Update – Impact of COVID-19 on Cyber Risk
In our article “Emerging trends and cyber risk from COVID-19” we identified emerging trends in cyber losses resultant of COVID-19 and suggested steps companies and their directors could take to mitigate against these losses. Here we review 2020 and establish that cyber risk is very real, and that companies and their directors must be cyber prepared.
During 2020 cyber losses increased dramatically. Changes in working conditions due to COVID have presented opportunities for cyber criminals to flourish. We foreshadowed these emerging trends in our article “Cyber – risk & insurance issues from COVID-19”.
Network vulnerabilities between home and office appear to be the gravamen of the issue. As a result, there have been spikes in the theft of confidential information, network interference, loss of data and ransomware attacks. In turn affected businesses have suffered damage to their network, lost productivity and have been required to notify authorities..
Today, cyber criminals are more innovative in how they conduct phishing, crypto jacking, ransomware attack and social engineering cyber deception.
Industry statistics suggest 80% of businesses saw an increase in attempted cyber attacks during 2020. Coronavirus is blamed for a 238% rise in such attacks on banks. Phishing attacks have seen a dramatic increase of 600% since the end of February. Ransomware attacks increased 148% in March 2020 and the average ransomware payment has gone up by 33% to $111,605 as compared to Q4 2019. (Source: Fintech News)
COVID-19 sadly has provided more opportunity for cybercriminals to take advantage of vulnerable people and home office set ups with inferior Cyber protection.
Some simple steps that can be taken to mitigate risk include;
- Treat your home computer as you would your system at work
- Updates and patches will keep your computer protected
- Never use unsecured Wi-Fi networks
- Create a working from home security policy for your business
- Upgrade your security software – You get what you pay for.
- Back up all sensitive and confidential data regularly and store it separately
As a simple illustration to the dangers of Cyber exposures and to provide further insight into Cyber exposures the Australian Cyber Security Centre have developed a short quiz entitled ‘Spotting a Scam’. It can be accessed here.
The ACSC provides 3 very simple ways to best protect yourself from a Cyber breach;
- Think before you click on a link
- Never provide your details via a link in a message
- Contact the person or business to check if they sent the message
The above measures assist with defence of a Cyber event however the very best protection measures can still be exposed. Hackers are becoming more sophisticated in their approach which requires a greater level of diligence from all IT users.
Just as you insure your business against risk of fire, flood and storm, a cyber insurance may transfer loss resultant of cyber risk
The average direct loss associated with a minor cyber breach, not involving the loss of personal information is estimated at $10,000 in IT costs to repair your network. If a loss involves personal data being stolen you will be required to notify every person whose data has been obtained, and costs associated with such claims average $180 per notification – so if you hold the personal data of third parties the costs can quickly escalate.
Bellrock can assist you understand cyber risk. For larger businesses we work with experts who identify your cyber maturity and ensure that your business has adequate governance to be cyber prepared. For smaller businesses, we have solutions to that provide directors simplistic solutions for cyber resilience.
Otherwise, we have access to a broad panel of insurers and their respective products. Given our capabilities, understanding of cyber risk and rapport with insurers, we will find the most adequate and appropriate cyber insurance product for your business. The key to managing cyber risk is to understand the consequences of a cyber breach on your business, build your cyber resilience, develop response plans and ensure you have appropriate insurance in place to complement your insurance programme.