Cyber security is now widely regarded as an executive responsibility, with 54% of chief executive officers (CEOs) in European companies taking responsibility for it, according to research from Lloyd’s of London.
However, the 328-year-old specialist insurance and reinsurance market also reports that many businesses still underestimate the potential impact of a cyber event, with only 13% of European companies believing they will lose trade in the event of a cyberattack.
Lloyd’s ‘Facing the Cyber Risk Challenge’ survey, which examines the attitudes of nearly 350 European business leaders towards cyber risk, also finds that 92% of businesses have experienced some form of cyber breach in the last five years, yet only 42% are worried that they will suffer a further incident.
Lloyd’s chief executive officer (CEO), Inga Beale, believes the results sound a warning that firms may still be too complacent in assuming they are prepared for a cyber risk incident and what the implications of one could be for their business.
“It is reassuring that responsibility for cyber risk is sitting at the most senior level of businesses, but it is clear that too many firms do not believe that the dangers of a breach will severely impact them,” says Beale.
“I’m afraid we no longer live in a world where you can prevent breaches taking place, instead it is about how you manage them and what measures you have in place to protect your business and importantly, your customers. As recent events have shown, hard-earned reputations can be lost in a flash if you do not have the correct plans in place.”
Beale adds that insurance provides not only for resulting financial losses, but for the support required in meeting regulatory obligations and dealing with potential operational and reputational fall-outs.
“New Europe-wide regulations will mean that businesses have to be more responsive to any cyber incident than may have been the case in the past. Insurance companies provide more than just cover for any lost income, they offer a wrap-around service that can keep businesses on the right side of regulation and help protect their customers and their reputation.”
The European Union’s (EU) incoming General Data Protection Regulation (GDPR), requires organisations handling EU citizens’ data to report breaches within 72 hours and imposes potential fines of up to €20m for failing to secure data.
Nearly all (97%) of business leaders polled had heard of the GDPR, although only 7% report knowing “a great deal” about it while 57% admit not fully understanding its potential implications on their company.
Most business leaders – who are now driving decisions on cyber protection – have only limited knowledge of cyber insurance, says Lloyd’s. This is “worrying, but understandable”, when elements of cyber coverage can be included within many different forms of policy -property, casualty, as well as standalone cyber insurance.
“The threat landscape is evolving at a rapid rate – and as technologies advance, policies advance,” said Keith Stern, regional manager, UK and Ireland, Lloyd’s. “As a result, too many businesses are not clear what cover they have, leaving them potentially exposed to far more risk than they realise. Having incomplete coverage can have a huge impact on a company’s bottom line; and most businesses don’t realise until it’s too late.”
Among other points highlighted by the survey:
- Those respondents aware of the implications that the GDPR could have upon a business cited: regulatory investigation (64%); financial penalties (58%); impact on share price (57%); and reputation (52%). Only 13% of businesses believe they could lose customers in the event of a breach.
- Top internal threats identified as being able to result in a data breach: physical loss of paper or non-electronic devices (42%), an insider intentionally breaching information (42%), human error or unintended disclosure (41%) and lost, stolen or discarded equipment (41%).
- Top external threats identified as being able to result in a data breach: hacking for financial gain (51%), hacking for political motivations (46%), hacking by competitor (41%), phishing (39%), ransomware (37%) and malware (32%).
The competition commissioner said it approved the bail-out of Banca Popolare di Vicenza and Veneto Banca to “avoid an economic disturbance”.
Europe’s fourth AML directive should make the prevention of money laundering easier, a poll of UK finance professionals suggests.
As the first anniversary approaches of the UK’s decision to leave the European Union, Thomson Reuters has assessed the impact over the past year on investment banking.