Skip to content

The growing threat of cyber crime 

We live in a digital society. From email to social media, smart phones to wearable tech we interact with the digital world on a daily basis. The more we interact, the more information that is stored. Unsurprisingly, the frequency of data breaches – the theft, loss or mistaken release of private information - is on the rise. 

cyber main banner

Is there a threat?

Yes, there is a very clear threat, but one of the challenges is that the threat is varied and adaptable. Today virtually all organisations collect and store personal information about customers, employees, service users and others.  

In fact, HM Government research shows that 1 in 4 businesses reported a cyber breach or attack in the past 12 months.1 It’s not just big businesses that are at risk, though it tends to be these that hit the headlines. Last year saw numerous high profile attacks, which thrust the threat into the public consciousness, and helped make people more aware of the need to have some form of defence. 

The ‘WannaCry’ attack in May 2017 was a global event and it received a lot of media attention. In total over 230,000 victims around the world were affected by ransomware that encrypted the data held on their computer and demanded a payment of $300 each to release the files.2 It was an indiscriminate attack and the only thing the victims had in common was their use of an older version of Windows software. 

However not all issues are software based and in January 2018, the flaws ‘Spectre’ and ‘Meltdown’ were made public by several research teams around the globe. These flaws affected several makes of processor that have appeared in most computers since the mid-nineties. Whilst they still required some form of malware to exploit the flaw and gain access to the inner core system, they appeared on the dark web within a week.

It's no surprise then that in our survey, 84% of insurance brokers listed cyber/internet crime as the number one concern for themselves and their clients.3 In 2017, we also found 63% of charities4 and 68% of education establishments5 to be concerned with cyber crime. Knowing cyber risks are a concern for many of our customers, we created a video guide to help raise awareness and recognition of the types of cyber threat.

View video transcript

cyber insight stats

How can you be safe? 

The threat is real, according the Government’s 2017 Cyber Security Breaches survey - 52% of small organisations have been subject to some form of attack.6    

According to Ciaran Martin, CEO of the Government’s National Cyber Security Centre (NCSC):

"The majority of successful cyber-attacks are not that sophisticated but can cause serious commercial damage. By getting the basic defences right, businesses of every size can protect their reputation, finances and operating capabilities."

In addition, General Communications Headquarters (GCHQ) advise that approximately 80% of cyber-attacks can be prevented or mitigated by basic information risk management.7

The Government’s survey also highlighted that small organisations on average invest only £2,600 in cyber security. A number of smaller organisations believe that they are too small or insignificant to be subject to an attack. However, larger organisations have seen the damage that can be caused by a breach and have taken preventative steps to protect themselves. This means that many organised crime gangs are turning their attention towards smaller organisations. Whilst the potential pay-out is smaller, they are easier to compromise and require a lower level of resource.

So what can you do to protect your data and systems?

As technology and the way we interact with it continues to advance it may seem an impossible task. However, there are simple steps businesses should take:

  • Educate/train employees

     

    Establish a written policy about privacy and cyber security, and make sure this is communicated to all employees. Educate employees on what types of information are sensitive or confidential and their responsibilities in protecting it. 

    A large proportion of computer viruses attempt to gain access via email through malicious attachments and links. Make sure employees know what to look for and only open from trusted sources.

  • Secure computers

     

    Require the use of strong passwords that must be changed on a regular basis. Keep security patches for your computers up-to-date. Use appropriate firewall, anti-virus and anti-spyware software and keep virus/spyware definitions up-to-date. 

    Check your software provider’s websites for any updates concerning vulnerabilities or associated patches. Train employees to never leave laptops or smartphones unattended.

  • Safeguard data

     

    Ensure appropriate access controls are in place to protect and secure data. Use encryption to protect sensitive or confidential information stored on portable devices. 

    Reduce your exposure by cutting back on the volume of data you collect and store only what is necessary.

  • Destroy before disposal

     
    Don’t just delete files or reformat hard drives as data can still be restored. Instead use software designed to permanently wipe the hard drive or storage device. Ensure you do this for all equipment not just computers; did you know many photocopiers scan documents and store a copy on the device’s hard drive?
  • Update procedures

     
    Make sure that your procedures comply with any applicable laws or legislation. Also, make sure that they align with any applicable industry required standards such as those that may be required by the Payment Card Industry (PCI) Data Security Standard. 

For further help and information 

An excellent source of more detailed information and help can be found on the Get Safe Online website.  

Get Safe Online is a public/private sector partnership supported by HM Government and leading organisations in internet security, finance and other sectors.

HM Government has also set up the Cyber Essentials scheme. This provides a set of controls which, when properly implemented, protect organisations from the most prevalent forms of threats coming from the Internet. The scheme also offers an Assurance Framework through which organisations can demonstrate to customers, investors and insurers they have taken these essential precautions.

For more information contact your local Ecclesiastical office.
Contact our broker support team

Tell us your challenges - we're ready to help with expert advice, solutions and support. Experience the Ecclesiastical difference for the broker.


This video and article are provided for information purposes and the content is general and educational in nature. You are free to choose whether or not to use it and it should not be considered a substitute for seeking professional help in specific circumstances. Accordingly, Ecclesiastical Insurance Office plc and its subsidiaries shall not be liable for any losses, damages, charges or expenses, whether direct, indirect, or consequential and howsoever arising, that you suffer or incur as a result of or in connection with your use or reliance on the information provided in this video or article except for those which cannot be excluded by law. You are free to choose whether or not to use the information provided in this article and video. You acknowledge that over time the information provided in this article and video may become out of date and may not constitute best market practice.

1 Source: Cyber Essentials website  

2 WannaCry: hackers withdraw £108,000 of bitcoin ransom. The Guardian, 3rd August 2017

3 Ecclesiastical broker survey carried out by FWD Research, December 2016

4 Ecclesiastical charity survey carried out by FWD Research, December 2017

5 Ecclesiastical education survey carried out by FWD Research, December 2017

6 Cyber Security Breaches Survey 2017, Department for Digital, Culture, Media & Sport, April 2017 

7 10 steps to cyber security, in association with CPNI, Cabinet Office and BIS, produced by GCHQ, 2015


Ecclesiastical Insurance Group plc (EIG) Reg No 1718196. Ecclesiastical Insurance Office plc (EIO) Reg No 24869. Ecclesiastical Life Ltd (ELL) Reg No 243111. Ecclesiastical Financial Advisory Services Ltd (EFAS) Reg No 2046087. Ecclesiastical Underwriting Management Ltd (EUML) Reg No 2368571. E.I.O. Trustees Ltd Reg No 941199. EdenTree Investment Management Ltd (EIM) Reg No 2519319. All companies are registered in England at Beaufort House, Brunswick Road, Gloucester GL1 1JZ. EIO and ELL are authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority. Firm Reference Number 113848 (EIO) and 110318 (ELL). EFAS and EIM are authorised and regulated by the Financial Conduct Authority. Firm Reference Number 126123 (EFAS) and 527473 (EIM). EUML is an appointed representative of EIO who is authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority. Firm Reference Number 402228.