Pillar To Post: Royal Mail And The Cyber Threat


shutterstock 1159393690 - Pillar To Post: Royal Mail And The Cyber Threat

Over the last two decades, the international delivery industry has undergone something of a paradigm shift.

The advance of short-form electronic communication, such as texts, e-mails and even video calls, has led to a steep decline in the number of letters handled by national postal services around the globe.

Last month, the Universal Postal Union – the United Nations’ agency which co-ordinates the worldwide postal system – issued figures showing just how severe the drop has been.

They detail how, in 2021, Royal Mail saw 22 per cent less mail than the year before.

Royal Mail’s own latest annual report makes for bleak reading too, including the admission that it had experienced “another challenging year“.

Some of the negative impacts of the reduction in letter volumes in recent years has been offset by a rise in parcels, boosted by mass adoption of e-commerce.

During lockdown, when high streets were shut for extended periods to prevent the spread of coronavirus, consumers worldwide turned to online shopping en masse.

As a result, domestic and cross-border parcel volumes soared.

However, the relaxation of measures to control the virus saw shoppers return to ‘bricks and mortar’ stores and, therefore, the number of parcels handled by delivery firms fell.

In Royal Mail’s case, whilst domestic parcel volumes were down seven per cent over the last financial year, the number of international parcels which it carried was 42 per lower – a consequence of online shopping habits and the change in customs regulation caused by Brexit.

If we throw in the prospect of losses arising from recent industrial action, it becomes clear that Royal Mail faces a number of difficulties.

Which is why last week’s revelation that it has been the victim of a major “cyber incident” is extremely unwelcome and untimely.

Royal Mail immediately began working with the National Cyber Security Centre and the National Crime Agency to investigate and resolve the issue, which has seen its international parcel service grind to a halt.

It was subsequently reported that the attack had been carried out by Russian hackers demanding a cryptocurrency ransom payment.

The episode underlines the fact that even very large, well-resourced businesses can fall foul of incidents such as this.

In one sense, it is the very fact that they are sizeable, data-rich bodies which make them attractive to hackers.

Royal Mail’s misfortune also reminds us how protection against this kind of technological assault on the integrity of public and private sector organisations is very much the topic of the moment.

Every conversation I and my colleagues have with corporate clients at the moment features a mention of cyber cover.

However, as I wrote on this ‘blog in September, one of the problems created both by demand for such policies is that cover is harder to secure.

The insurance industry is well aware of figures from the likes of the Information Commissioner’s Office showing that cyber-related data breaches are on the increase (https://ico.org.uk/action-weve-taken/data-security-incident-trends/).

It is one reason why the CEO of Zurich, Mario Greco, recently stated his belief that cyber attacks may become “uninsureable”.

Like companies of all sizes who have fallen prey to hackers – including one of the UK’s leading national newspapers, The Guardian – the initial shock of what has happened is followed by a process which takes several stages.

The investigation of the cyber attack coincides with the need to inform regulators, staff, customers and partners, something which is of acute importance whether you’re a publicly-listed business or a much smaller enterprise.

Systems also need to be made even more robust in an attempt to prevent a repeat.

If insurance is in place, making a claim for any losses incurred may run alongside the receipt of claims for compensation from those individuals (employees or customers) or suppliers who have been directly affected.

Things will become even more complicated later this year when Lloyds of London stops covering losses arising from cyber-attacks allegedly orchestrated by certain nation states or which happen during a war.

In all, it is a messy situation: messier still – and possibly terminal – for those companies which did not have cyber insurance.

That is because some organisations choose to carry the risk rather than transfer it to insurers in the form of a policy and only consider cover after they have suffered an attack.

I would suggest that fewer businesses now turn a blind eye to the cyber threat.

Insurance is becoming as much a routine part of the defence mechanism as keeping on top of hardware and passwords.

I don’t know if Royal Mail has cyber cover in place but I would be truly surprised if that was not the case.

If it has, it will realise that, at a time like this, the right policy really can deliver, even for the UK’s postal service.

HEADSHOT MARTIN LILLEY e1637778514991 - Pillar To Post: Royal Mail And The Cyber Threat


Written by Martin Lilley, Director of Corporate

Go to Top