The research was conducted in July to help to understand the main concerns of business leaders following the COVID-19 pandemic outbreak. Over half (54%) of executives interviewed said their organisation had been subject to an increased number of cyber-attacks as a result of COVID-19. Consequently, around a third (30%) said that cyber-crime has now become one of their biggest concerns.
The survey revealed that this represents an issue across most economic sectors, however senior executives working in construction (77% of all directors), utilities (73%) and hospitality & leisure (67%) are those that report the highest increase in suspicious emails and texts.
The issue is unlikely to go away, with 80% of executives commenting that working from home will be more prominent because of successful remote working during the pandemic. This style of operating model brings with it additional risks as employees are often not as attuned to cyber-attacks as they would be in the office environment and IT security may be compromised in a remote working setting.
Employees working from remote locations are also more likely to take risky actions that place data outside the firm’s defences and control. For example:
- An employee trying to print or share a sensitive file may send the file to his or her personal email address, exposing the data to loss.
- An employee may transfer files to an insecure portable storage device, such as a USB stick, that is easily lost, misplaced, or forgotten.
- An employee may transfer or share files through unapproved cloud-storage or file-sharing solutions, exposing the data to loss and discovery.
All these actions place data outside the firm’s defences and retention practices. Research from Specops found that companies’ main concerns in terms of cyber-attacks related to the following: 96% cited ransomware, followed by crypto jacking (74%) and phishing (67%).
Johnty Mongan, Cyber Risk Consultant at Gallagher, explained: “Cyber-crime is a major issue for UK businesses and with changes in the way lots of organisations operate, criminals will be alert to the opportunities this presents.
“There has been an increase in highly sophisticated scam attempts that are using details like emails, messages and texts which are personalised to that individual to validate and authenticate their bogus requests. We have seen cyber criminals using COVID-19 as a way to scam individuals, for example purporting to be from their employer and asking for information relating to the pandemic.”
Steps to Minimise Risk
To help minimise risk to your firm’s network and data, actions can be taken while working remotely:
- Remember that technical defences, while good, cannot fully protect you or your organisation. Attackers know that employees often represent a weak link in security and will most often target them to get what they want. Employee actions remain the best defence against these attacks.
- Beware of unexpected authentication requests if you use this form of security. If you or one of your employees receive a request to approve a connection you did not start, do not approve the request. Report the unexpected request in the usual way to your IT helpdesk or other resource performing that role.
- Do not click on untrusted links or open attachments. These links and attachments can be very convincing. If unsure, confirm with the sender or ask the IT helpdesk for assistance.
- Beware of emails and other messages that relate to breaking news, surprising information, or other urgent message – especially related to COVID-19 – to entice you to act now.
- Question anything unusual and do not take any chances with offers to do things like ‘Free Upgrade’, which is an example of the increasing number of mobile-based scam attempts that are becoming more commonplace.
- Phishing emails will often create a false sense of urgency or fear, sometimes outright threatening you. Know that legitimate organisations won’t use these tactics. Check that the sender’s email address is exactly in the format of previous emails and, if telephoning to check an email’s veracity, do not simply rely on the phone number given in that email. Report suspicious emails to your IT team as an attachment, rather than a forward.
“Cyber- attacks are a part of modern day business and regardless of the steps taken to protect a firm, they can still happen,” Johnty said. “Having robust standalone cyber insurance in place can help protect against the financial, reputational and operational impact of an attack. Gallagher’s specialist Team can provide a cyber-protection programme that is carefully tailored to your industry and particular organisation.”
He added: “Through our Cyber Risk Management service we can ensure your organisation is armed against cyber threats. We will get to know your business, starting with a review of your IT security and infrastructure to identify any vulnerabilities. We will also look at ways we can help educate and equip your people to reduce the risk of cyber-attacks and data breaches in order to improve online security throughout your company.”
All data unless otherwise stated is from research conducted by Opinium on behalf of Gallagher, between 26 June and 3 July, amongst 1008 senior decision makers in businesses employing over 250 people.
The Major Risks Practice of Gallagher are Associate Partners at Airmic. For more information, please contact Mark Rubidge, Director at Major Risks Practice: Mark_Rubidge@ajg.com.
This note is not intended to give legal or financial advice, and, accordingly, it should not be relied upon for such. It should not be regarded as a comprehensive statement of the law and/or market practice in this area. In preparing this note we have relied on information sourced from third parties and we make no claims as to the completeness or accuracy of the information contained herein. It reflects our understanding as 06/08/2020, but you will recognise that matters concerning COVID-19 are fast changing across the world. You should not act upon information in this bulletin nor determine not to act, without first seeking specific legal and/or specialist advice. Our advice to our clients is as an insurance broker and is provided subject to specific terms and conditions, the terms of which take precedence over any representations in this document. No third party to whom this is passed can rely on it. We and our officers, employees or agents shall not be responsible for any loss whatsoever arising from the recipient’s reliance upon any information we provide herein and exclude liability for the content to fullest extent permitted by law. Should you require advice about your specific insurance arrangements or specific claim circumstances, please get in touch with your usual contact at Gallagher.
Arthur J. Gallagher Insurance Brokers Limited is authorised and regulated by the Financial Conduct Authority. Registered Office: Spectrum Building, 7th Floor, 55, Blythswood Street, Glasgow, G2 7AT. Registered in Scotland. Company Number: SC108909