Finnish companies concerned about cybercrime – how to prepare for cyber risks
According to Simo Hannula from Söderberg & Partners, digitalization generates new risks that companies must learn to manage. These risks are not covered by “standard” insurance. This applies to nearly all sectors.
“It is increasingly common that insurance companies exclude cyber attacks from their traditional insurance policies,” says Hannula.
Companies are concerned about the vulnerability of data security and potential interruptions in their activities caused by cyber attacks.*
“Cyber attacks are a rapidly growing problem. The number of attacks is ever-growing. According to PwC’s global CEO survey*, up to 47% of Finnish CEOs see information security threats as one of the most substantial threats to business,” Hannula says.
What does cyber insurance cover?
Cyber insurance protects a company against the consequences of cyber attacks. It concerns the company’s whole data network and human errors made by the company’s personnel.
Cyber insurance covers e.g. damages caused by malware and DoS attacks. Coverable costs include
- Crisis management: rehabilitation costs, first response service costs or cost of an external loss adjuster.
- Damages incurred by the company: cost of restoring files, systems and networks, costs caused by interruptions or disruptions in business activities.
- Damages incurred by third parties: cost of reporting personal data leaks.
More and more insurance companies are also offering their clients free services, such as data security training or information.
When it comes to both cyber insurance and other insurance policies, a common problem among businesses is that they fail to make maximum use of the additional services offered by their insurance company. A competent insurance broker can help with this problem.
One of the greatest benefits of cyber insurance is the ability to respond quickly to incidents and contact experts immediately. Most cyber insurance policies include a 24/7 support service that helps you manage IT, legal and PR matters.
A quick-to-respond expert service usually helps prevent further damage efficiently.
Who are cyber criminals and why do they attack?
The actor behind an attack may be a foreign state operator with political or military motives. Another common perpetrator group is criminals whose motives are often related to economic interests. In some cases, the attack may involve an ideological component.
“There are many companies that have suffered the consequences of cybercrime. You may have heard about the case of private psychotherapy clinic Vastaamo (article in Finnish). Cyber attacks are not only a threat to large companies. In fact, two thirds of cyber attacks target small and medium-sized businesses,” says Simo Hannula.
In other words, all companies could be affected by cybercrime. In principle, if you have information that could be valuable to criminals, you are a potential target.
Consider these questions:
- How would the loss of data impact your company’s revenue?
- What kind of damage could data you process cause to third parties?
- How would your company manage without its information system?
Future trends in cybercrime
Cybercrime is divided into three types of operators: organized crime, state operators and less developed operators.
Cyber criminals handle large amounts of money and are often innovative and sophisticated.
They also spend a lot of time and resources identifying and stealing critical and sensitive information. Then, they make a ransom demand.
Damage types related to cybercrime include ransomware and different forms of illegal interception, such as hacking of emails and data thefts.
Pandemic has fueled cyber crime
The coronavirus pandemic has made remote working more common. Unfortunately, this poses new security threats to companies. The connections used by remote workers are not necessarily as secure as the ones at the office.
“Hacking often leads to an interruption in business activities or necessitates the rebuilding of a company’s IT environment. Regardless of the consequences, data security incidents are in most cases very costly. The most expensive part of such incidents is not the restoration or wiping of systems or the ransom demands – it is the interruption and disruption in the company’s business activities. The impact on the company’s reputation may also be substantial,” says Hannula.
What kind of companies need cyber insurance?
“These days, every company needs some kind of cyber insurance,” says Hannula.
“Every company uses some kind of information network. In addition, most companies process sensitive information, at the very least their clients’ contact details,” he continues.
Cyber insurance is based on various risk scenarios. All cases are unique. A company must assess its situation and needs carefully and find a suitable insurance policy.
However, cyber insurance is not a standard insurance policy – it does not replace other insurance policies but supplements them.
Do you need help with information security matters?
Söderberg & Partners has negotiated and organized a tender competition for a cyber insurance product that is excellent for its small and medium-sized client companies.
The insurance policy provides great coverage against malware, DoS attacks and human errors, among other incidents.
When taking out a cyber insurance policy, it is important to remember that the industry is developing and changing rapidly. New needs and products keep emerging. That is why our cyber insurance experts help you keep your insurance up to date.
* 24th Annual Global CEO Survey | Key findings 2021 | Finland (in Finnish)