News & views

Monday, June 19, 2017

Cyber-attacks have long posed a financial threat to businesses, but the recent outbreak of the WannaCry ransomware suggests the threat could extend into areas once thought immune to cyber-attacks, such as the health sector.

Many thousands of computers were infected with the virus back in May, with more than 150 countries thought to have been caught up in the attack. In Britain, the highest-profile victim was undoubtedly the NHS, which was forced to postpone appointments and scale back services following the sudden encryption of patient data.

Along with NHS trusts, the malware attack provides a timely wake-up call to GP surgeries and dental practices regarding the dangers of cyber-crime. But it also offers valuable lessons to the UK’s legions of small and medium-sized enterprises (SMEs) who work in other sectors…


Counting the costs of WannaCry

In a financial sense, the WannaCry attack threatened to generate significant costs for public and private sector organisations across the globe. After infecting computers and locking users out of important files, the virus demanded a ransom of between 300 and 600 dollars via Bitcoin. Users were told they would only regain access to their systems by meeting this demand.

While experts quickly discovered a ‘kill switch’ to halt the spread of WannaCry, the incident highlights how the costs of cyber-attacks could ultimately extend far beyond straightforward financial damage. Some NHS trusts were forced to cancel treatments and appointments after losing access to vital files, while people were even advised to avoid A&E departments in some cases.

Learn more about the roots of WannaCry


Warning shot for SMEs

With public service providers and major corporations among the key victims of WannaCry, many SMEs will likely have breathed a sigh of relief. But rather than dismissing it as a one-off and simply carrying on with business as usual, entrepreneurs should pause to take stock of the incident. After all, while they may have escaped unharmed this time, no-one can be sure of exactly what threats may be around the corner.

WannaCry understandably grabbed headlines due to its huge global scale, but less high-profile cyber-attacks continue to hit smaller businesses every day. Here at NIG, we recently learned of another ransomware incident which cost an SME between £10,000 and £14,000 in lost income. However, the financial burden didn’t end there, with the company in question also wasting two days of management time, losing three weeks’ worth of data, and racking up technical support fees.

The take-home message is that SMEs can’t become complacent. Even if a cyber incident isn’t widely reported, it could still be highly dangerous. Research has even revealed that 60% of small companies go out of business within six months of an attack (SC1).


Taking a proactive approach

The WannaCry incident may have grabbed the headlines; however, SMEs aren’t immune from the threat of cyber-attacks.

Organisations of all sectors and sizes could benefit from following the three-point plan:

1. Ensure all software and security tools are kept up to date

The WannaCry malware targeted Microsoft systems, harming computers with older versions of Windows in particular. Encouraging workers to install the latest software updates and enabling security protections is therefore essential. While updates and effective anti-virus systems can be expensive, the cyber-attack which dominated the front pages in May suggests this is an area where organisations can’t afford to cut back.

2. Back up all important data

Ransomware effectively locks people out of their computers, denying them access to urgently-needed files. But by regularly backing up data on external drives, organisations can retain uninterrupted access to their files, even if cyber-criminals strike.

3. Invest in trusted insurance

Organisations can cover themselves against the knock-on effects of cyber-crime by seeking out the right insurance. For instance SMEs can access bespoke cyber insurance to shield themselves against the unexpected costs of malware such as loss of business income.


Insurance Requirements.

For bespoke cyber insurance SMEs should look no further than our regionally-traded Cyber Cover product that was given a 4/5* rating by an independent broker reviewer in Insurance Age during 2016 (SC2).

The comprehensive cover that our product offers, including our 24/7 support, can go a long way to helping safeguard the future of your business should you ever be the victim of a cyber-attack. Here’s what our Cyber policy also covers: 

  • Cybercrime – financial loss from hacking, fraudulent input or alteration of data
  • Cyber liability – damages and defence costs attributed to a data breach
  • Data-Breach expense – the cost of expenses following a data-protection failure
  • Third party data storage – data held at a third party storage provider
  • Loss of business income following a cyber-event (Optional)
  • Damage, loss, corruption and breakdown of hardware (Optional)
  • Data corruption and extra costs (Optional)

You can find more information about NIG’s Cyber Cover product, including Key Facts, Sales Aid, Proposal Form and Policy Wording, on our website here


Sources.

SC1: https://smallbiztrends.com/2017/01/cyber-security-statistics-small-business.html

SC2: http://www.insuranceage.co.uk/products/2459779/review-cyber-for-smes