avoided had the business received better advice.
One area that many businesses fail to consider is setting an appropriate indemnity period to cover the financial shortfall that an incident can trigger. Some insurers offer extremely limited indemnity periods, it is therefore important that businesses engage with brokers that have good product knowledge and work with insurers providing good cover options.
Another area businesses should consider in terms of a Cyber Incident, is how long will the effect be on the business, and what will the impact be on the revenue / bottom-line? Whilst the actual costs of a Cyber Incident can be determined post breach, the impact on the financial situation can continue for some time afterwards and may be less obvious as are any potential costs which may arise out of subsequent Regulatory issues arising.
Conclusion
It is critical that businesses receive best advice around Cyber Security, Risk Management and the Cover available to protect themselves against a severe threat that is again on the increase.