NSC Global Limited
3rd Floor, West Building
1 London Bridge London
SE1 9BG
Who we are
Work with us
© Copyright 2020 NSC Global Ltd.
Cybercriminals don’t hang around – they’re often at the forefront of tech innovation and network security – just on the wrong side. Big businesses, on the other hand, struggle to move quickly, and usually end up playing catch-up.
So how should multinationals insure against, and mitigate for, an inevitable hack?
CYBERCRIME IS BOOMING
In a recent video, Craig Williams, Director of Outreach at Cisco’s cybersecurity company Talos, claimed they block 20 billion threats every single day – nearly three for every person on the planet.
And Forbes estimates the worldwide annual cost of cybercrime will be $6 trillion by 2021.
These numbers illustrate the problem with software based threats: they can easily be cut, copied and pasted to attack devices on a monumental and global scale, unfathomable to the old-fashioned, analogue criminal.
And cybercrime is no longer the sole preserve of highly skilled hackers: websites are popping up selling Ransomware-as-a-Service. For a fee, you can outsource your cybercrime.
For multinationals, it’s a case of when, not if, the hack arrives.
THE CYBERCRIME INSURANCE PERCEPTION GAP
Given the likelihood of a cyberattack – “inevitable”, according to most experts – a surprising number of companies have not taken out specific cyber insurance.
In fact, 50% of US firms do not have cyber insurance. And that number may be even less, as one report showed five times as many CEOs think their companies have cyber insurance than is actually the case.
This is changing however, as cybercrime becomes more prevalent, and more notorious: Large-scale attacks such as WannaCry took down companies and databases across the world, including the NHS in the UK.
Cyber insurance is not a legal requirement at the moment, but governments and regulatory bodies are starting to take threats more seriously. EU regulations – such as GDPR – are predicted to cause an uptick in cyber insurance purchases, and the UK government launched a Cyber Essentials Certification, encouraging companies to consider how they protect themselves, and also reducing premiums should they have it.
THE COST OF CYBERCRIME
So what does a cyber insurer insure against? The UK government, working with insurance firms, allocated cybercrime losses into eleven categories:
1. Intellectual Property theft – the loss of an IP asset, expressed in terms of lost revenue.
2. Business interruption / critical failure – loss of profit due to unavailability of IT systems.
3. Data and software loss – the cost to reconstitute data or software that has been deleted or corrupted.
4. Cyber extortion – the cost of expert handling for an extortion incident, combined with the amount of the ransom payment.
5. Cybercrime / cyber fraud – the direct financial loss suffered by an organisation arising from the use of computers to commit fraud or theft of money, securities, or other property.
6. Breach of privacy event – the cost to investigate and respond, including IT forensics, notifying those affected, third-party liability claims arising from the same incident, and fines from regulators.
7. Network failure liabilities – third-party liabilities arising from certain security.
8. Impact on reputation – loss of revenues arising from an increase in customer churn or reduced transaction volumes.
9. Physical asset damage – loss due to the destruction of physical property resulting from cyber attacks
10. Death and injury – liability for death and bodily injuries resulting from cyber attacks.
11. Investigation and response costs – direct costs incurred to investigate and “close” the incident and minimise post-incident losses.
OTHER THAN INSURANCE, HOW DO MULTINATIONALS INSURE AGAINST CYBERCRIME?
Insurance won’t stop an attack. So how can multinationals minimise the threat?
Invest in the latest tech – the newer the tech, the more secure it will be – as cyber criminals have had less time to work through its defences.
Invest in people and processes – employ a Chief Digital Officer to oversee the implementation and upkeep of cybersecurity. Many hacks happen because of human error, so water tight processes coupled with proper training can minimise risk.
Hack yourself – if a multinational can find its IT vulnerabilities before the criminals, it can patch them first too.
Anti-virus software – obviously.
Trusted IT partners – outsourcing your IT outsources the responsibility. For example, NSC supply up to date tech, design secure networks managed by security experts, and purchase cyber insurance on behalf of our clients. The broad cyber security expertise we have, gathered from working with many world-class multinationals, is invaluable in this space.
Smart networks – tech itself is helping fight cybercrime: the new Cisco smart network can anticipate, halt and remedy hacks, and learn from these over time to become even more secure.
Encryption – blockchain technology is making encryption even more powerful: data can be split across multiple servers, only remade in a coherent unit with private keys, making a hack almost impossible.
Hybrid cloud – the hybrid cloud introduces siloed networks to organisations, which means the impact of hacks are minimised as data isn’t centralised.
Cyber resilience – cyber resilience is having a plan, a protocol and the personnel to cope with the inevitable hack. Being well drilled can be the difference between getting a business quickly back on track with no revenue or reputation loss, and watching your share price tumble.
Cyber resilience must include appointing a board risk committee that functions independently of the executive management, whose recover plan links finance, operations and reputation.
THE CYBERSECURITY SOLUTION
Every tactic to counter cybercrime is not equal, but neither is there one solution to the threat.
In sport, there is a concept of ‘marginal gains’. It means finding small, incremental improvements in every area, that all add up to a significant improvement. The same should be applied to cybersecurity – the most effective method of securing an organisation must be to optimise defences everywhere possible.
This, of course, is not without expense, so outsourcing your IT is an effective way to get security in a changing and challenging environment at a fixed price. Equally, cyber insurance is not cheap, but can avoid company-destroying disasters down the line.
Cybercrime is a constantly mutating threat, so what works today may not tomorrow. Whether an organisation does its cybersecurity in-house, or works with a partner organisation such as NSC, it is imperative to hold regular reviews to keep analysing, updating and evolving cybersecurity.
Benjamin Franklin said “in this world nothing can be said to be certain, except death and taxes”. We can add cybercrime to that.
If this article touches on issues affecting your business, and you want to get in touch, please contact us on +44 (0) 20 7808 6300 or enquiries@nscglobal.com, or visit us at www.nscglobal.com.
NSC Global Limited
3rd Floor, West Building
1 London Bridge London
SE1 9BG
© Copyright 2020 NSC Global Ltd.
This site uses cookies. By continuing to browse the site, you are agreeing to our use of cookies.
AcceptWe may request cookies to be set on your device. We use cookies to let us know when you visit our websites, how you interact with us, to enrich your user experience, and to customize your relationship with our website.
Click on the different category headings to find out more. You can also change some of your preferences. Note that blocking some types of cookies may impact your experience on our websites and the services we are able to offer.
These cookies are strictly necessary to provide you with services available through our website and to use some of its features.
Because these cookies are strictly necessary to deliver the website, refuseing them will have impact how our site functions. You always can block or delete cookies by changing your browser settings and force blocking all cookies on this website. But this will always prompt you to accept/refuse cookies when revisiting our site.
We fully respect if you want to refuse cookies but to avoid asking you again and again kindly allow us to store a cookie for that. You are free to opt out any time or opt in for other cookies to get a better experience. If you refuse cookies we will remove all set cookies in our domain.
We provide you with a list of stored cookies on your computer in our domain so you can check what we stored. Due to security reasons we are not able to show or modify cookies from other domains. You can check these in your browser security settings.
These cookies collect information that is used either in aggregate form to help us understand how our website is being used or how effective our marketing campaigns are, or to help us customize our website and application for you in order to enhance your experience.
If you do not want that we track your visit to our site you can disable tracking in your browser here:
We also use different external services like Google Webfonts, Google Maps, and external Video providers. Since these providers may collect personal data like your IP address we allow you to block them here. Please be aware that this might heavily reduce the functionality and appearance of our site. Changes will take effect once you reload the page.
Google Webfont Settings:
Google Map Settings:
Google reCaptcha Settings:
Vimeo and Youtube video embeds:
The following cookies are also needed - You can choose if you want to allow them: