"Slow burn" follows cyber attacks

Businesses could face a much higher bill than they expect or are prepared for after falling victim to a cyber-attack arising from its "slow burn", or long term impacts, according to a new report from Lloyd's.

As businesses increasingly become the target of sophisticated hacking attacks, Lloyd's warns that they need to properly prepare themselves or face a hefty bill, including “slow burn” costs such as reputational damage, litigation and loss of competitive edge, said the report "Closing the gap – insuring your business against evolving cyber threats", released by the insurance market in association with KPMG and legal firm DAC Beachcroft.

The research identifies ransomware as a rapidly increasing threat, together with distributed denial-of-service attacks (DDoS) and CEO fraud.  It also highlighted that while financial services firms are the most targeted by organised cyber-crime, retail is also increasingly being targeted.

Dealing with reputation issues and litigation in the aftermath of an attack can add substantial costs on top of the overall loss, said KPMG cyber security practice director Matthew Martindale. “Businesses really need to start thinking about the cyber risk holistically rather than one that is currently very short sighted,” he said.

Minimising reputation risk

Lloyd’s CEO Inga Beale said that it is the reputational fallout from a cyber breach which kills modern businesses and reacting quickly to mitigate the latter’s impact will help minimise immediate costs, and exposure to slow burn costs.

“To protect themselves businesses should spend time understanding what specific threats they may be exposed to and speak to experts who can help handle a breach, minimise reputational harm and arrange cyber insurance to ensure that the risks are adequately covered,” she said.

Long-term legal consequences

Regulatory investigations for breaches could take more than a year before conclusion is reached and subsequent litigation even longer, particularly because data security and privacy laws is still a “relatively evolving area” said Mr Hans Allnutt, Partner, Head of Cyber & Data Risk at DAC Beachcroft.

Some of the report’s other key findings are:

• Ransomware and DDoS attacks are increasingly used against businesses, with healthcare and media and entertainment particularly targeted. Beazley, a Lloyd’s underwriter, has seen a fourfold increase in ransomware attacks on its customers from 2014 to 2016. It predicts the number of attacks will double again this year.

• The financial services sector is the main victim in targeted attacks by organised cyber-crime but retail is increasingly being targeted. Criminals are becoming more financially savvy, and have started to target bank systems and financial infrastructure.

• Oil and gas firms can find themselves caught up in national politics and can be the subject of espionage as well as occasional high-end disruptive attacks; they essentially become "political cyber footballs".

• The public sector and telecommunications sectors are highly susceptible to espionage-focused cyber-attacks.

• There has been a major growth in targeting companies through CEO fraud, i.e. perpetrators posing as a senior executive to elicit sensitive information. This is resulting in significant financial losses.

 Link to the full report "Closing the Gap" - HERE