‘Silent’ cyber risk leaving millions of UK businesses underinsured

Published on Thu, 09/04/2020 - 15:19

A survey of 1,000 businesses by Gallagher has demonstrated the high level of concern regarding cyber-attacks, despite a large insurance gap continuing to exist. Airmic partner Gallagher presents its findings.

Of the businesses surveyed, almost two-fifths (39%) of senior decision makers in UK companies say cyber-attacks are one of their biggest concerns, yet the vast majority of businesses (82%) do not have specialist insurance in place to cover them against the cost and impact of a cyber-attack, according to research by Gallagher.

  • 39% of UK business leaders say cyber-attacks are one of their biggest concerns
  • Despite this, less than one in five (18%) companies have a standalone cyber insurance policy to cover them against the costs and impact of an attack
  • Many bosses mistakenly think that traditional business insurance typically covers these costs, however in reality specialist cover is usually required, and without it they are likely to be significantly underinsured
  • Mid-size businesses (those employing between 250 and 500 staff) are particularly exposed to business damage with nearly half (46%) incorrectly believing that cyber-attacks are ‘mainly an issue for bigger organisations’
  • In fact, small and mid-size businesses are increasingly being targeted as they are less likely to have sophisticated protection in place

The issue of ‘silent’ cyber exposure is being caused by UK business leaders thinking traditional insurance covers them, when in reality a standard policy is unlikely to offer cyber cover. Under a fifth (18%) of businesses have a standalone cyber insurance policy, with many business owners buying a policy direct from an insurer (43%) without the advice of a broker, leaving them potentially unaware of the risks their business may be exposed to.

Business leaders may also feel their business is protected against cyber risk as they have invested in technology. Forty-two per cent of bosses have invested in out of the box technology, however only a minority (39%) have taken specialist external advice, leaving many making business critical decisions, potentially without the knowledge required.

Of the businesses surveyed, the majority of leaders in larger organisations cite cyber-attacks and data breaches as a big issue (59%), compared to a minority of bosses running firms employing 50 people or less (19%). However last year, a third of all businesses (32%) admitted they had been subject to a cyber-security breach or attack, showing that the risk is considerable to businesses of all sizes.

The most common type of cyber issue to impact UK businesses is phishing attacks (identified by 80% of business that experienced a problem), impersonation in emails or online (28% of businesses) and viruses, spyware or malware including ransomware attacks (27% of businesses).

Tom Draper, Head of Cyber at Gallagher, said: "The issue of cyber-crime is one of the biggest risks facing businesses today. Clearly there are practical steps businesses can take to help protect against cyber-attacks, but unfortunately the risk remains significant and many businesses are leaving themselves exposed to financial and reputational damage if they do not consider having specialist insurance in place.

“It is evident from our research that many bosses believe they are covered in the event of a cyber-attack, however traditional or off the shelf business insurance policies do not typically provide cover for cyber related issues.

“While there is evidence to suggest larger businesses are more commonly targeted, small and mid-size businesses are still very much exposed to cyber security breaches or attacks and may not have sophisticated protection in place like large businesses, and cyber criminals will be aware of this vulnerability. They are also liable to be caught up in cyber-attacks aimed at third party suppliers or those targeted at common systems and software, such as the cloud, on which their business may rely."

On an industry sector basis, there are also major discrepancies in bosses’ views on cyber-attacks. Over half (55%) of leaders in the manufacturing sector believe cyber-attacks are an issue mainly for other types of organisations, followed closely by healthcare leaders at 42%, and 44% of those in transport. The reality is that in all three of these sectors are at high risk of cyber-attacks or data breaches.

Mr Draper added: “Our data shows that bosses in some industries think they are less likely to be targeted but the reality is that the majority of businesses now have some exposure to cyber-crime. Both healthcare and manufacturing are industries that have been singled out as at high risks.

“In healthcare this is due to the nature of customer information they handle. The manufacturing sector, which includes automotive, electronics and pharmaceuticals companies are vulnerable because cyber-attacks are primarily financial motived and are therefore likely to target businesses where they can demand a high amount of money as well as sell information to competitors.”

This bulletin is not intended to give legal, financial or operational advice, and accordingly it should not be relied upon for such. In preparing this bulletin we have relied on information sourced from third parties and we make no claims as to the completeness or accuracy of the information contained.  Recipients should not rely exclusively on the information contained in the bulletin and should make decisions based on a full consideration of all available information after seeking specific legal and/or specialist advice.  Gallagher accepts no liability for any inaccuracy, omission or mistake in this bulletin, nor will we be responsible for any loss which may be suffered as a result of any person relying on the information contained herein.  Our advice to our clients is provided subject to specific terms and conditions, the terms of which take precedence over any representations in this document.  We and our officers, employees or agents shall not be responsible for any loss whatsoever arising from the recipient’s or any other party’s reliance upon any information we provide herein, and exclude liability for such to fullest extent permitted by law.  Should you require advice about your specific situation and insurance arrangements, please get in touch with your usual contact at Gallagher.

Arthur J. Gallagher Insurance Brokers Limited is authorised and regulated by the Financial Conduct Authority. Registered Office: Spectrum Building, 7th Floor, 55, Blythswood Street, Glasgow, G2 7AT. Registered in Scotland. Company Number: SC108909