Posted on: 20 December 2019
Is Cyber Insurance working for UK businesses?
Recent figures from the Association of British Insurers (ABI) offers insight into how Cyber Insurance claims are paid out to British customers.
The ABI’s members include insurers of which Premierline has relationships with, including Ageas, Allianz, Hiscox, NIG, QBE and RSA. Take a look below at how the UK’s insurance companies are covering customers against cyber-crime.
Cyber-crime in the UK
Since there have been rapid advancements in technology in recent times, more and more criminals are going online to find ways to make money. A report from the BBC showed that victims of cyber-crime in the UK lose more than £190,000 a day (almost £70m per year) to cybercriminals, yet research from the ABI has shown that only around 11% of UK businesses take out cyber insurance, which is rarely included in a standard business insurance package.
The most common cyber-crimes in the UK are Phishing, Ransomware, DDoS Attack, Viruses and Attack Vectors.
Phishing, Vishing, Smishing and Spear Fishing are all different ways that criminals will attempt to steal information from you such as personal identification numbers (PINs), card details and passwords. Vishing focusses on voice phishing, usually over the phone, and Smishing works to attack you via SMS. Spear Fishing is the collective term for all forms of phishing.
Ransomware is malicious software that stops the victim from accessing files until a ransom is paid to the criminal. There is also little guarantee that once you have paid the ransom that your files will be returned or restored, as the criminal will likely need to destroy the files to help them get away with the crime.
Hiscox UK found that a new victim will experience a ransomware attack every 11 seconds by 2021, an increase from 2019, currently a ransomware attack occurs every 14 seconds.
A Distributed Denial of Service (DDoS) attack is where criminals will attack a business’s website by overwhelming a server or network so that the website goes offline. Criminals will usually then strike by breaking into the system whilst the business focusses on restoring the website.
Motivations for the attack tend to be for blackmail and revenge from disgruntled employees but has also been used by protest groups, who target websites for political reasons.
Computer viruses are common forms of cybercrime which usually look to change the way that your computer will operate. Viruses are easily spread from computer to computer, often by opening an email attachment, running an executable. file, visiting a harmful website or using an infected storage device.
Common viruses include Worms, Adware, Spyware, Bots and Trojan Horse viruses. According to statistics from the Office for National Statistics, there were 442,000 cases recorded of malicious computer viruses reported year ending June 2019.
Attack vectors are the ways that criminals will get into your systems to either infect with malware or to take data. Attack vectors are also known as a hack.
There are 4 attack types that criminals will use to access your computer systems:
- Drive-by attack –when a criminal will target a user through their browser, infecting their computer if they visit a website designed to spread malware. Criminals can also compromise legitimate websites which they can use to infect the user directly or redirecting them to a malicious website.
- MITM (Man in the Middle) –alters communication between users, manipulating users into giving confidential data whilst under the impression they are speaking to a legitimate party.
- Zero-Day attack – Software that has just been released to the general public may be open to attack from criminals as it may be largely untested towards cyber-attacks. Criminals will exploit this new software before new patches can be introduced.
- SQL Injection – A Structured Query Language (SQL) Injection is when an attacker inserts malicious code into a server that uses a domain-specific language. An SQL Injection is particularly effective against software that has a security vulnerability and the attack forces a server to give access to a cyber-criminal.
Cyber-crime claims in the UK
Despite the abundance of cyber-crime methods available to cyber-criminals, the ABI also revealed that only 11% of UK businesses will take out Cyber Insurance. They also revealed that around the world, there is £2.8bn of Cyber Insurance underwritten. However, less than £100m of this is written for businesses in the UK, which equates to only around 3.5% of the global total. The ABI also recognised that the Cyber Insurance market was smaller than the Pet Insurance market in the UK, despite being something that all businesses should be considering in this new digital age.
Cyber Insurance however, is one of the most reliable insurance covers on the market, with 99% of all cyber-crime claims in 2018 resulting in a pay-out.
The ABI also revealed that in 2018, the pay out figure across the whole of the personal protection insurance industry was 97.6%, showing that Cyber Insurance pays out more often than most other personal protection cover.
Cyber Insurance with Premierline
Rapid changes in technology have meant that we are now reliant on it to communicate, especially for businesses. According to the Department for Digital, Culture, Media & Sport, 98% of businesses and 95% of charities in the UK rely on some form of digital communication or service. Because of this, Cyber Insurance is becoming increasingly more important for UK businesses to help protect their digital world.
At Premierline, our trained advisors can tell you more about Cyber Insurance the how it can protect your business. We currently work with Hiscox, one of the leading insurance providers for Cyber Insurance, to find the best cover for our customers looking for cyber protection. Get in touch to speak to one of our trained insurance experts about your cyber insurance options.
Compare business insurance
The information and tools contained in this guide are of a general informational nature and should not be relied upon as being suitable for any specific set of circumstances. We have used reasonable endeavours to ensure the accuracy and completeness of the contents but the information and tools do not constitute professional advice and must not be relied upon as such. To the extent permitted by law, we do not accept responsibility for any loss which may arise from reliance on the information or tools in our Insight Hub.