The Key Impacts of High-Profile Cyber Attacks
Last week it was revealed that a Premier League club almost lost £1 million when cyber criminals attempted to hack and sabotage a transfer deal. Responding to the attempted attack, the director of operations at the National Cyber Security Centre (NCSC), Paul Chichester noted that the findings of the NCSC report into the cyber threat facing sports organisations revealed that at least 70% of institutions suffer a cyber incident every 12 months.
The question of how such high-profile cyber attacks, whether attempted or successful, impact the public consciousness surrounding cyber security and the role of cyber insurance in the prevention and mitigation of such breaches, is one which requires significant consideration. For the cyber team at Travelers Europe, promoting an understanding within both its broker partners and its insureds continues to be a core area of focus for the business.
The head of cyber at Travelers Europe, Davis Kessler, noted that the impact of such high-profile breaches on the general public’s understanding of cyber security concerns fundamentally cuts both ways. On the one hand, it absolutely increases their awareness, he said, as these events reach a much broader press than the standard commercial breaches might. Yet, on the other hand this can also lend itself to the idea that such incidents only happen to larger, more high-profile targets.
“This is definitely the case,” said Lisa Farr, cyber underwriter at Travelers Europe, “because normally we find that when we are talking to brokers or face to face with clients, that because they hear of the largest cases in the news, the British Airways and the like, these smaller businesses who we are targeting think this will never happen to me. And it actually does, it’s just not reported about all the time in the news.”
Kessler also noted that the recent incident with the Premier League highlights the disparity in how cyber events are publicised. The NCSC is the highest cyber defence organisation in the nation and it responded very quickly in putting out a press release about this thwarted attack which, while meaningful, is similar to incidents which happen every day in the commercial world and do not receive this level of attention.
“No one is safe, and everyone is a target,” Farr said. “Every business is a target. Small or large, it doesn’t who you are or what you are, if you’ve got weak controls then [cyber criminals] can get in. But hopefully this recent incident will raise some interest in people reading the papers who don’t usually have too much of an interest with regards to cyber.”
An important point to bear in mind, Farr stated, is the enhanced impact that a cyber attack can have on a small business in comparison to a large multinational organisation. Normally when a very small business suffers an attack, they can end up going bust, she said, but some of them still don’t appreciate the value of cyber cover and how cheap and effective this can be. This might be because brokers are not selling it, which is understandable as it can be a very difficult product to sell. For many, it is still seen as something of a luxury purchase, so it has been a relief to see that the COVID-19 pandemic and its financial ramifications have not reduced the number of inquiries Travelers is seeing.
“Also important to bear in mind is that idea of businesses having cover elsewhere,” according to Iveren Yongo, associate cyber underwriter at Travelers Europe. “That means some of the smaller businesses are taking that risk in not buying a standalone policy. But there’s added value in that breach response cover that I think most firms just turn a blind eye to because they don’t know about it and the importance of it. So, hopefully, with time and cyber security being more in the news we will get more firms buying.”
For Travelers, the emphasis remains on getting the message out to its brokers and insureds regarding not only what cover is available but also why it is available. Cyber is still a fairly new product, Kessler said, and a lot of brokers don’t feel prepared to effectively respond to the questions they are being asked by their clients. Seminars, updates, training and presentations are just some of the tools that the cyber team is using to increase how comfortable brokers are in discussing these products.
