- Over three-fifths of all companies (65%) polled in the East Midlands report they have experienced a cyber-attack or data breach
- Among businesses in the region that have suffered a cyber-attack, one in 10 (10%) lost customers as a result
- Despite this, almost nine in 10 (88%) do not have cyber insurance to help protect them against the costs and impact of an attack
- Many bosses mistakenly think that traditional business insurance typically covers these costs, however in reality specialist cover is usually required, and without it they are likely to be significantly underinsured
- The average cyber-incident costs businesses over £8000 to put right – however, if a business breaches data protection responsibilities, it could face significant fines under legislation that came in to force May 2018[i]
Of 1000 businesses polled, over three-fifths of all companies (65%) in the East Midlands report they have experienced a cyber-attack or data breach, with one in 10 (10%) having lost customers as a result, according to research by Gallagher, the global insurance broker, risk management services and consulting firm.
The most common cyber-crimes affecting businesses in the East Midlands are data breaches caused by cyber criminals (41%), malware (35%), as well as phishing emails and man-in-the middle attacks (33%), which allow attackers to secretly intercept communications or alter them. Other threats include ransomware (29%) and data breaches due to employee error (27%).
Despite this, a quarter (25%) of business owners in the region say they do not consider their business to be high risk, and only half (51%) consider the risk a big issue for their sector.
As a result of this indifference towards the risk of cyber-attacks, the majority of East Midlands businesses are failing to properly protect themselves from the financial and reputational costs, with almost nine in 10 (88%) of companies in the region neglecting to purchase insurance to protect them against the impact of a cyber-issue.
This is in part being caused by UK business leaders thinking traditional insurance covers them, when in reality a standard policy is unlikely to offer cyber cover. Two in five (40%) East Midlands business leaders interviewed mistakenly believed they were covered – meaning many companies are leaving themselves vulnerable to potential financial and reputational losses resulting from a cyber-incident.
A cyber-incident has the potential to have a far-reaching impact. Among East Midlands businesses that had experienced a cyber-attack or data breach, over a third (35%) were out of action for four to five days, with almost a third (29%) reporting that their business was on hold for three days. One in 10 (10%) respondents reported that they lost customers as a result of the incident.
The financial ramifications of a cyber-attack are significant with East Midlands businesses reporting an average cost of £8,102. However, the impact of a data breach can be far greater under GDPR regulations, with the potential of significant fines.
Despite their vulnerability to cyber incidents, just over two-fifths (41%) of businesses in the East Midlands have taken advice from an external cyber specialist. And although three-quarters (75%) of business leaders in the region are concerned about human error leading to a cyber-attack or data breach, less than two-fifths (39%) of businesses have provided employee training to help them understand cyber risks, leaving businesses susceptible to unintentional disclosures of data and hacking attempts.
Tom Draper, Head of Cyber at Gallagher, said: “The issue of cyber-crime is one of the biggest risks facing businesses today. Clearly there are practical steps businesses can take to help protect against cyber-attacks, but unfortunately the risk remains significant and many businesses are leaving themselves exposed to financial and reputational damage if they do not consider having specialist insurance in place.
“It is evident from our research that many bosses believe they are covered in the event of a cyber-attack, however traditional or off the shelf business insurance policies do not typically provide cover for cyber related issues.
“While there is evidence to suggest larger businesses are more commonly targeted, small and mid-size businesses are still very much exposed to cyber security breaches or attacks and may not have sophisticated protection in place like large businesses, and cyber criminals will be aware of this vulnerability. They are also liable to be caught up in cyber-attacks aimed at third party suppliers or those targeted at common systems and software, such as the cloud, on which their business may rely.”