The role of cyber/data and crime/fraud insurance in an overall insurance portfolio has never been as important as it is at the current time. It is widely agreed that we could have never reasonably foreseen the COVID-19 Coronavirus outbreak and the impact it has had on businesses across the UK, and worldwide.
But, the threat of cybercrime is one that we know exists and the impact could be catastrophic. We have seen first-hand how quickly this medical virus has brought the world to a standstill. A virtual virus could spread even quicker and carries the probability of bringing down national and worldwide networks that we have become so reliant on in our everyday lives. We saw this on a significant scale only three years ago, in May 2017 when the NHS experienced a cyber attack, which rocked their ability to provide non-essential services and ended up costing them £100m. This became known as WannaCry.
This threat is further compounded by the increased working from home mandates issued and the general confusion caused by the measures brought in to minimise the spread of the Coronavirus. A report conducted in April by TSB Bank plc found that 42% of people suspect they have been the target of phishing attacks during the COVID-19 outbreak.
In particular, we have seen scammers purporting to be official bodies such as the Government, the World Health Organisation (WHO) or the NHS.
Despite this, we still see businesses not protecting themselves against this very real and known threat. It feels like only a matter of time before an electronic virus hits and cripples an already struggling economy, so we are urging all of our clients not to be left exposed. Here we compare a cyber loss with a fire loss, to show how important it is to consider this protection.
Cybercrime comes in many different forms including:
- “Fake CEO fraud” - Cybercriminals using fake emails and making calls masking as someone they’re not in order to get access to information, data or money. An example is an email purporting to be from the CEO of a business, to approve an invoice for payment.
- Hacking – the unauthorised access of a computer system.
- Viruses, Malware and Ransomware – typically delivered or downloaded to computer systems with the intention of causing or threatening damage to software or data, often with the request of a ransom to be paid to avoid a breach or blocked access.
- Phishing – emails which proport to be from reputable companies, individuals or the Government themselves inducing the receiver to reveal personal information, such as passwords or credit/debit card details.
- Smishing – text messages which appear to look like they have originated from reputable companies, individuals or the Government encouraging you to click on dangerous or harmful links.
Advice for protecting yourself
There are some things you can do to protect yourselves from the risk cybercriminals pose:
- Be extra vigilant with emails and text messages you receive and if you receive something that looks suspicious or just “doesn’t look right”, no matter who it is from, do not click on any of the content, any links within it or forward or reply to the email. Instead, use an alternative way to contact the individual or company to verify if it is legitimate.
- In April, the National Cyber Security Centre, a branch of the Government Communications Headquarters (GCHQ) who work with the British Insurance Brokers’ Association (BIBA) on several cyber insurance initiatives, have set up a specific email address for suspicious Coronavirus related phishing scams to be reported to. The email address is firstname.lastname@example.org.
- Ensure your usual processes and procedures continue to be followed in the correct manner, particularly for authorising payments, making changes to websites, etc. and processing data.
- Follow the Advice given by the Take Five to Stop Fraud campaign which encourages you to:
- Stop – take a moment to stop and think before parting with money or information
- Challenge – could it be fake? It’s OK to reject, refuse or ignore any requests. Only cybercriminals will try to rush or panic you.
- Protect – contact your bank immediately if you think you’ve fallen for a scam and report it to Action Fraud.
- If you are making use of video conferencing facilities to stay connected with business associates, clients and colleagues, ensure you track who is joining calls. Don’t make any meetings public or post joining links on public forums.
- Regularly change passwords across all devices and online platforms, ensuring you use strong, unique passwords that are not easy to guess.
The insurance options available
No matter how many precautions you take or how vigilant you and your colleagues are, some cyber attacks can not be prevented. This is why we advise you to speak to us about the range of cyber and data insurance policies that are available.
You can quickly discover the level of protection you may need by taking our simple 3-minute cyber risk assessment test.
A free cyber incident response helpline
As a result of the increased threat, our partner, leading cyber insurance provider CFC, are supporting the SME business community by offering access to their award-winning cyber incident response helpline free of charge until 31 May 2020 to Towergate SME clients. View more information, qualification criteria and your access code.
This helpline is award-winning and not only helps businesses to determine if they have suffered a cyber attack or data breach, but also identifies appropriate steps to remediate the incident and offer guidance and support throughout.
The information contained in this bulletin is based on sources that we believe are reliable and should be understood as general risk management and insurance information only. It is not intended to be taken as advice with respect to any specific or individual situation and cannot be relied upon as such. If you wish to discuss your specific requirements, please do not hesitate to contact your usual Towergate Insurance Brokers advisor.