The role of education in tackling cyber-attacks
As the risks surrounding cyber-attacks continue to grow, SMEs need to educate themselves, according to GlobalData Financial Services.
Cyber-crime is a risk faced by all businesses regardless of their size, and is becoming increasingly sophisticated as technology progresses.
With Yahoo and Equifax both being victims of high-profile hacking cases in recent months, it stands to reason that even large organizations with specialist IT departments are susceptible to cyber-crime.
Within the UK economy SMEs represent over 99% of businesses, many of which do not have specialist knowledge in preventing cyber-attacks. This makes them an ideal target for criminals, as the required sophistication of the attacks is minimal when compared with those carried out against large businesses.
Despite this, results from GlobalData’s 2017 SME Insurance Survey reveal that the take-up of cyber cover among small businesses has stalled after a couple of years of reasonable growth.
Industry experts have noted in response that it remains difficult to find traction for this product and successfully make the cover tangible to customers, with businesses tightening purse strings.
One way in which the benefits of cyber insurance and the risks around cyber-crime can be made demonstrable is in the approach taken by CFC Underwriting, an emerging risks and niche markets specialist.
In partnership with Cyber Risk Aware it has launched a programme for policy holders to provide training on cyber risks and in particular phishing emails.
The software developed by the partnership allows employees to experience a number of different styles of phishing emails, whether these are templated versions of “known-to-work” phishing emails or customized to replicate the style of emails the business typically receives.
CFC Underwriting estimates that approximately 38% of the claims it incurred in 2016 could have been prevented by educating staff on how to deal with cyber risks.
Phishing scams are the most common technique used in cyber-attacks – where criminals pose as someone from within the organization itself or a reputable company and ask for personal details or company data, or for financial transactions to be carried out.
The easiest method to prevent these types of attacks from being successful is for staff to be educated on how to identify such emails and how to respond, in essence building a human firewall.
The partnership between CFC Underwriting and Cyber Risk Aware could represent a shift in the cyber insurance market, with insurers looking to take preventative measures where possible rather than simply reacting post cyber-attack.
CFC Underwriting states that SMEs are not sure where to begin when trying to protect themselves from cyber-crime.
Given this lack of knowledge and an increasing awareness of the risks cyber-crime poses, efforts by insurers to work alongside SMEs to educate staff could become normality as both stand to benefit from such interactions.
There is also potential for such training to assist with the accuracy of premium pricing.
Cyber Risk Aware provides feedback for businesses on the performance of employees; this in turn could be utilized by insurers to identify SMEs that are high risk and price premiums accordingly.