Cyber and terror are risks that have developed into an enormous preventative challenge within just a few years. Both individually and jointly, the threats they pose have a unique propensity to change and evolve rapidly. As such, ideas which aim to constitute notions of appropriate mitigation and response are also in flux.
The reliance companies now place on their IT systems is what makes cyber risk so potentially dangerous. This is compounded by a lack of awareness about vulnerability, with too much confidence placed in preventative measures designed to protect against cyber attacks.
People as a Primary Risk Factor
Although risk awareness has increased significantly in recent years, there is still a lot of catching up to do. This is especially true for SMEs and small companies, who often feel they are less at risk due to their size. This is a dangerous fallacy. A large proportion of data breaches are not caused by external sources but rather by internal technical problems or simple human error. Employees opening email attachments and unwittingly downloading dangerous malware is an incredibly common occurrence, as is the use of unsecured/infected external USB sticks on company computers. Not to be forgotten, however, are any operating errors or simple mistakes made without any criminal malice. All of these cases may lead to confidential data being disseminated, or to production downtime.
Unforeseeable and Damage-intensive
The effects of an IT security breach can be incredibly damaging. In case of malfunctions or loss of IT functionality, a business can come to a complete standstill. Not only can this cause immense financial losses, but also significant damage to reputation and a loss of consumer confidence.
Similar scenarios can result from terror attacks. Although Europe as a whole is still a "safe haven" by international standards, the threat level is still quite acute in Germany, France and the UK. Furthermore, companies do not need to be directly affected by terrorist events to feel the consequences. If an attack closes districts, airports or certain traffic routes, delivery delays or business interruptions are guaranteed. This risk is exacerbated by today’s globalized supply chains which are not only geographically diverse but also extensive in terms of the sheer number of suppliers a given company may have. An attack in a country on the other side of the world can have a massive impact on the business operations of companies in the UK and Europe.
Despite the growing awareness of cyber and terrorist risks, consulting is still an important aspect in raising companies’ awareness of risk by showing them the dangers they actually face. As an insurer, the task is not only to provide an appropriate insurance policy and risk transfer, but to also offer companies a precise understanding of their risks and make them aware of the need for specific coverage in every detail. For this reason, a meaningful risk assessment, including preventive measures, is important. It is all the more urgent because of the number of companies which remain totally unprepared, or mistakenly assume they have adequate insurance cover when in fact they do not. In addition, especially with regard to terrorism and political violence, the boundaries between property and business interruption insurance are often extremely complex, and the definitions and interpretations of the risks that lead to losses vary greatly. It is for this reason that it is so essential to constantly address terror and cyber risks. After all, only those who know their risks can protect themselves against them.