It seems like every week there’s a new way for hackers to exploit businesses, steal data and cause business interruption.
It’s dangerous and frankly scary for business owners when the cyber criminals always seem one step ahead of everyone else.
“There’s certainly some up and coming risks out there - some things we’ve seen very recently are negative search engine optimisation and crypto-jacking,” explained Adam Marks, cyber underwriter for Hiscox.
“Crypto-jacking is where an unauthorised party or hacker makes use of an organisation’s processing power within their computers to mine a cryptocurrency like bitcoin. That can go undetected for a number of months.”
Negative search engine optimisation is where hackers or even competitors try to negatively impact your SEO or Google ranking by using a number of tactics including making your website look like spam, link farming, or even hacking your site.
If your site is hacked, this proves a real risk to your data, which can cause enormous business interruption and reputational risk.
“Recently we’ve seen a shift in the landscape in regards to claims in risks, significantly with business email compromise and financial crime,” Marks explained. “Last year the biggest claims we saw were the business email compromises stemming from the Office 365 breaches.”
Unlike other well-known data breaches, which mainly appeared in the media because they impacted a singular large company, the Office 365 breaches impacted multiple companies who all used the Microsoft Office 365 cloud service.
“The Office 365 breaches could have been, in the majority of instances, stopped by implementing only a couple of security features,” Marks said. “So that shows that the SMEs are still quite immature when it comes to security measures and that the SME space is a key target for hackers trying to exploit those minor vulnerabilities there.”
This is part of the issue, Marks believes. SMEs are often targeted by hackers and cyber criminals, but many smaller companies aren’t aware that they are at risk. Larger companies are also more likely to have bigger security features in place, making SMEs a tempting target.
“The papers only share those huge examples like the significant data breaches or the significant data interruption losses but it’s really a talking point around the SMEs,” Marks said. “Here at Hiscox, 75% of our claims we’ve seen in the last three years have been for companies below £10 million in revenue.
“So that just goes to show that the hackers aren’t just targeting those bigger companies. They’re looking for the low hanging fruit, they’re looking for the companies that are weaker in these areas and easier to exploit. That comes from the likes of the business email compromise risk.”
When it comes to insurance policies, Marks has one major piece of advice - for businesses to go for customised and specific policies, not general ‘out of the box’ ones.
“A small company should go for a specific cyber and data policy. There are a number of policies out there in the market which are catered to these type of incidents, but really we would recommend a specific policy that caters for those key cyber and data exposures,” he explained.
Ensuring the policy is “future proofed” is also essential, so that when a new threat emerges the insurance still covers it.
“And one which will be relevant for the years to come,” Marks said. “Because hackers are significantly experienced in this area and they are sometimes way ahead of the good guys at developing new exploits and developing new vulnerabilities.
“An insurance policy really does need to be future proofed because a couple of years ago I’m sure if you asked around no-one would have heard of crypto-jacking or negative search engine optimisation, but they are real risks now.”