How to protect yourself in the event of a Cyber Attack
6th February 2025
Cyber is thought to be one of the number one risks that businesses face today. It is widely recognised that a business is more likely to fall victim to a cyber attack than their building flooding or burning down. Unfortunately though, due to the complicated jargon and the ever changing nature of the cyber threat, it is widely misunderstood, with many businesses assuming that it isn’t something they need to worry about.
Cyber attacks have been making the news for years, with household names such as Dixons, Easyjet, Virgin Media and even the NHS all having been targeted. Personal data of thousands of customers was accessed without authorisation, including in some cases credit card numbers and medical records.
But don’t be fooled. Cyber criminals don’t discriminate when it comes to the size of businesses they target, instead looking for the easiest and fastest way to be successful.
According to the 2024 Cyber Security Breaches Survey by the UK government, 50% of UK businesses experienced some form of cyber security breach or attack in the last 12 months. The percentage is even higher for medium-sized businesses (70%) and large businesses (74%).
What is a cyber attack?
Some of the types of cyber attack that you may have come across before include: –
Social Engineering Attacks: Social engineering involves manipulating individuals into divulging confidential information through techniques such as impersonation, pretexting, or eliciting information through casual conversation. Once trust has been gained hackers will ask you to do things on their behalf like transferring funds etc.
Distributed Denial of Service (DDoS) Attacks: DDoS attacks aim to overwhelm a network, server, or website with a flood of traffic, rendering it inaccessible to legitimate users. This can lead to downtime and financial losses.
Phishing Attacks: Phishing involves sending deceptive emails or messages to trick individuals into revealing sensitive information, such as login credentials or financial details. These attacks can be targeted at employees within the organisation.
Malware: Malicious software, including viruses, worms, and trojans, can infect computer systems and networks. Malware can be used to steal sensitive information, disrupt operations, or gain unauthorised access to systems.
Ransomware: Ransomware attacks involve malicious software that encrypts files on a victim’s system, rendering them inaccessible until a ransom is paid. This type of attack can have severe consequences for businesses, causing data loss and disruption of operations.
Almost every business holds valuable information – from payment details and employee data, to intellectual property and supplier agreements. Cyber criminals could use this information to disrupt, extort or steal from your business.
Protecting your business
With tech ever evolving, it is important to keep up to date with cyber security and be aware of how your business might be targeted. Most companies will include some kind of cyber awareness training as standard for their staff, to help to ensure they remain aware of the risks.
There are measures you can take to protect your business, such as the introduction of multifactor authentication, accepting software updates when they are due, and encouraging the use of strong passwords.
Performing regular backups of the data that is critical to your business can help to minimise your loss in the event of a data breach. Plus, there are companies who can help you with the cyber essentials to ensure that your data is as safe as possible.
Regular security audits should be conducted to identify potential vulnerabilities that need to be addressed, and developing a robust Incident Response Plan will enable your business to respond quickly in the event of a cyber attack.
But what if you’ve been super vigilant, have good IT practices in place, and have worked hard to ensure that your data is kept secure, and you still fall victim to a cyber-attack?
What happens next?
Quick action is imperative. If you have cyber insurance cover, the sooner you are able to report the incident to your broker or insurer, the sooner you can access expert help to walk you through the claims process. Reporting helplines are available 24/7 to ensure that there is no delay in your ability to report the incident. There will be documentation that you will be asked to gather for insurers, such as forensic or incident reports, and evidence of the loss including the impact of the attack on your operations and finances.
Your broker will work closely with you during the claims process. Your insurer may conduct their own investigations to verify the claim and will keep you appraised of where everything is up to. Once your claim has been settled, your broker and or insurer may want to work with you to help implement measures to prevent a similar situation happening again. This might be looking at your current preventative measures, employee training, and working up a robust incident response plan.
What if you don’t have cyber insurance?
If you aren’t insured you will be responsible for covering all of the costs related to the attack, which could include data recovery, business interruption losses, legal fees and payment of any regulatory fines. Without insurance, these costs could be astronomical, particularly for small to medium sized businesses.
Data Breach: If you are the victim of a data breach which includes sensitive customer information, your business will need to contact all of the individuals affected. It may be necessary to provide credit monitoring services, not to mention facing any potential legal proceedings from partners or customers.
Disruption to Operations: If you don’t have specific business interruption cover under a cyber insurance policy, your business will be subject to both a loss of productivity and revenue for every day that your operations are disrupted.
Recovery Costs: Any costs associated with hiring a cyber security expert, updating systems and implementing security measures to try and protect from future cyber attacks will be the responsibility of the business.
Reputational Damage: The reputation of your business is important, yet it can be easily and irreversibly affected by a cyber attack, were there is a loss of customer trust. If your customers feel forced to go elsewhere, it can mean a long-term loss of revenue for your business.
Bearing all of these factors in mind, it is easy to see why Cyber Insurance shouldn’t be viewed as just a safety net, but an essential element of your insurance portfolio to protect your business. With financial, operational and reputational risks at stake, the real question should be, can you afford not to have business Cyber Insurance in place?
Give yourself peace of mind and take proactive steps in protecting your business with Cyber Insurance.