Is now the time for cyber insurance?

Cyber crime is any criminal activity involving a computer, network or networked device. In essence, they’re offences that can only be committed using a computer, or computer networks, and include hacking, the distribution of viruses and malware and Distributed Denial of Service (DDoS) attacks.

In our increasingly digital world, where most things are done online or via an app, cyber crime is a huge risk for businesses of any size, and lucrative for those that commit these crimes. As hackers get more sophisticated, is there an optimum time to get cyber protected? Read on to find out.

Cyber crime: the facts

No longer are cyber criminals hiding in the shadows, there is an increasing professionalism when it comes to cyber offences. Most attacks originate from organised crime gangs (OCGs), which are run like businesses themselves, with key performance targets. The aim is to hack into company networks to elicit payment by threatening to publish or sell data – an online piracy if you will.

There is a proliferation of software that now makes carrying out ransomware attacks easy. You’ve heard of SaaS (Software as a Service), but RaaS (Ransomware as a Service) is now a growing business, where criminals pay to launch ransomware attacks on specific businesses. Any company that handles or collects and stores personal data could be a target.

Anyone can buy access to ransomware platforms, but an honour code does seem to exist. Hackers need to demonstrate their competence in carrying out attacks in order to be allowed onto the platform, in a bid to maintain the platforms reputation.

There have been a number of high profile attacks in recent history – from the BBC, British Airways and Barts Health NHS Trust. A report from Malwarebytes Threat Intelligence shows 1,900 total ransomware attacks within just four countries – the US, Germany, France, and the UK – in just one year. And one ransomware platform called Lockbit 3.0 – which attacked Royal Mail in January this year – claims to have around ten victims per day.

In a series of astonishing events last summer, the ransomware group Cl0p not only suggested that they were behind a hack on the file transfer software provider MOVEit, but directly addressed the BBC to give assurances that stolen data would not be compromised as long as the ransom was paid.

This insight into the operational procedures of the organisation, and the value that it places on its own reputation, displays a level of professionalism which, until now, had been suspected but remained uncertain.

Protecting your business

While it’s the big names that dominate the headlines when they get hacked, increasingly, it’s small businesses that are more prone to ransomware attacks as their networks and security measures are often less established than larger companies. In 2021, 82% of all ransomware attacks were perpetrated against companies with fewer than a thousand employees.

A report earlier this year found that ransomware payments have doubled in the last year, and that British payments are often higher than the global average. But it’s not just paying ransoms that can affect a business – recovering your business from the disruption of a cyber attack can also be time consuming and costly.

And this is where cyber insurance comes in. Cyber insurance, also called cybersecurity insurance, provides financial protection against specific risks including privacy breaches, malware, hacking and extortion. While cyber cover isn’t required by law, it can be key to protecting many industries and businesses, even those who do not consider themselves to be at risk of cyber attack.

When to get protected

As we have learned, cyber criminals are becoming more clinical, organised and even professional in the orchestration of ransomware attacks.

Anecdotal evidence from our insurer partners seems to suggest that there is an increasing seasonality for this type of crime, with December to March being the peak for ransomware losses for insurers.

This could be an indication that criminal organisations are giving hackers annual targets in order to maintain access to the RaaS software; in turn this leads to increased activity early in the year as users seek to secure their place at the table early.

Calling time on cyber crime

But is there an optimum time to buy your cyber insurance? Logic would dictate that ensuring you are insured before all of those claims flood in at the beginning of the year would lead to the most favourable outcome. Perhaps, but as losses can take some time to crystalise, there is unlikely to be an immediate correlation.

It is, however, advisable to be prepared. Ransomware attacks are becoming more common, especially for small businesses –so a robust, comprehensive cyber policy is an effective way to manage what can be quite a scary experience for business owners. If you’re considering buying a cyber policy, then before winter seems the most logical time to do it.

At Superscript, we’re committed to arranging cyber insurance that works. As a venture-backed startup ourselves, we understand the pressures startups and scaleups face, so we’re waging war on the broken broking system. Manual tasks, legacy systems and poor processes provide a bad experience, so we’ve changed it. To learn more about the cyber cover we offer and how we’re revolutionising business insurance, get in touch with one of our specialist team today.