CTA partner Towergate has provided an update on the importance of cyber insurance:
The role of cyber/data and crime/fraud insurance in an overall insurance portfolio has never been as important as it is at the current time.
It is widely agreed that we could have never reasonably foreseen the COVID-19 Coronavirus outbreak and the impact it has had on businesses across the UK, and worldwide. But, the threat of cybercrime is one that we know exists and the impact could be catastrophic. We have seen first-hand how quickly this medical virus has brought the world to a standstill. A virtual virus could spread even quicker and carries the probability of bringing down national and worldwide networks that we have become so reliant on in our everyday lives.
We saw this recently in the travel industry where routeOne highlighted a scam targeting coach operators in its 12th June 2020 edition. With hundreds of thousands of employees working from home and accessing their work network remotely during the COVID-19 outbreak, there has been a significant increase in phishing. In particular, scammers purporting to be official bodies such as the Government, the World Health Organisation (WHO) or the NHS, as well as those that are targeting companies made vulnerable by the lack of trading.
A report conducted in April by TSB Bank plc found that 42 per cent of people suspect they have been the target of phishing attacks during the COVID-19 outbreak.
Despite this, we still see businesses not protecting themselves against this very real and known threat. We are therefore urging all Coach Tourism Association members and supplier members not to be left exposed. We do understand that the implications of a cyber loss can be difficult to understand so here we compare a cyber loss with a fire loss to show how important it is to consider this protection.
Cybercrime comes in many different forms including:
- ‘Fake CEO fraud’ – Cybercriminals using fake emails and making calls masking as someone they’re not in order to get access to information, data or money. An example is an email purporting to be from the CEO of a business, to approve an invoice for payment.
- Hacking – the unauthorised access of a computer system.
- Viruses, Malware and Ransomware – typically delivered or downloaded to computer systems with the intention of causing or threatening damage to software or data, often with the request of a ransom to be paid to avoid a breach or blocked access.
- Phishing – emails which purport to be from reputable companies, individuals or the Government themselves inducing the receiver to reveal personal information, such as passwords or credit/debit card details.
- Smishing – text messages which appear to look like they have originated from reputable companies, individuals or the Government encouraging you to click on dangerous or harmful links.
Advice for protecting yourself
There are some things you can do to protect yourselves from the risk cybercriminals pose:
- Be extra vigilant with emails and text messages you receive and if you receive something that looks suspicious or just ‘doesn’t look right’, no matter who it is from, do not click on any of the content, any links within it or forward or reply to the email. Instead, use an alternative way to contact the individual or company to verify if it is legitimate.
- In April, the National Cyber Security Centre, a branch of the Government Communications Headquarters (GCHQ) who work with the British Insurance Brokers’ Association (BIBA) on several cyber insurance initiatives, have set up a specific email address for suspicious Coronavirus related phishing scams to be reported to. The email address is report@phishing.gov.uk.
- Ensure your usual processes and procedures continue to be followed in the correct manner, particularly for authorising payments, making changes to websites, etc. and processing data.
- Follow the Advice given by the Take Five to Stop Fraud campaign which encourages you to:
- o Stop – take a moment to stop and think before parting with money or information
- o Challenge – could it be fake? It’s OK to reject, refuse or ignore any requests. Only cybercriminals will try to rush or panic you.
- o Protect – contact your bank immediately if you think you’ve fallen for a scam and report it to Action Fraud.
- If you are making use of video conferencing facilities to stay connected with business associates, clients and colleagues, ensure you track who is joining calls. Don’t make any meetings public or post joining links on public forums.
- Regularly change passwords across all devices and online platforms, ensuring you use strong, unique passwords that are not easy to guess.
No matter how many precautions you take or how vigilant you and your colleagues are, some cyber attacks can not be prevented. This is why we advise you to speak to us about the range of cyber and data insurance policies that are available.
You can quickly discover the level of protection you may need by taking our simple 3-minute cyber risk assessment test.
The information contained in this bulletin is based on sources that we believe are reliable and should be understood as general risk management and insurance information only. It is not intended to be taken as advice with respect to any specific or individual situation and cannot be relied upon as such.
For an immediate quote please call Steve Browne, Senior Account Executive on 07595 892 526 or email steve.browne@towergate.co.uk