Or, to frame those figures another way, 1 in every 61 organisations suffer a cyberattack each week.

The kinds of organisations at risk from cybercrime vary greatly: the Microsoft Digital Defence Report 2021 identified a broad spread of entities at risk from ransomware, with an emphasis on consumer retails, financial services, manufacturing, government, and health care. Despite these risks, however, many businesses are incautious when it comes to cybersecurity. A study commissioned by the Department for Digital, Culture, Media, and Sport polled 956 businesses and found that as many as 50 per cent were not confident in carrying out even one in a series of basic cybersecurity tasks.

Clearly, businesses need a new set of incentives to boost their cybersecurity practices, while the clients and consumers whose data they hold need an extra layer of protection against any losses that might be incurred through cybercrime. By making Cyber Liability Insurance compulsory, both of these goals can be achieved in one simple gesture – and, given the stakes involved, this is an avenue well worth exploring.

It’s not just companies at risk when cybercriminals attack

What, then, do the stakes of cybercrime look like? The right kind of cyberattack can be devastating for businesses – and almost every business is vulnerable. After all, if a company practices anything as simple as email usage, they are open to cybercrime. In a practical sense, there are serious financial implications for businesses that suffer from this kind of attack. Cybercriminals are, for example, capable of stealing financial information, directly stealing money, or disrupting trading and business in ways that are financially detrimental.

The possible repercussions of cybercrime don’t end with the injured organisation itself, however. Businesses also house an extraordinary amount of data pertaining to their own customers or clients – including, potentially, their financial data. As McKinsey noted in a pre-pandemic report, “organisations have more data than ever at their disposal” – and this is, of course, a deliberate move, given the potentially valuable insights that such data can hold. At the same time, however, this new culture of data-hoarding comes with increased risk in the event of a cyberattack – just recently, for example, millions of clients of the computing company Acer have seen their data sold by hackers.

That, in a nutshell, is the problem with cyber laxity in today’s increasingly risk-laden climate. Cyberattacks on businesses start a ripple effect that expands outwards from the initial point of attack, disrupting the lives and finances of a huge array of subsidiary targets.

Fixing the problem with compulsory cyber liability

The answer to this problem is to significantly revamp insurance requirements by making cyber liability mandatory. At present, after all, business insurance requirements are extraordinarily minimal. According to the UK government, the only legally required policy is employers’ liability insurance (EL) which covers businesses in the event that a member of staff claims to suffer illness or injury due to their work. But, as we have seen, the absolute dominance of data and technology in almost every industry – what could be called the ubiquity of cyber vulnerability – means that we need to rethink our insurance priorities to reflect the risks involved in the world of today.

Cyber liability cover can, after all, mitigate not only for cyberattacks, but for data breaches and any damage that such breaches can inflict. The right cyber liability can cover legal claims and compensation costs, protecting those whose data is being held by the company.

While this kind of compensation is a great step, making cyber liability compulsory might bring about an even more powerful benefit in the form of more robust cybersecurity practices. After all, if cyber liability were mandatory, businesses would naturally want to reduce its cost. This would entail proving that they are at low risk of cyberattack – and the only way to reduce exposures would be, of course, to invest in stronger cybersecurity. As such, compulsory cyber liability could do much more than simply compensate for losses – it could spark a new wave of interest and investment in cyber security, lowering the rate of cyberattacks and keeping people, their data, and businesses themselves significantly more secure. 

About the author: Edward Halsey is the COO and co-founder of hubb