In addition to the enormous impact which the Covid-19 pandemic had on global health, its indirect effects on the world’s economy look set to be felt well into the future.
Across the UK, hybrid working has become something of a ‘new normal’ in itself. According to the most recent figures published by the Office for National Statistics (ONS), more than one-third of employees now split their working week between home and the office.
The restrictive measures imposed by governments in different territories in an effort to prevent the spread of the virus have also had another consequence.
Remote working, reduced capacity and longer lead times for certain types of products have created cumulative stress on the global supply chain.
Once again, the ONS has reported how 30 per cent of businesses involving in manufacturing, wholesale and retail trades have experienced difficulties.
Although those two things might seem disparate parts of commercial life, they are common in terms of another outcome of the pandemic.
A number of studies have shown an increase in the number of attacks mounted by cyber criminals during the last two years.
One major piece of research by the technology giant IBM identified the supply chain – and the manufacturing sector, in particular – as a particular target.
Such difficulties are not easily resolved, as the shutdown of production by Toyota following one major hack in late February demonstrated.
Being offline even briefly meant its output fell by an estimated 13,000 vehicles. Admitting the breach was an understandable blow to its reputation too.
However, it’s not only major corporations which are at risk. Analysis by the insurer Hiscox of the UK’s “cyber readiness” found that SMEs have borne the brunt of recent attacks.
Hiscox not only concluded that more businesses were the victims of a cyber attack (48 per cent – up from 43 per cent the previous year) but that one-quarter of those affected admitted that their very solvency was put in jeopardy.
The shift to hybrid working and the evolving IT infrastructure necessary to make it work, said the study, was regarded by hackers as something of a weak point to be exploited.
It was perhaps most telling that Hiscox’s researchers reasoned that the rising cyber threat is is considered “the dominant risk to business” in a majority of countries, outweighing the challenges posed by the pandemic and the prospect of recession.
Where a hack puts personal data at risk, organisations are required to inform the relevant data authority. In the UK, that is the Information Commissioner’s Office (ICO).
Data which the ICO has collected and now released underline how common those incidents are. More than 2,800 separate incidents involving business, the NHS, central and local government and the education sector among others were recorded in the 12 months to the end of March.
Given that background, it might come as no surprise to find that more businesses are putting specific cyber insurance policies in place.
Broadway acts on such matters for a range of companies – all the way from SMEs to large multi-national enterprises.
Whilst it is a less mature market than the United States, whose own business community began to adopt such cover a decade ago, the appetite is growing.
In some cases, that is because firms are doing business with other companies so alive to the threat of losing their or their customers’ data that they are making the provision of cyber insurance a contractual obligation.
As the number of firms with cyber policies increases, so too is the cost of premiums quoted by insurers which are aware of the potential size of payouts.
They are aware that the global supply chain is made up of many interlinked firms, some of which have less mature, modern or robust IT systems than other industry sectors. A breach in any one of those links can result in problems for everyone.
Managing the risks by way of insurance makes perfect sense.
On the whole, cyber policies help manage the necessary elements of a breach. They include investigation of precisely what has happened (and steps to prevent a repeat); the disruption to a business; notification of the authorities; and any subsequent legal action, either for the effect on operations or from those individuals impacted.
Given that the European Union Agency for Cybersecurity (ENISA) has predicted a four-fold increase on hacks aimed at those firms involved in the supply chain, policies to deal with the possible activities of digital criminals may well be a sound investment.
Written by Martin Lilley, Director of Corporate