Phishing attacks are among the most common risks UK businesses face. They work by impersonating someone reputable to obtain money, secrets or customer data. In fact, 83% of businesses that suffered from a cyber attack reported phishing as the attack vector.
It demonstrates that policies like cyber insurance have become just as essential as property coverage or professional indemnity insurance, but will cyber insurance cover this type of cyberattack?
What are the biggest phishing risks for businesses?
Even though phishing remains so common, the UK is uniquely placed to defend against these attacks. According to one study, 69% of UK citizens could correctly decipher whether an email was genuine.
This however, doesn’t change the fact that the UK is losing £2,300 per minute due to fraud. So, what are the risks for businesses?
Credential Theft – Loss of usernames and passwords.
Email Compromise – These attacks aim to compromise your business email by masquerading as trusted vendors and partners to steal funds.
Ransomware – Malicious attachments that inject ransomware into core systems. Once inside, the ransomware encrypts all data and demands a ransom for decrypting it.
Data Breach – Exposure of intellectual property and sensitive customer data.
Spear Phishing/Whaling – Impersonation of key executives to exploit their status and use social engineering tricks to steal information and gain access to systems.
Although phishing attacks are commonly associated with emails, they can be performed over the phone or via text.
Can phishing attacks be covered by cyber insurance?
Various cyber insurance products offer broad coverage to protect against cyberspace risks. However, many people are confused as to exactly what it covers.
Typically, phishing attacks can be covered however, some situations may mean your cyber insurance doesn’t cover the issue. For example, since a phishing attack requires an employee to act, direct financial losses may not be covered, but intangible assets would be covered.
Does cyber insurance cover phishing for data?
Not every phishing attack aims to convince your employees to make a financial payment. Instead, the purpose may be to access your systems and steal your data, and data can be just as valuable as cash.
For example, a phishing attack may involve asking an employee to send copies of their client database containing confidential information. This information would then be sold on the dark web for money.
Typically, this would be covered under your cyber insurance policy because it’s an intangible virtual asset. Additionally, you would be covered if data was lost by an employee clicking on an attachment or link that results in downloading malware.
The impact of phishing for businesses
Did you know UK residents lost £4 billion to fraud in 2021 alone?
It shows that individuals and companies are at risk of massive financial losses. For example, WhatsApp Gold has been a widespread phishing scam since 2016. Nobody has assessed total losses, but it’s an example of how fraudsters can use household names to defraud people.
So, what are the potential impacts of phishing on your business?
Without cyber insurance
· Significant financial losses
· Loss of customer trust
· Severe business disruption
· Lawsuits
· Liquidation and bankruptcy
With cyber insurance
· Make a claim with your cyber insurer.
· Your insurer covers your losses, including financial losses and legal costs.
· Limit business disruption.
· Positive cash flow.
· Return to normal business activities as soon as possible.
How to protect your business against phishing
Phishing is among the most common and dangerous threats faced by businesses.
Cyber insurance can pick up the pieces should the worst happen, but the best medicine is prevention. Here are some smart tactics for protecting your firm:
- Employee Training – Train your employees by conducting frequent security awareness training sessions. This should educate them on new phishing scams and familiarise them with best practices.
- Email Filters – Install ironclad email filters as standard to block phishing emails before they ever reach the eyes of your team.
- Multi–Factor Authentication (MFA) – MFA protocols can protect sensitive data by adding another layer of security if an employee falls for a phishing email.
- Incident Response Planning – Have strict workflows to respond to incidents to mitigate any potential damage rapidly.
- Patching – Maintain all software, applications and operating systems by installing patches and updates from the moment they become available.
- Email Analysis – Use real-time attachment and URL analysis tools to detect suspicious communications.
- Simulations – Conduct phishing simulations to assess employee readiness and susceptibility. These simulations could be mentioned ahead of time, or not.
Preparing your business for potential phishing attacks requires a firm plan and regular refresher sessions. Keeping your company in a constant state of readiness is the best way to reinforce the threat and give your employees the tools they need to defend against phishing.
Phishing attacks however, can occur even with the best-laid plans in place.
For these situations, a comprehensive cyber insurance policy from Stanmore Insurance will mitigate your losses, enable you to return to work and provide peace of mind. To learn more about cyber insurance, contact our team now.