Companies could face a much higher bill from a cyber attack than they are prepared for if they do not take account of ‘slow burn’ costs such as reputational damage, litigation and loss of competitive edge, according to new research from Lloyd’s. These longer term costs can dramatically increase the overall bill for a cyber attack, on top of the more immediate legal, forensic investigation and extortion payment, it states.
As well as a growth in ransomware attacks such as the recent WannaCry and Petya incidents, and distributed denial-of-service attacks, the Lloyd’s report, Closing the gap – insuring your business against evolving cyber threats, also points to a significant increase in CEO fraud, where hackers use fake email accounts to impersonate a senior executive to a firm’s employees to con them into moving money into the hackers’ bank account.
The report’s focus on a company’s culture as part of its strategy to combat cyber attacks is right given employees are frequently targeted as the weakest link in cyber defences, says Matt Webb, Group Head of Cyber at Hiscox. “Company culture counts,” Webb argues. “All businesses should treat cyber as an organisational risk, not just an IT or technological one. It is just as much about staff awareness and training, and good processes too.”
“At a board level, someone in the C-suite must be able to raise their hand and say ‘I’m responsible for cyber risk.’ And increasingly we are seeing CEOs do this,” says Webb.
The full report, “Closing the gap – insuring your business against evolving cyber threats”, is available at lloyds.com/closingthegap.
All press releases