Cyber attacks: Assessing the danger for the self-employed

 

It's tempting to believe that data breaches and cyber attacks only affect large businesses. In the past that may have been the case, but today these organisations invest millions into network security. So as a result, many cyber criminals are looking for easier targets, like small businesses and sole traders. In 2017, cyber attacks affected 38per cent of businesses with less than five employees - part of an increasingly worrying trend. (Source: Department of Culture, Media and Sport’s Cyber Security Breaches Survey 2017).

The risk of a cyber attack on smaller businesses can have financial and operational consequences that some will never recover from. According to the FSB UK Cyber Resilience Report:

  • 66% of small businesses have been a victim of cyber crime
  • On average a small business is a victim of four cyber crimes every two years
  • Cyber crime costs each small business victim nearly £3,000

The chances of the self-employed falling victim to cyber crime are considerable. In fact, The FSB say that they are only 8 per cent less likely to be a victim than a micro-business of ten people.

Mind the air gap

Hackers often attack large businesses through the “air gap.” This is the space between operational technology or industrial control systems running plants and infrastructure (such as power network, manufacturing equipment and logistics fleets) and the connected world of IT systems and the internet.

This is relevant to freelancers and the self-employed because it’s happening at a time when flexible access to data is becoming increasingly important to them. Clients are becoming ever-more demanding and the ability to respond quickly is crucial. Difficulties arise because the technology used, particularly mobile phones and tablets, may not have the same level of protection as non-portable technology despite allowing access to exactly the same valuable and sensitive data.

Cyber criminals are finding that, rather than targeting large national and multinational businesses directly, they can target their systems through those people with access to it. Not only would the freelancer or self-employed person be liable for this type of attack, they would also find it catastrophic for their reputation.

The fact is using mobile devices - personally and for business - is increasingly becoming a major threat to business security. The Institute of Risk Management set up a Risk in Information Systems and E-business special interest group to look into this, as well as other aspects of cyber security. Their report states that over 90 per cent of respondents said their organisations allowed the use of personal mobile devices for business, but only 37 per cent exercised any control over the configuration and security of these devices.

For freelancers, portable technology also brings with it a cyber risk besides the malicious acts of cyber criminals. A quarter of data breaches are simply human error, such as accidentally leaving a mobile phone or tablet in a coffee shop or on public transport.

Responding to an attack

Freelancers and self-employed people are at a disadvantage when it comes to disaster recovery planning. A ransomware attack can easily mean a freelancer can’t access their systems or client records. In this case, they would find it very hard to trade without a comprehensive breach response plan - which cyber insurance can provide. Loss of earnings on top of ransom costs would really rub salt into the financial wounds.

Cyber insurance can also help with the expertise that freelancers and self-employed people often won’t have access to when it comes to responding to a data breach. This includes seeking legal advice, notifying the ICO, notifying clients, providing on-going credit monitoring and developing a PR strategy. Even among those who make their living specialising in one or two of these areas, it’s unlikely they would have the personal expertise to cover everything, which is where cyber insurance can prove invaluable.

Closing the insurance coverage gap

Cyber risks will only get bigger. So if your business is going to properly prepare for future threats, you must identify the weak points in its defences and work out how to fix them. Some key areas of cyber insurance to think about for freelancers and the self-employed include:

  • Being more aware of the risk. There’s a lot of misinformation, in that people only feel the need to buy cyber insurance if they have sensitive data such as credit card, health, or personally identifiable information. That is not the case. What’s more, the potential impacts of cyber breaches are likely to extend as the international regulatory landscape tightens.
  • Having the right policy in place. One reason why data assets are underinsured compared with physical assets is because, in the past, some of these losses were covered under other policies - such as property or kidnap, ransom and extortion. You need to understand what, if any, cyber coverage exists in your traditional property and casualty policies, and work with your brokers to craft manuscript cyber insurance coverage.

Some things insurance can’t cover

Insurance is important but it won’t cover everything. Your business could incur many, often unquantifiable, costs such as reputational damage, loss of customers and IT upgrade costs. The cumulative costs of these can exceed the insurable loss many times over.

You may also have to pay regulatory fines - particularly since the European Union’s General Data Protection Regulation (GDPR) came into force. Under the new rules you could be fined up to 4% of turnover or €20m - whichever is the greater - if regulators think you haven’t protected customers’ personal data adequately.

Prepare and prosper

With the right approach, you can introduce simple controls, eradicate the majority of threats, and - by getting the right insurance - make cyber-crime easier to survive. You can then safely take advantage of the huge opportunities that technology, cloud, social media and mobile devices bring to the freelance and self-employed community.


For further information on the issues covered by this article, please contact Aon on 0333 363 8461.

Whilst care has been taken in the production of this article and the information contained within it has been obtained from sources that Aon UK Limited believes to be reliable, Aon UK Limited does not warrant, represent or guarantee the accuracy, adequacy, completeness or fitness for any purpose of the article or any part of it and can accept no liability for any loss incurred in any way whatsoever by any person who may rely on it.  In any case any recipient shall be entirely responsible for the use to which it puts this article. This article has been compiled using information available to us up to 30/08/2018

 

Meet the author

Aon

Aon plc

Aon plc is a global professional services firm headquartered in London that provides risk, retirement and health consulting.