Some 78% of businesses are concerned about cyber threats, with more than half of them expecting a cyber event in the next 12 months. Despite this, a third do not have an incident response plan. This is amongst the findings of a report published this week by QBE.

The report, Connected Business: Digital Dependency Fuelling Risk, found that nearly half (47%) of businesses suffered from a cyber event requiring corrective action in the past 12 months, and that, in response to CrowdStrike, 57% of all businesses said they would look into purchasing or expanding their insurance coverage.

When it comes to artificial intelligence, businesses consider AI to be more of a help than a hindrance to their cyber security with 32% of businesses saying it will improve their cyber protection compared to 15% of businesses saying AI will increase cyber risks.

David Warr QBE insurance portfolio manager for cyber said: “In some parts of the world, take-up for cyber insurance has been slow but as more businesses see their competitors making use of it and see the disruption caused by events, it is spurring them on to look for coverage themselves. CrowdStrike has contributed to changing perceptions of cyber risk and cyber protection. It has raised awareness of the types of events covered under a cyber policy, with cover provided for both security incidents as well as operational issues."

AI, Warr added, is both a hindrance and a help to the cyber landscape: "As AI becomes more widely accessible, cyber criminals and cyber activists can launch larger-scale attacks at a faster pace," he said. "This increased capability in scale and speed brought on by AI could threaten the cyber domain. However, controlled and managed use of AI can also help detect cyber vulnerabilities."

QBE predicts that the number of ransomware attack victims will increase by 11% from 4,698 in 2023 to 5,200 in 2025 with manufacturing, healthcare, IT, education and government sectors particularly at risk.


QBE’s 10 tips for businesses hit by a cyber attack (Source: QBE)

QBE has developed a range of tools and risk services for their clients to help them reduce their cyber risk and assist with recovery during a cyber event:

1. Contain the issue: isolate affected parts of the network to reduce the impact

2. Evidence preservation: keep the network area running to retain critical evidence

3. Evidence handling: avoid deleting or altering any information that could aid in incident
investigations

4. Notify your insurer’s breach response team

5. Activate your incident response plan: notifying the crisis management team to ensure
decisions can be made swiftly

6. Think twice about paying ransoms: paying ransoms does not guarantee that data will be
returned and can be illegal

7. Communicate carefully with stakeholders: Ensure that accurate information is provided to
manage expectations

8. Identify the extent of the effect on suppliers, clients and other third parties

9. Identify any deadlines that may be affected by the incident, such as payroll

10. Regularly test your response plan against different breach scenarios.

QBE's research was carried out by Opinium Research via an online survey of 311 IT decision makers in the UK during September 2024.

Image courtesy QBE


SUGGESTED READING

Read QBE's latest Focus Feature on cyber risk and insurance here.

---