Gone phishing

Did you know it’s now possible to insure against the UK’s most common crime? Cyber-attack. Cyber-crime continues to make headlines on an almost daily basis in the UK. We frequently hear about national companies falling prey to high profile breaches of systems and data. This often results in widespread disruption for their clients as well as financial and reputational loss for themselves.

How does this affect me?

Often the sheer scale of the figures being reported and the intangible nature of the loss make it hard to relate to as a small business owner. However cyber-crime is no longer a large company problem, it is estimated that over 74% of SME’s in the UK have fallen victim to a cyber breach.
Whilst the stories hitting the headlines often involve sophisticated ransomware, the types of incidents that hit small business across the UK on a daily basis are often much simpler examples of cyber-crime. Many are caused by simple phishing scams rather than sophisticated cyber-crime. Cyber criminals aren’t just interested in targeting big business and in our increasingly connected world it’s no longer a case of ‘if’ a business will experience a loss, but ‘when’.

Could you be caught out by the following?

Telephone Hacking: A firm of insurance brokers recently had a new VOIP (web hosted) telephone system installed in their offices to reduce call costs. Fraudsters managed to use a piece of software to crack the password to the phone network and programmed the telephone system to repeatedly make calls to a premium rate number owned by them. One month later, the firm was contacted by their telephone network provider to confirm that they had racked up £25,000 worth of calls. Despite confirming that they had been the victims of hacking, the telephone company insisted on payment of the outstanding bill.

Phishing Scam: The financial controller of a small high street law firm received a call from someone purporting to be from the firm’s bank, advising that some suspicious wire transfers had been flagged on the business account. The caller insisted that the firm may have already had funds stolen from their account and were in immediate danger of all of the remaining funds being drained unless they put a freeze on the account, for which the bank would need to be told the password and pin code.

Not wanting to be the cause of any further loss, the financial controller confirmed the pin code and password to the caller, who then confirmed that the freeze had been successfully applied and that they would be in touch again once the situation was resolved. Upon calling the bank the next day to check in, the financial controller was told that the bank had not in fact been in contact and that £89,991 had been wired to three overseas accounts in nine separate transactions. It was now too late to recall the transactions and as they had seemingly been authorised, no reimbursement was offered by the bank.

CEO Fraud: A fraudulent yet almost identical looking e-mail address for the Managing Director of a medium sized building contractor was created by fraudsters who used it to instruct an individual in the accounts department to make a wire transfer payment of £50,000 to a new materials supplier. The e-mail stated that the new supplier was being used to source additional materials for a crucial job and that payment had to be made urgently to secure delivery of the goods. The e-mail was sent whilst the MD was on holiday so that no face to face verification could be made. The account to which the funds were transferred actually belonged to the fraudsters who were able to retrieve the money before the transaction could be recalled. **

How prepared are you for a cyber-crime incident?

Cyber offences now account for over half of all crime in the country. Last year the National Crime Agency revealed that cyber-crime had officially overtaken traditional crime in the UK. Where once it was masked bandits holding up bank tellers, we’re now seeing teenagers stealing cash from businesses from the comfort of their bedroom, yet many are still uninsured against the risks this poses.

When an attack happens, cyber insurance can help to cover both the immediate financial fallout and the costs associated with getting specialist help to manage the incident, whether that’s forensic investigators, IT specialists, legal experts or even PR support to ensure it is resolved quickly and effectively.

And contrary to popular belief, getting a policy is relatively painless and might not be as expensive as you think.
Contact us today for a full review of your cyber exposure and let us help take the worry of cyber criminals away.

https://www.theguardian.com/uk-news/2017/jan/24/uk-fraud-record-cybercrime-kpmg
**Claims scenarios provided by CFC underwriting