According to a new report from specialist reinsurance broker McGill and Partners, cyber-attacks are the number one concern for Board Directors.
81% of board directors surveyed by McGill and Partners and NEDonBoard, the professional body for non-executive directors and board members, identified cyber-attacks as the biggest threat that their business currently faces.
The number of cyber-attacks has grown in recent years, with several high-profile examples making headlines across the world just this year, from the Colonial Pipeline ransomware attack in May 2021 to the T-Mobile data breach in August.
The cost of an attack can run into the millions, indeed, it’s projected that the total cost of ransomware attacks in 2021 could exceed $20bn, with the cost of cybercrime predicted to surpass $6trn annually this year.
Cost is not the only factor that Board Directors must consider in regard to cyber-attacks. On average it can take between two to four weeks to recover from an attack, with some businesses taking much longer to return to normal.
This can have a significant financial and reputational impact for businesses unable to trade during these periods.
With more businesses embracing hybrid working, as well as an increasing amount of technology used across all sectors from manufacturing to healthcare the risk associated with a cyber attack is only growing.
There are measures that boards can employ to protect against an attack. However, while prevention is always the first priority, board members should also consider whether processes are in place to ensure the business’ resilience should an attack take place.
Cyber-insurance can play a role here, supporting businesses in the face of a threat as well as protecting the balance sheet. Well-crafted coverage, uniquely suited to the organisation can provide access to fully vetted, post-incident vendors aiding in the efficiency of the response, further encourage the adoption of market-leading cyber security protections as a means to broader coverage and support board members in evidencing the organisation’s commitment to cyber security following an incident. .
Shannan Fort, Head of Cyber at McGill and Partners commented: “Many businesses have incorrectly assumed that protecting against cyber attacks sits solely with the IT department, so it’s welcome news to see that board members are very aware of the risk an attack poses to their business.
“We have seen numerous examples of attacks in recent years, and, what is fundamentally clear is that every business has the potential to be a victim. Any business- large or small- that employs technology- whether to offer a service, hold data or even operate machinery could be at risk.
“The cost associated with a cyber-attack cannot be underestimated, and cyber-insurance can support affected business’ balance sheets. However, its role goes so much further. Access to leading vendors that can support should an incident occurs can be invaluable for example.
“For board members, it’s vital to ensure that your business has the appropriate steps in place to both protect against an attack and ensure resilience should one happen.
“It’s worth noting that board members not only risk significant cost to the business from a cyber-attack, but also liability claims against them should a cyber-attack happen.”