What happens when a cyber attack hits a business?
Over the last two months, cyber attacks on household names have been lighting up the headlines across the UK, but what happens behind the scenes?
Since late April, big brands such as M&S, Co-op, Harrods, Dior and Peter Green Chilled have all experienced cyber attacks on their systems resulting in financial losses.
However, no business has been as affected as M&S. The FTSE 100 retailer’s consumers have been unable to buy M&S products online since it was suspended on 22 April.
Despite this, M&S had cyber insurance coverage, so while it estimates losses running into £300m, its insurance should cover up to £100m, unlike the Co-op and Harrods, which, according to Insurance Insider, did not have a cyber insurance policy.
There has been no better advert for cyber insurance coverage and strategy than ever before.
So, with a recent wave of attacks focused on, but not limited to, the retail sector, what happens behind the screens?
Crisis mode
For businesses with coverage and a strategy in place, an insurance expert stated its role is to provide a panel of vendors, including lawyers, ransom negotiators, and communication experts.
Ransom negotiators play a role in determining the legality of paying ransoms and negotiating with threat actors.
Scattered Spider, reportedly a group of young teenagers who are more interested in gaining access to systems than monetary rewards, conducted the attack behind M&S.
Where ransoms are to be paid, Alistair Clarke, London cyber broking leader at Aon, explained that the specialists would help verify and qualify the threat and help with ransom negotiation and payment in cryptocurrency.
“The decision on whether to pay the ransom is never easy, and in some circumstances, doing so might fall foul of sanctions. Ultimately, though, the business will have to weigh the commercial imperatives against the moral considerations of paying the ransom.”
For the lawyers, Tom Pelham, partner at Kennedys and member of the Forum of Insurance Lawyers, explained: “Cyber incident response lawyers operate on a 24/7 basis, and we tend to arrive on the scene within minutes or hours of the incident unfolding.”
He noted that lawyers help the leaders quickly assess the incident’s impact so that a decision can be made about whether formal notifications to regulators and customers are required.
“However… lawyers are advising on much more than strict legal analysis; we often project manage the response, advise on wider commercial considerations and, in some cases, guide clients on whether or not they should negotiate with the threat actor responsible,” he added.
Another vital aspect for businesses to consider is the importance of communication and how companies handle these breaches effectively to their consumers, especially if personal data is implicated.
But the current attacks in the retail sector “highlight the importance of cyber insurance, alongside robust cyber risk management,” Clarke added.