By Brogan Howe.
5 February 2020 (17 days ago)
Don’t click the link. That is what we are told when we receive phishing emails, seeking to extract our personal information or spread viruses and malware. For companies allaround the world, cyber security is a rising concern and especially in the finance and insuranceindustry in the UK today. The finance industry, in 2018, accounted for around £132 billion to the UK economy, and as a result is a prime candidate for cyber-attacks.
Investment in cyber security by UK finance and insurance companies has increased by £4,150 on average, to a total of £22,050 per company for the years 18/19. This increase in investment is fully justified considering that it was found that cyber-attacks on financial and insurance firms have risen by a massive 480% in 2018. In addition to this, the law firm Reynolds Porter Chamberlain (RPC) foundthat in 2018 the Financial Conduct Authority was informed of 145 data breaches, this increased by 120 from the figure in 2017. These statistics show a worrying trend of increased cyber-attacks and this prompts the question, are financial and insurance companies in danger of having severe data breaches?
The good thing for companies is that insurance against cyber-attacks exists and is called Cyber Liability Insurance Cover (CLIC). This helps businesses by covering legal fees and regulatory fines, money theft and the cost of informing customers of the attack. However, the problem that companies still face is a loss of reputation as a result of any data breaches. This will result in customers leaving the company and will make it harder for the company to attract new customers. However, very few companies actually have specific cyber liability insurance cover, only 25% of UK companies in the finance sector have it. This shows that many finance and insurance companies are exposed to cyber risk, and face losing, potentially, millions of pounds as a result of a cyber-attack.
Cyber-attacks can be categorised as un-targeted or targeted. For un-targeted attacks as many people, organisations and services are attacked at once, whereas for targeted attacks a specific person, organisation or service is the one that the attack focuses on. A key point on targeted cyber-attacks is that those wishing to carry out attacks, will search for information about the company on technical support forums and social media, including LinkedIn and Facebook. They hope they can exploit user error and find out extra information, such as file locations and storage, which in turn will aid them in their efforts to extort information or disable services.
A cyber security company Specops Software outlined key areas for companies to focus on in order to avoid cyber-attacks. This included reviewing IT equipment, education and government of employees, and finally safeguarding the company using up-to-date anti-virus and anti-malware software. This demonstrates the paramount importance for company employees working in the finance and insurance industry, being fully aware of the things they are not allowed to do, in order to prevent potential cyber-attackers receiving information, which is then utilised to harm the company. Unfortunately, with around 1.1 million people working in the finance industry, there is a lot of people for hackers to unearth sensitive information from.