Cyber Security and Business Interruption

At a glance

• Cyber-attacks on businesses of all sizes increased by 144% in the four years leading up to 2015
• 93% of internal breaches are human error
• A greater dependence on electronic systems in manufacturing results in greater risk attached to cyber-attacks, including business interruption
• A cyber security strategy should be decided at the top level and integrated into company culture, focusing on security systems and employee education

What is the risk?

The majority of businesses have become increasingly reliant on electronic systems. The use of these systems has become commonplace in the manufacturing industry, from day to day administrative tasks to large scale production or processes.

With an increased reliance on electronic systems comes an increased risk should those systems fail or be subject to malicious attacks. CYREN’s 2015 Cyberthreat Yearbook report found that successful cyber-attacks on businesses of all sizes increased by 144% over a four-year period. A Detica report in 2011 placed the cost of cyber-crime to the UK at an estimated £27bn.

News stories of multinational companies or national infrastructures grinding to a halt following a cyber-attack are become more and more frequent. However, the risk doesn’t just belong to large companies and it’s valuable for SMEs to not only be aware of cyber risks but also protected if they occur.

The nature and variations of cyber risks are constantly evolving, but normally fall into the categories of malicious viruses such as malware or network intrusions, which can result in data breaches. The Department of Business, Innovation & Skills’ 2015 Information Security Breaches Survey reported that 90% of large and 74% of small organisations suffered a cyber breach in 2014.

What is the solution?

As reliance on electronic systems has grown, insurers have adapted to provide cover for the high possibility of business interruption following a cyber-attack or malfunction. This has led to Non-Physical Business Interruption cover, or Non-Physical BI, becoming a recommended precaution for manufacturers.

In simple terms, Non-Physical BI works in the same way as Physical Business Interruption. The cover is designed to indemnify businesses for either lost profits or revenue as a result of a cyber event that damages or interrupts their cyber infrastructure. Depending on your insurer, this cover could be included as part of Data Breach insurance or it could be a standalone policy.

Other than securing adequate cover, the most important thing that manufacturers can do to protect their electronic systems is incorporate a Cyber security strategy. Businesses should factor in the need for anti-virus software, evaluating and protecting systems of high exposure and regulation of administrative access. The Information Commissioner’s Office reported that 93% of investigated incidents in Q4 of 2014-15 were caused by human error, so employee education should also be high priority.

Research undertaken by PwC for their 2015 Global State of Information Security Survey found that only 25% of directors are actively involved in reviewing security and privacy risks. This strategy should be decided at the top level of your business and then ingratiated into company culture through employee policies and education. Your cyber security strategy success will also depend on regular updates to security software and procedures reflecting new cyber threats.

Find out more about Kerry London’s experience sourcing tailored Cyber insurance.

Categories: Small Business,