As businesses and organisations around the globe navigate their way through the ever-changing environment of pandemic-related restrictions and the easing of those restrictions, there is much for them to consider with regards to inviting employees to return to the workplace. With both moral and legal obligations coming to the fore, the associated risks can be interconnected and present in many forms.
In this episode, Sandra Cole, International Cyber Claims Focus Group Leader at Beazley, joins our host to discuss cyber risks associated with hybrid working.
This podcast was originally recorded in December 2021.
Disclaimer:
The information set forth in this podcast is intended as general risk management information. It is made available with the understanding that Beazley does not render legal services or advice. It should not be construed or relied upon as legal advice and is not intended as a substitute for consultation with counsel. There may be specific issues under applicable law, or related to the particular circumstances of your contracts or operations, for which you may wish the assistance of counsel. Although reasonable care has been taken in preparing the information set forth in this document, Beazley accepts no responsibility for any errors it may contain or for any losses allegedly attributable to this information.
Hello, and welcome to this Beasley podcast on workplace risk in a post pandemic world. I am Sarah Griffiths as businesses and organizations around the globe navigate their way through the ever changing environment of pandemic related restrictions and the easing of those restrictions. There is much of them to consider with regards to inviting employees, to, and the workplace with both moral and legal obligations coming to the fore. The associated risks can be interconnected and present in many forms. In this podcast, we will focus on cyber risk. I'm joined today by Sandra Cole, international cyber claims focus group leader at Beasley. Sandra, thanks for joining me today. Could you start by explaining what has changed in the cyber risk landscape in regards to the new hybrid, flexible working environment, many of us find ourselves a part of
Speaker 2:
Hi Sarah, for obvious reasons. There's been a huge increase in hybrid working for many organizations. And of course, this is what has allowed them to weather the storm of the pandemic. And following the UK government's announcement last week, everyone will be working from home again for the foreseeable future. It seems as though hybrid working is here to stay, but of course it's not without risk for businesses. New cybersecurity risks have emerged as a result of this hybrid environment. For example, not all organizations have implemented multifactor authentication, which provides a great level of secure when working from home, but accessing company servers many do not use virtual private networks. This is particularly true in the small to medium sized company space where they might not have the financial means or the resources to cater for additional security requirements that are needed in a hybrid environment. We've definitely seen an increase in fraudulent instruction during the pandemic. And that is partly because the systems that are in place in an office to verify payment detail changes just don't happen when people are working from home. Sadly, we've also seen an increase in claims from malicious employees. A lot of people have lost their jobs through the pandemic, and some unfortunately are keen to take it out on their employers. We've seen cases where a company failed to terminate an ex-employees access to the network, and they stole a lot of information. Others have simply printed off a lot of personally identifiable information on their way out the door, and then dumped it in a public place. And that's a data breach. Employees need to be more aware, but the relaxed environment of working from home quite often means that they're less alert rather than
Speaker 1:
More. Thanks, Sandra, as you all know, Beasley recently released a series of reports based on the insight of over 1000 research respondents in the UK and us. The research that sits beneath tells us what clients care about, what keeps them up at night, where their risk blind spots are and what they will want from an insurer. We call this our risk and resilient theories. As part of this research, we ask clients to rate business risks and their corresponding sense of resilience to the same risks as you might expect, the pandemic was rated high risk, but clients felt that they also had high resilience having lived through the pandemic experience for the last 18 or so months. A high understanding of the risks of a pandemic clearly makes sense. The research also showed that clients believe they're resilient to cyber risk. Sandra, in your opinion, is this surprising? It is
Speaker 2:
Surprising given what we've just about as well as the claims trends we have seen here emerging at Beasley Beasley's experience is that they aren't as resilient as they think they are. Our claims count continues to grow year on year. And for some insureds, we see multiple events in the same year, which means they're not learning from their mistakes or making improvements to their cybersecurity. The 2021 year is not yet finished, but we've already had an increase of 71% in cyber claims across the piece. And also a widening of the variety. Of course, ransomware is prolific, but we also continue to see business email compromise, phishing, fraudulent instruction, as well as good old fashioned data breaches. When people lose hardware with unencrypted, data will send emails to the wrong recipients. The background is a grim one, two, Sarah, the number of interactive intrusions grew by 400% from the beginning of 2019 through to the end of 2020. And although many organizations are making expensive cybersecurity improvements to their infrastructure, they quite often overlook one key component employees, any organizations, employees are their greatest asset, but they're also their weakest link. And it's essential that organizations carry out cyber security training often and in depth across their business, if they want to remain safe,
Speaker 1:
It seems there is a disconnect between how resilient businesses feel to cyber risk and the growing number of businesses having been victim to cyber attacks. What do you think is causing businesses to feel this way? The reality
Speaker 2:
Of course, is that client sense of resilience may be a losery cyber attacks are something which always happened to someone else. Every one of our insureds who are subjected to some form of cyber event are surprised when it happens and they scratch their heads, trying to understand how it occurred. There are pockets of resilience, of course, and in some sectors like financial services and healthcare regulatory oversight can help. But insurers actually have a really important role to play in helping organizations to become more resilient. The underwriting process has evolved. Insurers, ask more questions. They carry out their own vulnerability check and they provide threat Intel to insured to help them prepare for attacks before they
Speaker 1:
Happen. And what can businesses do to become more resilient and protect themselves from these types of risk
Speaker 2:
Business management must look to heighten their standards in respect of increased cyber security. And it must come from the top. This is a boardroom level issue, and it's really important that organizations engage with their employees so that everybody plays their part behaviors must change. You know, companies need to implement multifactor authentication. They need to make sure that they have backups for their mission, critical data offline in a separate network. This ensures that if they are subjected to a ransomware attack, they can restore their data from backup. They don't have to be down for a prolonged period of time and they can continue to operate as a business. Simple things like closing ports that are otherwise open to the internet is a really important step in ensuring they're cyber secure. And as I said earlier, Sarah training employees to know what to look for is a really important part of being cyber safe. Companies need to start thinking proactively about these risks rather than reactively prevention is always the best form of protection.
Speaker 1:
Thank you for your insights into those areas of risk and thank you to our listeners for joining us today, to learn more about this topic and others, please visit beasley.com for an extensive library of videos, podcasts, and blog posts. If you would like to learn more about Beasley's risk and resilience series, you'll find the link in included with the description of this podcast. I'm Sarah Griff fifths, and this has been a Beasley podcast. This podcast is for preliminary informational purposes. Only coverage is subject to each policy's terms and conditions for additional information about Beasley. Please visit beasley.com.