Help and Contact
Search
Help and Contact

Christian Simpson, Senior Cyber Underwriter on

Why no business or sector is immune from cyber threats

Posted: 24 November 2020

It’s no longer just large corporate organisations which face the threat of cyber attacks. 

Increasingly, evidence shows that businesses of all shapes, sizes and sectors can experience a cyber attack as companies become progressively digitalised and deal with sensitive data which acts as a lure for cyber criminals. A 2020 report revealed that almost half (46%) of businesses had experienced a cyber attack or breach over a 12 month period, up from 32% the previous year.1

Large organisations vs. SMEs

 

Cyber attacks can be expensive. According to research from the Ponemon Institute, the average total cost of a data breach for a UK company is £3.1 million.2  Whilst this can be hard enough for large organisations to swallow, it could mean ‘game over’ for smaller enterprises. 

Not only are SMEs unlikely to have the same financial resources available as their larger counterparts for equipping themselves with cyber security software or sophisticated IT systems, but they’re also less likely to have IT teams, human resources or legal departments to assist where a breach occurs. Costs in the form of financial penalties, legal costs or those associated with reputation management can also add to the financial burden.

£3.1 million is the average total cost of a data breach for a UK company

81% of UK SMEs had suffered a data breach or cyber attack

 

Regardless, a 2020 report revealed that 81% of UK SMEs had suffered a data breach or cyber attack, with 37% confirming multiple breaches.3  There’s a suggestion that some hackers use smaller businesses as a ‘gateway’ to larger organisations. This works by penetrating a smaller company’s network and gaining access to a larger, partner company’s data and information through shared connections and platforms.

Raising awareness of cyber security is essential, as it’s often an innocent employee who inadvertently lets the criminals in; as many as 90% of cyber data breaches were found to be caused by human error in the UK in 2019.4

Cyber threats across different sectors

Whilst no business is immune, certain industries appear to be more targeted than others. Recent data5 showed that the industries which had experienced the highest number of breaches included the healthcare, IT & telecommunications and legal sectors. There are a number of factors which increase the vulnerability of a business to cyber threats.

Sensitive data

Any business which stores sensitive and/ or personal data is of interest to cyber criminals since they can seek to sell this information for profit.; this covers a wide range of sectors from healthcare to financial institutions and educational establishments. The NHS is one such example since it keeps highly sensitive information including medical insurance details, National Insurance numbers and medicine records. In May 2017, the WannaCry ransomware attack prompted NHS England to declare a major cyber security incident which resulted in an approximate overall direct cost to the NHS of £92m with over 19,000 appointments cancelled.

Relationships with third parties/ suppliers

As globalisation results in more interconnected supply chains, the risk of an attack originating through a supplier or third party increases. Many suppliers or parties can contribute to a single product or service and essentially, the more touchpoints, the greater the risk.

Organisations may struggle to gain a clear idea of security vulnerabilities in their wider supplier eco-system due to proprietary data privacy regulations or where upstream or downstream suppliers are distant in the supply chain and based abroad. The automotive industry is one such example.

Increasingly, many legal firms are choosing to partially or totally outsource services to external suppliers. The sensitive information and large amounts of money held by law firms makes them attractive targets for cyber attacks. Further, the increasing use of robotics and automation introduces new attack surfaces which can be exploited by cyber criminals. In 2018. the National Cyber Security Centre6 reported the most significant types of attacks on law firms as phishing (where an entity posing as a legitimate institution seeks to obtain sensitive information), data breaches and ransomware attacks.

Inadequate IT systems

In today’s world, most businesses rely on some sort of IT system or etrade platform, but where these are old or unsupported, they can provide an easy access point for cyber criminals. Conversely, overly complex IT systems can also pose issues due to poor patching or where they ‘talk’ to third party networks. Ransomware, DDoS (distributed denial of service) and SQL Injection are some common types of attack on IT systems. The latter, SQL Injection, is an extremely well known and easily avoidable attack that involves cyber criminals exploiting system vulnerabilities, for example by inserting code into the website search bar which enables them to amend, interact and extract from databases.

 In October 2015, telecommunications company TalkTalk reported it had been subject to a SQL Injection attack, which enabled thieves  access customers’ personal data including names, addresses, dates of birth and financial information. In total 156,959 customers’ personal details were accessed, including the bank details for 15,656 customers. A problem was first identified when internal reports showed its network was operating more slowly than normal. Further investigation found there had been an attack and TalkTalk replaced its websites with a holding page, reported the data breach to the Information Commissioner’s Office (ICO) and started telling its customers. The ICO’s investigation found that TalkTalk had failed to take appropriate measures to keep its customers’ personal data secure and issued its largest ever fine at the time - £400,000.

security on computer

Summary

Whilst certain cyber trends can be observed with relation to type and size of organisation, it’s evident that cyber poses a threat to all businesses which deal in data. Sadly, even charities are not immune, with over a quarter (26%) having reported a breach7.

Robust risk management measures and education on the right cyber-security behaviours are key to helping to prevent an attack or breach from occurring in the first place – and this is what our third and final article in this series will focus on.

About the author

Christian Simpson
Senior Cyber Underwriter

1 Department for Digital, Culture, Media & Sport. Cyber Security Breaches Survey 2019.

2 Ponemon. Cost of a Data Breach Report

3 OGL Computer  State of Technology at UK SMEs: 2020 Research Report. p11

4 CybSafe analysis of data from the UK Information Commissioner’s Office

5 OGL Computer  State of Technology at UK SMEs: 2020 Research Report. p11

6 National Cyber Security Centre. The cyber threat to UK legal sector. 2018 p.5

7 Department for Digital, Culture, Media & Sport. Cyber Security Breaches Survey 2020. p3

Related articles

You might also be interested in these other news and insight features:

allianz white flags
allianz white flags

Press release

Allianz Commercial welcomes new head of London region

Allianz Commercial has appointed Rob Carslake as its new head of London region for mid-market. Rob is responsible for the leadership of Allianz’s London region, shaping the business strategy for the region and delivering on its underwriting goals.

Read more
pothole on the rural uk road
pothole on the rural uk road

Press release

One in five cars damaged by potholes has to be written off

Data from leading insurer Allianz reveals that one in five (21%) insurance claims where a vehicle hit a pothole leads to the vehicle being declared an insurance write-off.

Read more
allianz stadium uk
allianz stadium uk

Press release

Allianz is the world’s #1 insurance brand

For the first time, Allianz has been named one of the 30 most valuable brands in the world, moving up two places to the 29th position in this year's Best Global Brands ranking from Interbrand.

Read more
Shop open sign
Shop open sign

Insight & expertise

Lithium-ion batteries - health and safety considerations

Lithium-ion batteries are the main type of rechargeable battery used and stored in commercial premises and residential buildings. The risks associated with these batteries can lead to a fire and/or an explosion with little or no warning.

Read more
woman wading through water in wellies
woman wading through water in wellies

Press release

More than 7,000 new homes to be built in areas of high flood risk

Planning permission has been given for more than 7,000 homes to be built in the areas at the highest risk of flooding in England, a report commissioned by leading insurance provider Allianz reveals today.

Read more
Insurance times awards finalist 2024
Insurance times awards finalist 2024

Press release

Let your voice be heard at the Insurance Times Awards 2024

Insurance Times has recently announced the shortlist for its annual awards, with the winners confirmed at an award ceremony taking place on 4 December. Recognising the best of the best across the insurance industry - we wish everyone shortlisted the best of luck!

Read more
Shop open sign
Shop open sign

Insight & expertise

Supporting SMEs through challenging times

Insurance has a key role to play in helping SMEs through tougher times. We explore the ways in which insurance companies and brokers can support their small business customers.

Read more

ALP | Insight

ATE insurance and funding – how to choose the right funding solution?

As the personal injury and clinical negligence markets continue to be increasingly challenging to provide legal services in, there's an increasing need for ATE providers, medical agencies and funders, to work together and provide integrated and sustainable solutions, for solicitors and their clients.

Read more about ATE funding

Press release

Weary behind the wheel?

Our study reveals driving tired results in twice as many mistakes. Motorists are twice as likely to drive recklessly and impede people’s safety on the road if tired, according to new research from car insurance provider Allianz.

Read more
lady justice in london
lady justice in london

Press release

Allianz UK reports increase in fraudulent hearing loss claims and cloned businesses

Allianz UK fraud teams are seeing a marked increase in fraudulent noise induced hearing loss and fake or cloned businesses coming through in the first half of 2024.

Read more
blue allianz flags
blue allianz flags

Press release

Allianz welcomes Graham Wright to lead home insurance business

Allianz UK has made a senior appointment to its growing personal lines business, hiring Graham Wright as managing director of home insurance.

Read more
car front bumper after crash
car front bumper after crash

Press release

Crash hour: car accidents peak around the 3pm school pick-up, warns Allianz

The 3pm afternoon rush, when many parents do the school pick-up, is the most likely time to have a car accident according to the latest data from insurance provider Allianz.

Read more
office workers talking
office workers talking

Press release

The UK Broker Awards 2024

The UK Broker Awards 2024 have revealed their shortlist and we’re thrilled to be nominated for three UK Broker Awards! The vote is now over to you, voting closes at 5pm on Tuesday 10, September.

Read more
cranes at sunrise
cranes at sunrise

Insight & expertise

Avoiding Underinsurance in Construction

Underinsurance in the construction sector can pose significant risks, leaving projects vulnerable to financial losses in the event of unforeseen events such as natural disasters or accidents.

Read more

Press release

Revenues increase 6.4% to £3.23bn for Allianz Group UK

Half year 2024 results released today reveal that Allianz Group’s insurance businesses continued to grow in the UK, with their combined revenue up 6.4% on the previous year to £3.23bn.

Read more
Follow us