Prevention remains best strategy when dealing with cyber risks - Lewis Clark

With cyber attacks affecting organisations small and large, cyber risk is increasingly a concern for businesses and organisations.

This article is written fresh from dealing with a (very convincing looking) phishing email which purported to be from a client requiring the download of documents from a cloud based service.

Prevention is of course the best strategy and in dealing with that email, I was pleased to have recently read our top five tips to keep your company safe:

Hide Ad
Hide Ad

There are two main types of cyber risk that organisations face; losses resulting from malicious acts such as phishing, and losses resulting from non-malicious acts such as accidental data loss or disclosure.

Lewis Clark is a Senior Solicitor with Burness PaullLewis Clark is a Senior Solicitor with Burness Paull
Lewis Clark is a Senior Solicitor with Burness Paull

Either of these can result in significant problems including business interruption, reputational damage, loss of intellectual property, cyber extortion, regulatory enforcement and/or privacy claims brought by employees or third parties. Cybercrime has a massive financial impact and in 2018 it was estimated that close to $600 billion is lost worldwide to cybercrime each year. GDPR (personal data) breaches can result in fines of up to 4 per cent of an organisation’s annual turnover, or £17.5 million, whichever is higher.

While the coverage of broadly worded commercial policies might have been interpreted to cover certain losses arising from cyber attacks, companies and organisations are increasingly required to turn to specific cyber insurance policies as a way to mitigate certain liabilities that can arise. The global market for cyber insurance has grown from $7bn in 2020 and is expected to reach over $20bn by 2025.

With a hardening insurance market comes increased premiums and claims being refused. As with any policy of insurance, the precise terms should be reviewed carefully to consider the exclusions which apply. The breadth of exclusions may be of surprise to policyholders and typically include war risks, and insufficiency of security measures.

An insurer will only be liable for losses proximately caused by the risk covered by the policy. Where there are multiple causes of loss, the extent of coverage can become more complicated. Any scope for ambiguity regarding policy coverage may be subject to litigation or arbitration.

On the plus side, policy holders who are able to demonstrate robust employee training, system security, appropriate data collection and a good loss history (or lack thereof) ought to benefit from more kind policy pricing.

Cyber attacks are a technological hazard that is not going away any time soon. How to prevent, manage, mitigate and insure them should remain on every organisation’s agenda.

Lewis Clark is a Senior Solicitor with Burness Paull

Related topics:



Want to join the conversation? Please or to comment on this article.