Recent cyber-attacks on high profile UK retail business – including Marks & Spencer (M&S), Co-op, and Harrods – have disrupted operations, exposed internal systems and raised concerns amongst the wider business community about cyber activity and the challenges posed by the cyber-age criminals known as ‘threat actors.’
Paul Handy, Crawford’s global head of cyber, is keen to reassure businesses and their insurers that, yes, resources are available to help businesses with threat assessments, claims management and to build cyber resilience, but he’s just as keen to point out that a one-size-fits-all approach is not the answer.
“35% of all cyberattacks in 2024 were driven by ransomware,” explains Paul, “the same attack method, or attack vector as we call it, used against M&S, so the threat is very real. But there are many more attack vectors and many, many more businesses for the threat actors to use them against.”
Paul’s view is that different businesses will have different levels of cyber maturity and, while some larger corporations have increased their maturity to match the current environment, Crawford’s experience shows that many incident response plans are often untested in a live environment. For smaller businesses, it can often be the case that there are gaps in the scale and scope of their competencies which may only become apparent when an incident occurs.
And while there will also be varying levels of maturity amongst the threat actor community, the increasing levels and frequency of cybercrime point only towards increasingly sophisticated threats and the proliferation of attack vectors, with increased concern amongst half of all business owners that generative AI will be used to enhance cybercrime even further.
It is this proliferation of variables that has led Crawford to develop its adaptive service model to help assess cyber resilience as well as to manage cyber claims, empowering both carriers and corporations to strike a more effective equilibrium in their evolving relationship.
The adaptive service model overcomes the limitations of a one-size-fits-all approach by offering a modular proposition that enables insurers to connect with organizations at those points in the plan that can deliver the greatest value, placing the emphasis on collaboration and support rather than on proscriptive terms or conditions.
“The key is to be able to promote the value add of differentiated services rather than look to impose solutions,” summarises Paul Handy.
“It is about enabling organizations to import best practice and specialist knowledge into their cyber risk ecosystems, not only here in the UK but, with Crawford’s genuine global reach, wherever in the world our support might be needed.”
