This is one of the key findings from a new report – Combatting crisis complacency: large businesses’ approach to crisis management — commissioned by Gallagher and undertaken by YouGov. According to a poll of 100 UK business leaders*, more than a quarter (27%) of those surveyed have already been impacted by a data breach or cyberattack, and nearly a fifth (18%) by industrial espionage, in the last year alone.
Highlights from the research reveal:
- Gallagher’s poll of 100 leaders of large UK businesses reveals knowledge gaps or misunderstanding around the cover afforded by certain types of insurance to cover security crises, which may be leading to crisis cover complacency
- 50% of large UK firms surveyed have been hit by a major crisis event in the last year, with data breach/cyberattack (27%) and industrial espionage (18%) the most common
- Industrial espionage is an increasingly emergent threat; 30% of large UK firms surveyed expect to be impacted by such an attack in the next 12 months while 73% of large UK firms have reviewed their crisis planning in the wake of recent high-profile attacks, only 30% have reviewed their associated insurance cover; and under a fifth (19%) consulted with their insurance broker on risk assessments
- The majority (71%) of large corporates polled claim to be using social media to assess crisis issues: despite this, a third (31%) have no social media protocols in place to respond to crisis events
Gallagher’s research indicates that industrial espionage — which involves the illegal and unethical theft of business trade secrets for use by a competitor — is a significant growing risk to businesses. Nearly a third (30%) of those surveyed expects to be affected by this practice in some way over the next 12 months. There is currently limited indemnity available for this risk. This necessitates a company placing a greater focus on crisis prevention and response if it can’t be effectively transferred from a company’s balance sheet.
The growing role of social media as a risk tool and communications channel
A high number of large businesses are using social media as a tool for proactive prevention and protection purposes. The majority (71%) of large UK corporates polled say they currently use social media, digital monitoring or ‘social listening’ – monitoring conversations on specific topics, phrases or brands, via Twitter or virtual geo-fences – to gain actionable insights on potential crisis issues. However, nearly a third (31%) admitted to having no social media protocols in place to help them respond to a crisis and only 16% of those polled have a back-up social media communications channel in place in the event of a systemic IT or telephony failure.
Cover confusion and complacency
The report also highlights that businesses are leaving themselves potentially exposed through significant gaps in their crisis coverage and incident support. Although 73% of businesses polled have reviewed their crisis planning following recent high-profile events, only 30% have reviewed their associated insurance cover, despite the growing prevalence, range and sophistication of crisis incidents. Furthermore, while 99% of respondents had conducted comprehensive risk assessments linked to crisis situations, less than a fifth (19%) have included a broker in this process. This may go some way to explain the uncertainty or misunderstanding surrounding the scope of different forms of crisis insurance cover that could be effective in specific scenarios.
For example, although the majority of businesses surveyed (85%) are correct in their belief that Pool Re, the government-backed terrorism reinsurance programme, provides cover in the event of financial loss relating to a terrorist incident, nearly two-thirds (64%) mistakenly believe that loss of data is covered by Pool Re – when it is not – and a similar number (61%) are incorrect in their view that reputational damage also falls within this remit.
Commenting on the findings, Paul Bassett, Managing Director of Crisis Management at Gallagher, said:
“Large businesses across the UK are aware of the heightened dangers, new risks and emergent challenges flowing from the fast-evolving security threat landscape, which are increasingly complex and unpredictable in their nature.
“Yet despite the encouraging focus on protocols, risk assessments and mapping exercises, which are taking place across UK corporates, there is a significant blind spot when it comes to insurance. Many businesses are yet to review their insurance cover in the aftermath of the recent high-profile crisis events, which may explain the crisis cover complacency that seems to have crept in, which threatens to leave businesses dangerously exposed.
“We would urge companies to get specialist advice around their coverage and engage with their insurance brokers, during any risk review, alongside a thorough assessment of their crisis policies and response protocols.
“There will never be a fool-proof way of preventing data breaches, major terrorist attacks or industrial espionage – but preparedness and response is everything. By working with multiple internal stakeholders and implementing holistic risk management — which includes comprehensive cover and crisis protocols designed to protect an organisation’s people, systems and reputation — businesses can best build resilience to withstand the mounting threats of crisis incidents.”