Data outsourcing is becoming a larger target for cyber attacks as companies look at ways to cut internal costs
By Jon Guy
UK businesses are buckling under the rising tide of data breaches, according to insurers.
For example, (re)insurance group Chaucer revealed in July 2024 that UK citizens were affected by five data breaches each on average last year. The firm further ringfenced the ongoing use of third party data services as a major issue for businesses of all sizes.
Chaucer said that the total number of individuals about whom information was breached in 2023 was 312 million, up 53% from 204 million in 2022.
Meanwhile, insurer QBE shared similar data in October 2024 showing that the number of disruptive and destructive global cyber attacks taking place each year will increase by 105% by the end of 2024.
Its report, Connected Business: digital dependency fuelling risk, explained that “strategically significant, disruptive and destructive global cyber attacks” will more than double this year to 211, compared to 103 in 2020.
Examples cited within the report include mentions of UK central government breaches, which saw 196 million individuals impacted, while 29 million individuals were hit by breaches in the retail and manufacturing sectors. The health sector suffered attacks which left 18 million exposed.
The compromised data from these attacks included financial details, medical history and personal information – such as addresses and dates of birth – all of which can be sold on the dark web to scammers and identity fraudsters.
Moving the goal posts
Chaucer said the ongoing economic slowdown and leaders’ concerns over business running costs are making companies consider how they can reduce expenses – meaning that data outsourcing is growing ever more attractive. However, it is clearly riskier.
Read: Briefing – Can risk prevention mitigate against the increase in cyber attacks on the public sector?
Read: Crowdstrike IT outage could prompt ‘greater demand for cyber cover’
Explore more cyber-related content here, or discover more briefing articles here
“Private companies and public sector bodies alike are outsourcing to cut costs – far too many are failing to perform enough due diligence on the data they are sharing with these third parties,” the (re)insurer added.
While insurers are acutely aware of the increasing threat of cyber breaches and the risks these attacks pose for policyholders, any solutions are far from clear.
Throw in the fact that there is likely to be a string of new rules and regulations around organisational responses to cyber attacks and the insurance industry will be looking to deliver in what remains a movable playing field.
Underwriters will most likely look to reassess their cyber and data breach offerings.
Brokers and clients can expect to face more detailed proposal forms that focus on the level of cyber risk management that has been put in place.
Insurers say brokers will need to take a more proactive stance on the need for cyber security and risk management amid continued concerns in the market over potential exposure levels, particularly as insurance penetration grows alongside the number of incidents.
Cyber is back on the agenda and the virtual supply chain in under the most intense of spotlights.
No comments yet