Insight: How does it feel to be hacked?

Law Society partner and global insurer Hiscox, along with folding bike manufacturer Brompton set out to discover by staging a series of real world hacks.

Action Fraud recently revealed £190,000 a day is being lost by victims of cyber crime in the UK. For businesses, the cyber picture is equally gloomy. Hiscox’s latest cyber research puts the annual average loss to businesses at anything from £25,000 for smaller businesses, to more than £16 million for the very largest companies. Law firms are far from immune to the risk either with the National Centre for Cyber Security reporting in 2018, that cyber criminals had stolen £11 million from legal firms’ clients over a twelve month period.

Decoding the cyber jargon

Despite the very real losses, for many businesses – law firms included – the problem can be in fully understanding what damage a cyber attack can do to their operation. It is why Hiscox, a specialist in small business and cyber insurance, got together with iconic, folding-bike maker Brompton to help bring to life that feeling of being hacked.

Brand theft

Confused? So were a handful of Brompton staff on arriving to work to be greeted across the street by an exact copy of their store with near identical branding. The fake store – labelled ‘3rompton’ – also had customers confused. If this was a cyber crime, it would be like criminals setting up a website to match a legal firm’s own site; using the firm’s branding in a bid to persuade clients to part with sensitive information or even money.

Swamped

The next ‘real world hack’ saw a rush of ‘customers’ suddenly swamp the real Brompton shop looking for advice and help. This is what happens in a denial of service cyber attack; a website is hit by a huge volume of fake requests and, unable to cope, it falls over. For a legal firm hit by a denial of service attack, it could put their website out of action for a lengthy period.

Brompton staff were then stunned to have the windows of their shop boarded up with signs stating the boarding wouldn’t be removed until a ransom had been paid. This ‘real world hack’ was designed to simulate what happens when ransomware is downloaded into a business’s computer systems – perhaps following an employee inadvertently clicking on a suspect link in an email or a website – causing its systems to freeze until the business agrees to pay a ransom to the hacker.

Damaged and out of action

The result of all these ‘real world hacks’ was a shop disrupted and ultimately unable to trade. A legal firm hit by the cyber equivalent could similarly find itself not only disrupted but unable to run business as usual, not to mention suffering damage to its reputation, loss of clients as well as possible regulatory action and fines.

Commenting on the ‘real world hacks’, Robert Hannigan, former Director of GCHQ and Special Advisor at Hiscox, says: “The hacking techniques simulated such as ransomware and phishing are extremely commonplace and have been for many years. At the same time, new types of cyber crime continue to emerge, which makes staying on top of cyber security an ever-evolving challenge.”

How would your business respond?

Watch the film for yourself at www.hiscox.co.uk/hack to see how the ‘real world hacks’ played out and consider how your firm would manage if it became the victim of a successful cyber attack.

When it comes to cyber risk, insurance is more important than ever with attacks and security breaches increasing in frequency and sophistication. Hiscox Cyber and Data Risks Insurance provides comprehensive cover, simplicity, reputation protection and a trusted partner in the event of a claim. So, should the worse happen, you can let the experts manage your response to events while you focus on running your business.

Law Society members save 5% on Hiscox Cyber and Data Risks Insurance. To find out more, visit hiscox.co.uk/lawsociety/business-insurance or call on 0800 840 2781.