The recent Hiscox Cyber Readiness Report 2020 found that 41% of the 335 Irish firms surveyed had experienced at least one cyberattack event in a six-month period from September 2019 to February 2020.
Subsequently, 22 of those firms paid a ransom following a ransomware attack. One of the companies suffered total cyber losses of €17.8m, and the largest single event cost the company approximately €4.5m.
“These are staggering, eye-opening figures, highlighting that as a country, we need to be more vigilant and prepared,” Richard O’Dwyer, MD of Hiscox Ireland, explains.
“Many companies are aware that they need to install good cybersecurity software, but with hackers becoming ever more intelligent, often breaking through this software, cybersecurity alone does not ensure full protection.
"Only 3% of our commercial clients currently purchase cyber insurance so this would suggest that a number of Irish businesses are suffering an uninsured loss for this type of exposure, which can be very easily rectified by implementing the right cover.”
His key advice for businesses worried about cybercrime is to talk to their broker about cyber insurance, and having the security of knowing their business is protected should the worst happen.
With the majority of office workers logging on from home, many for the first time, business operations have been completely transformed into a new norm that is likely to continue.
“Firms are now having to completely re-evaluate their online management and risk assessments," Richard says. "According to BitSight, home networks are three and a half times more likely to have a piece of malware operating on them than corporate networks. They are even more likely to have at least five types of malware present.
"This has been cause for concern now that workers are at home with networks that are inherently less secure.”
People at home are less likely to be patching their software or changing default passwords on internet-connected devices, and are more relaxed about the types of websites they go to.
“Even employees with good digital literacy are more likely to let their guard down in these anxious times, and fraudsters have been quick to exploit this vulnerability," he says.
"There has been a massive shift towards the content of phishing emails being about coronavirus-related matters, such as emails coming out pretending to be from the Covid Payment Scheme, playing on the financial support that they have issued.”
These are more targeted than generic phishing emails, and much more likely to land: “If a hacker targets your business and there’s an IT failure or someone accidentally shares something they’re not supposed to, it takes time and money to fix. Putting a cyber and data risks insurance policy in place means you and your employees are protected.”
Like many firms, Hiscox Ireland was forced to make some immediate changes to the way it worked back in March.
“We made an overnight decision to close our office and switch to working from home. This really showed us the importance of business continuity planning as we were able to operate seamlessly due to our remote working capabilities," Richard says.
While this period demonstrated how the company can operate remotely when needed, he fundamentally believes that colleagues need to be together on a regular business to perform to the best of their ability.
“The collaboration, learning, and friendships that are developed in the office are a key part of what makes a team successful, and while we can deliver tasks in a remote environment, we will not be able to achieve the same level of performance as when we are in the office," he says.
Hiscox opened in Ireland in 2008 — just on the cusp of another period of significant business challenge.
“We performed relatively well in the years that followed the financial crash of 2008, and the last 12 years have been a great story of growth. We had around 3,000 customers back then and now insure over 18,000 Irish customers. We are now more than four times the size of business we were back then, and many of our customers are small businesses and sole traders.”
Innovation in insurance is key to meeting modern challenges, he believes, especially in a business context: “The nature of risk is always evolving and it is the responsibility of insurers to come up with new ways of protecting customers from those emerging risks.”
The threat of a breach of data or a ransomware attack is one of the newer threats — and one to which Hiscox offers the protection of cyber insurance.
“The policy that we offer on this front is aimed directly at small businesses, many of which would not have many resources to deal with such a scenario if it were to occur.”
Covering not just financial loss, it also includes cybersecurity training for employees, IT forensics, legal defence professionals, and public relations consultants to help mitigate the loss from all angles and help repair any reputational damage as a result of an attack.
While insurance plays a vital role in the fabric of society, the post-pandemic world will lead to significant changes.
“It is likely that Covid-19 will be the largest single loss event of all times for insurers, and unfortunately that means that the price of insurance will most likely increase and the terms and conditions of policies may be restricted. Times of crisis, however, will always bring innovation and there will be options for protection for customers on the risks that have arisen from this particular event,” he says.
Offering specialist commercial cover for clients in a variety of sectors such as media, technology, cyber, and events, Hiscox Ireland has increased its team from six to 25 full-time positions over the past five years.
“We fully expect to add to these numbers,” Richard says. “There are great opportunities to progress and there is room for all types of skills. Like most businesses we have positions in operations, finance, and sales, but we also have roles such as underwriting, claims management, and actuarial roles which are quite unique to our business and offer a dynamic career path with a lot of scope for growth.”