In the wake of the recent cyber-attack on Allen & Overy (A&O), a prominent magic circle law firm, the spotlight should not just be focused on the cyber-attack and whether a ransom demand was paid but just how imperative it is for proper robust cyber insurance policies to be in place for businesses in any sector. The ramifications for firms like A&O are not just financial but extend to the very core of their operational resilience.
According to AAG IT, around 236.1 million ransomware attacks occurred globally in the first half of 2022. 1 in 2 American internet users had their accounts breached in 2021. 39% of UK businesses reported, suffering a cyber-attack in 2022. And around 1 in 10 US organisations have no insurance against cyber-attacks. With stats like these, why are we not ensuring our business’s digital assets as thoroughly as we are bricks-and-mortar with policies such as property insurance?
Many people are currently suffering from the recent cyber-attack on Cheshire-based CTS. This will impact close to another 200 UK law firms working in the conveyancing space. With attacks like this, and A&O’s, where the business deals with highly confidential digital files and contracts, just how can a company rebuild its reputation and trust amongst industry peers and clients?
Are brokers and insureds asking the right questions regarding these recent attacks?
Beyond the immediate concern of ransom payments, the priority needs to be answering this question. Were there adequate controls in place to mitigate such an event and is there a cyber insurance policy tailored to your business?
A robust Cyber insurance policy, supported by a reputable insurer, offers crucial incident response and PR capabilities for businesses post-cyber-attack. Insured clients gain access to an experienced vendor panel dedicated to swift and secure recovery. Head of Cyber, Media & Tech Risks at United Insurance Brokers, Dimaggio Rigby, provides insights into the impact on businesses with proper coverage post a cyber-attack.
- Financially Viable Alternatives:
Having a cyber insurance policy can serve as a financial lifeline, ensuring that payment of a ransom isn’t the sole recourse in the face of a cyber threat. With a comprehensive policy, firms gain access to first-party business interruption costs, loss of income as well and additional cost of working indemnities which mitigates the immediate financial strain and allows for a more strategic response to the incident – Giving the business more leverage against such a faceless crime.
- Embarrassment of Unpreparedness:
For firms housing most of their intellectual property in digital form, the absence of vital cyber insurance becomes more than a financial concern; it transforms into a reputational crisis. The embarrassment of not having the necessary safeguards in place when digital assets are the lifeblood of business operations can be a severe blow to a company’s standing in the industry. Moreover, the lack of, or insufficient Cyber cover, could potentially result in a D&O claim, emphasising further its importance.
- Incident Response and PR Services:
The benefits extend beyond just financial coverage. Quick, structured, and experienced incident response and public relations services become invaluable assets when a cyber event occurs. These services not only help in mitigating the damage but also aid in restoring trust and confidence in the eyes of clients and stakeholders.
- Rebalancing the Insurance Portfolio:
Just as firms purchase property insurance cover against weather, fire and theft damage, the shift to increased remote work and the dominance of digital assets within an organisation demands a recalibration of risk management strategies. As we have transitioned from a traditional brick-and-mortar economy to a more digitally enabled one, it is imperative to ensure that the right cyber insurance policies are in place. This proactive approach not only safeguards against potential financial losses but also fortifies the overall operational resilience of the organisation.
In conclusion, the A&O cyber-attack serves as a stark reminder of the evolving threat landscape and the indispensable need for a comprehensive cyber insurance policy. Beyond the financial considerations, the intangible yet critical aspects of reputational management and swift response capabilities are a necessity for firms to evaluate and enhance their cybersecurity preparedness. As we navigate the digital frontier, securing our intellectual property is not just a matter of prudence but a strategic imperative for the continued success and sustainability of businesses.
