Real threat, virtual world
If the words ‘digital risk’ don’t mean much to you, now might be a good time to do some research.
Because cybercrime – the targeting and attacking of businesses through and for their digital assets – is on the increase.
Figures from consultancy firm PricewaterhouseCoopers indicate that large UK businesses suffered an average of 54 cyber-attacks each in 2011, twice 2010’s level. That’s pretty much one every week.
Further figures, this time from the FSA, show that UK companies dealt with 185 security breaches during June, July and August last year. Doesn’t sound like much but reporting attacks is voluntary and the actual number is almost certainly much higher.
What’s clear is that these attacks aren’t just inconvenient: they cost money. The Cabinet Office estimates that cybercrime costs UK businesses around £21bn a year.
Average figures, again from PwC, show that fixing the worst single security breach costs between £110,000-£250,000 for large businesses and £15,000-£30,000 for small ones.
Worse, data breaches are more expensive to fix than security breaches because there's more at stake. The average cost of dealing with these is a whopping £1.9m – the consequences of negligence, lost business and subsequent system repairs/improvements.
So, are you prepared? Do you know what your business is up against? Can you say you’re absolutely protected from rootkits, trojans, spyware, phishing etc?
If you are, what about the rest of it? Digital risks come in all shapes and sizes. There's more to it than just keeping an eye out for unscrupulous criminals with financial and political motives.
Different businesses face different digital risks depending on what they do. For example, a business with an e-commerce website, holding customers’ personal and payment data is at greater risk of a costly breach than, say, a company without a website but which uses email.
Cyber damage can be physical and virtual, first party (yours) and third party (your clients'). Here’s what can go wrong:
- Property damage: fire and flood can wipe out expensive servers and networks. And our claims records show that company laptops and smartphones go missing on a frighteningly regular basis.
- Virus transmission: your business could be liable if a malicious program originates from you and damages a client or a third party's systems.
- Intellectual property theft: your secret, valuable design for that new product/building/brand, for example, are fair game to Johnny Hacker – and available to the highest bidder.
- Reputation damage: social media can turn a minor customer complaint into a major PR disaster quicker than you can say 'Twitter storm'.
- Libel and slander: email means communicating at the push of a button. Which potentially means pushing the wrong button and sending the wrong email to the wrong person.
- Data breach: it doesn’t always have to be the loss of customers’ financial data that causes the biggest problems. It could be employee details or commercially sensitive information. There’s third party liability here in addition to your costs of and finding out what went wrong and fixing it.
- Business interruption: hardware breaking down, software that refuses to work or firefighting a hacker attack can easily put a stop to your day to day operations. That means lost revenue.
As always, a little preparation is all that’s needed.
Start with some basic risk assessment to establish what your exposure is. Take a look at the points above and work out how much any or all of them would cost to put right.
Bear in mind that you’re only as strong as your weakest link. Unfortunately that’s more than likely to be human than technical.
Try to make sure that security isn’t just the IT department’s concern. All employees need to be aware of (and regularly reminded of) the risks. Your company’s security is everyone’s responsibility and it starts with fundamental things like setting strong passwords and not leaving laptops on the train.
Above all, we’d recommend asking an expert to point you in the right direction. Getting good advice on what you can do to protect your business, as well as guidance on the most appropriate hardware and software could be priceless.
As could a robust cyber liability insurance policy. If all else fails, at least you’ll have something to fight your corner and pay your bills.business interruption insurancecyber liability insurancemanaging riskoffice insurance