Decoding Cyber

A broker's guide to the world of cyber risks, essential terms, mitigation techniques and solutions

    alt txt

    properties.trackTitle

    properties.trackSubtitle

    Matt Drinkwater
    Matt Drinkwater
    Cyber & Financial Lines Underwriting Manager
    Decoding Cyber has been designed to empower brokers to talk to their commercial clients about cyber risks and coverage with confidence by enabling better understanding of the world of cyber.
    Matt Drinkwater

    The cyber threat landscape is evolving

    The world has and continues to become increasingly interconnected through technology, which not only creates more possibilities for individuals and businesses to interact in ways that were previously unimaginable, but it also widens the threat landscape for cyber-crime.

    39%
    of businesses report having any kind of cyber security breach in the last 12 months**

    Cyber risks have existed for decades, but now we’re seeing criminals use innovative methods to develop more sophisticated forms of attack to target supply chains, acquire sensitive information, and disrupt businesses’ operations. It’s reported that 15% of breaches are attacks on business partner supply chains, and 12% are attacks on software supply chains, which results in an average breach cost of GBP 3.77m (USD 4.76m*) and GBP 3.35m (USD 4.23m*) respectively***.

    82% of data breaches in 2022 involved data that was stored in cloud environments***, and with 45%** saying that staff in their organisation use personal devices to carry out work-related activities, otherwise known as ‘bringing your own device’ (BYOD), criminals continue to take advantage of potential security vulnerabilities.

    The different types of cyber threats

    1 in 5
    businesses who reported an attack identified an extremely sophisticated attack type, such as ransomware, malware or denial of service**

    With the digital landscape evolving at an ever-increasing pace, this presents both new opportunities and risks for businesses to consider. 

    To help you understand the most common cyber threats businesses face, we’ve created a simple glossary which outlines each term.

    Botnet A network of hi-jacked computer devices used to carry out various scams and cyber-attacks.
    Cyber attack The intentional and unauthorised entry of computer instructions, including any Malware, intended to gain access to, delete, alter transmit or disclose data, or interfere with a computer system.
    Data breach A breach of security leading to the accidental or unauthorised transmission of, disclosure of, access to, loss of or theft of data transmitted, stored or processed on a computer system or as paper recrds.
    DoS (denial of service) A Denial of Service attack is when a website is bombarded with such a high volume of traffic that it stops working; these attacks are often carried out by multiple computers as part of a Botnet. Also known as DDoS (Distributed Denial of Service).
    Operational error A negligent or inadvertent IT operating error and/or process error on a computer system including an error in the choice of software to be used, a set-up error or any inappropriate one-off operation. 
    Phishing Fraudulent messages (typically emails) attempting to trick users into entering their details into a spoofed website or spread viruses through infected attachments.
    Ransomware A form of malware which makes all files on a computer unreadable until a ransom fee has been paid.
    Social engineering The act of exploiting human weaknesses to gain access to personal information and protected systems, this form of attack relies on manipulation rather than hacking a computer system.
    Spear phishing Highly targeted and personalised phishing attacks sent to individuals who have been researched extensively.
    Spyware A form of malware which spies on a computer user without their knowledge, recording sensitive details such as passwords and credit card details.
    Trojan A type of malware disguised as legitimate software (such as fake antivirus programs) which can steal or encrypt data.
    Worm Malware which automatically and rapidly moves from device to device, spreading viruses and trojans as it does.

    How often businesses reported breaches or attacks in 2022**

    Types of breaches or attacks that businesses identified in 2022**

    Jargon buster: making sense of essential cyber terms

    The world of cyber can be very technical, especially when it comes to the terminology used.

    To help you navigate conversations related to cyber, we've put together a glossary of some of the most common technical terms used in the market.

    Software created specifically to detect, prevent and remove malware from a computer system.
    A copy of a data file on a storage device that may be used to restore the original after a data loss or encryption event.
    The filtering of inbound and outbound email to pre-specified criteria. Mostly used as an automated process to apply anti-spam and anti-malware protection.
    Encryption is designed to prevent an attacker from reading data by encoding the data so that only those who have the decryption key can read it.
    Software that analyses internet traffic in and out of a computer network, designed to detect and stop any unauthorised access.
    A term that describes all forms malicious software designed to deny access or to corrupt data, or to damage destroy or disrupt the normal functioning of a computer system.
    Requires two or more different elements of the following: something you know (e.g. password, PIN), something you have (e.g. physical token, key generator app on a phone), and something you are (biometrics - fingerprint, facial recognition, retina scan etc). The second factor (and maybe more) is required for a user to authenticate their identity, not just a username and password. 
    A set of rules created to enhance computer security by encouraging users to create strong passwords and use them properly. Generally, the minimum complexity requirement is for at least 8 characters consisting of upper- and lower-case characters, numerals and special characters. 
    Software updating to patch an identified security vulnerability. A patch is a set of programming changes to software designed to improve or fix functionality and/or security features.
    The applicable Payment Card Industry Data Security Standards published by the Payment Card Industry Security Standards Council.
    An authorised simulated cyber-attack against a computer system to check for exploitable vulnerabilities in networks, web apps, and user security. 
    Any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
    Users of the computer system with elevated access rights that are above and beyond those of a standard user. A user that is authorised (and therefore, trusted) to perform functions that ordinary users are not authorised to perform.
    Software that is no longer produced or supported by the manufacturer and is therefore no longer available for purchase, and for which security patches are no longer being issued by the manufacturer.
    The act of identifying potential vulnerabilities in network devices such as firewalls, routers, switches, servers and applications. Often an automated process, vulnerability scanning checks for known exposures and generates a report that can be used for risk mitigation.

    Let us not forget one of the biggest cyber threats a business may face... human error.

    Unfortunately, when it comes cyber claims, around 90% of these stem from some type of human behaviour - with human error seven times more likely to be behind a data breach than hackers.

    Some of the most common examples of human error include:

    • Data being sent to the wrong recipient.
    • Lost or stolen paperwork.
    • Failure to redact data.
    • Failure to use blind carbon copy (bcc) when sending an email.
    • Unencrypted devices being lost or stolen.
    • Clicking on phishing emails, where recipients open emails and click on links which are designed to trick them into giving information to hackers or giving hackers access to their systems.

    Mitigating against cyber risks

    Percentages of organisations that have carried out the following activities to identify cyber security risks in the last 12 months**

    As the frequency and severity of cyber-attacks has grown in recent years, the need for businesses to implement risk controls has become increasingly clear.

    Common cyber risk mitigation methods include everything from robust password and user authentication policies, routine software updates and back-ups, to the vital task of educating staff about how to spot phishing risks.

    Here are a few ways businesses can reduce their exposure to cyber risks ↓

    • All accounts protected with Multi-Factor Authentication (MFA).

    • Admin accounts have separate permissions from standard user accounts.

    • The number of admin accounts is maintained at the absolute minimum.

    • Credentials to admin accounts should never be shared, and always securely stored (e.g. password manager).

    • Full backups should be taken regularly and frozen at least weekly (min. 3-month rolling freeze).

    • Backups should be isolated from the network to evade malicious encryption during a ransomware attacks (e.g. backup to tape, online or other).

    • Data restoration of sample critical systems should be performed at least 6-monthly in order to test the integrity of back-ups.

    • Backups should always be encrypted.

    • Remote access protected with Virtual Private Network (VPN), accessible only via accounts with Multi-Factor Authentication (MFA) and/or private client certificates.

    • User accounts to cloud environments protected with Multi-Factor Authentication (MFA) and assigned with unique passwords.

    • Regular (min. 6-monthly) user phishing tests should be deployed, with additional employee training where appropriate.

    • All technologies (operating systems, database, application, networking/utilities) should be the latest supported version, fully patched.

    • Security patches should be applied as quickly as possible, once tested following release by the manufacturers. No more than 14 days after release.

    • Third-party/cloud apps: assurance sought for effective cyber security protections.

    • Regular security tests (penetration testing/vulnerability scanning) should be carried out to ensure systems are configured to be secure.

    • Use network segmented (VLANs) where possible.

    Businesses should take the time to educate their employees to help understand;

    • How to spot common cyber scams such as phishing.

    • The importance of utilising strong passwords or passphrases.

    • How to store data securely.

    Businesses can mitigate the risk of data breaches by encrypting files containing sensitive data, ensuring that they can only be accessed by authorised users with a decryption key.

    In preparation for a cyber-attack, businesses should create a detailed cyber incident response plan.

    This includes developing a suitable business interruption policy, incident response playbooks for dealing with key threats, forms for documenting and tracking incidents, and technical guidance on analysing and recovering following an incident.

    A new global study of 1,000 Chief Information Officers finds that 82 percent say their organisations are vulnerable to cyber-attacks targeting software supply chains
    Venafi, 2021, CIO Study

    Why do businesses need cyber insurance?

    Despite the common misconception that cyber threats only affect large businesses, the reality is that many UK SMEs will experience some form of attack, and these can be potentially devastating for smaller organisations. Reports reveal that more than 39% of businesses in the UK experienced a cyber-attack in the last year**, of which around one in five (21%) experienced a sophisticated attack such as a denial of service, malware, or ransomware attack**. These types of attacks often result in the business being unable to continue operations temporarily, which can directly halt the company's revenue stream.
    GBP 3.52m
    (USD 4.45m*) global average cost of a data breach in 2023 (15% increase over 3 years)***

    Robust cyber insurance, backed by strong breach response, will protect businesses against financial losses as a result of a cyber attack or breach, and mitigate the impact that an attack has on the business through a strong restorative support service. 

    All modern businesses are at risk
    If a business uses digital devices or the internet to conduct business or hold personal data, then they are exposed to cyber attacks or data breaches.
    Cyber risks are constantly evolving
    New technology and methods of attack are being constantly developed by dynamic threat actors; individuals or groups who are the perpetrators behind cyber attacks.
    Operations and reputation can be damaged
    Data breaches typically cause operations to temporarily cease, causing interruption to business activities, and reputational harm - both losses can be mitigated with cyber insurance cover through swift breach response and restorative support services.
    Attacks and restoration can be costly
    Data breaches and cyber-attacks can be financially crippling to both SMEs and large businesses, with the global average reaching GBP 3.52m (USD 4.45m*) per attack in 2023.
    57%

    57% of businesses say a data breach has resulted in them having to increase the costs of their products and services***

    Our cyber placement strategy involves conducting regular market analysis. Since their product launch, NMU’s proposition has been market leading and continues to develop/adapt to ever-evolving threats to ensure it stays that way.
    Broking Services Director, UK Insurance Brokerage

    The NMU cyber insurance solution

    Even businesses with extensive risk control measures in place can still be vulnerable to cyber-attacks and data breaches, which is why having comprehensive cyber insurance is important.

    The NMU cyber insurance solution provides coverage for a range of first party and third-party risks related to cyber-attacks, offered through a robust policy with strong restorative support services.

    Matt Drinkwater, Cyber Underwriting Manager
    © Munich Re Specialty Insurance UK
    We hope that ‘Decoding Cyber’ has improved your understanding of the cyber risks that both you and your commercial clients face. Now more than ever, businesses of all different sizes are looking to their insurance brokers for a robust cyber insurance policy and with the NMU cyber solution, you can provide them with just that.
    Matt Drinkwater
    NMU Cyber & Financial Lines Underwriting Manager

    Get in touch with us

    Businesses looking for more information on cyber insurance should contact their insurance broker.

    Insurance brokers looking for more information about our cyber insurance solution for their clients can contact their local NMU Development Underwriter.

    Want to learn more? Contact us

    Thank you for your enquiry! A member of our team will be in touch.
    Thank you for your enquiry! A member of our team will be in touch.

    * Exchange rate of 1.00 USD to 0.79 GBP, correct as of 4 September 2023 09:30 BST

    ** Cyber Security Breaches Survey 2022 - Department for Digital, Culture, Media & Sport

    *** Cost of a data breach 2023 - IBM

    The information provided in this content is intended for UK insurance brokers acting on behalf of their prospective or existing clients.

    Any description is for general information purposes only and does not constitute an offer to sell or a solicitation of an offer to buy any product. Policyholders who have questions or wish to arrange or amend cover should contact their insurance broker. Insurance brokers can find details of how to contact us here.

    Any descriptions of coverage contained are meant to be general in nature and do not include nor are intended to include all of the actual terms, benefits, and limitations found in an insurance policy. The terms of any specific policy will instead govern that policy. Any guidance for UK insurance brokers is intended to provide general information only, and should not be used as a substitute for legal advice.