Cyber security rises to the top of the boardroom agenda

The Lloyd’s ‘Facing the cyber risk challenge’ survey, which examined the attitudes of European business leaders towards cyber risk, also revealed that whilst 92% of businesses had experienced some form of cyber breach in the last five years, only 42% are worried that another incident will happen in the future.

Lloyd’s Chief Executive, Inga Beale, believes the results should serve as a warning that firms may still be too complacent as regards how they are prepared for a cyber risk incident and what the implications of one could be for their business.

Inga Beale said:
“It is reassuring that responsibility for cyber risk is sitting at the most senior level of businesses, but it is clear that too many firms do not believe that the dangers of a breach will severely impact them. I’m afraid we no longer live in a world where you can prevent breaches taking place, instead it is about how you manage them and what measures you have in place to protect your business and importantly, your customers. As recent events have shown, hard-earned reputations can be lost in a flash if you do not have the correct plans in place.”

Inga Beale said that insurance can provide a critical role in helping businesses in this environment, not just in terms of cover for any financial losses, but for the support regarding meeting regulatory obligations and dealing with potential operational and reputational fall-outs.

“New Europe-wide regulations will mean that businesses have to be more responsive to any cyber incident than may have been the case in the past. Insurance companies provide more than just cover for any lost income, they offer a wrap-around service that can keep businesses on the right side of regulation and help protect their customers and their reputation.”

With the incoming General Data Protection Regulation (GDPR), organisations handling EU citizens’ data will be required to report breaches within 72 hours and will face potential fines of up to ˆ20million for failing to secure data. Despite the implications, 57% of business leaders also worryingly admit not fully understanding the potential implications of the GDPR on their company.

The key points highlighted by the survey were:

• 92% of business suffered a cyber security breach in the last five years
• However only 42% are concerned another breach will happen in the future
• Although 97% of respondents have heard of the GDPR, only 7% report knowing “a great deal” about it. 57% said they know “little” or “nothing”
• Awareness of the implications the GDPR could have upon a business: regulatory investigation (64%), financial penalties (58%), impact on share price (57%) and reputation (52%). Only 13% of businesses believe they could lose customers in the event of a breach
• Top internal threats identified as being able to result in a data breach: physical loss of paper or non-electronic devices (42%), an insider intentionally breaching information (42%), human error or unintended disclosure (41%), lost, stolen or discarded equipment (41%)
• Top external threats identified as being able to result in a data breach: hacking for financial gain (51%), hacking for political motivations (46%), hacking by competitor (41%), phishing (39%), ransomware (37%), malware (32%)