Is your firm taking cyber risks seriously?

Cybercrime is an ever-present threat, and one that all firms should be armed against.

The coronavirus pandemic has resulted in a dramatic increase in incidents of cybercrime. According to the National Cyber Security Centre (NCSC), there has been a 15-fold rise in the removal of online campaigns compared with 2019.

Early in the pandemic, the FCA warned consumers to be vigilant against coronavirus-related scams. It is unfortunately the nature of cyber criminals to exploit vulnerability and uncertainty, and target individuals when at their lowest. The pandemic, therefore, has been the perfect breeding-ground for scams and cyber-attacks to develop in sophistication and increase in volume.

It is more important than ever that firms are protecting themselves against cybercrime and training their staff appropriately – but are they doing so?

Our recent findings from the Aviva Development Zone reveal that while firms are interested in learning the basics of cyber threats (e.g. the definitions of phishing emails, ransomware, etc.), less than half are inclined to look further into the nuances of cybercrime, such as identifying internal/external risks or what to do in the event of a cyber attack.

The ‘Introducing Cyber Risks’ module is currently active in 1,369 training plans across 52 firms. In comparison, other modules such as ‘Managing Cyber Risks’ - a module that explains how to plan, implement and review cyber security threats – appear in less than 540 training plans across 36 firms.

It is not wise to assume that cybercrime only happens to large businesses, or that individuals or smaller businesses are unlikely to attract the attention of a cyber criminal. As this past year has highlighted, it is becoming increasingly common to hear about individuals and businesses closer to home becoming a target. While no business is immune to the risks of cyber attack, taking appropriate measures can help mitigate the impact in the event of a threat.

Knowing the difference between a phishing scam and a Denial of Service (DoS) attack is not enough to prevent an attack. Introduction to the basics of cyber risks should be further supplemented with additional training so that staff are fully confident in their ability to recognise and deal with cyber threats.

The consequences of a cyber attack can be devastating for a business. One small mistake – an employee clicking a link in a suspicious email without thinking, for example – can have financial and legal implications, not to mention untold reputational damage.

The Aviva Development Zone platform is designed specifically to support the needs of insurance brokers and those working within the financial services sector. To find out more, why not visit the website at, or if you’re already registered on the Development Zone, take a look at the ‘Cyber Risks’ section of the Content Catalogue and browse through our selection of cyber-related modules.

About the author

Jessica joined RWA in 2018, having graduated with a First Class Honours degree in Film Studies. Her role as a content designer involves developing new and engaging e-learning modules as well as assisting in the creation of articles for Insight. 

Get RWA Insight In Your Inbox

Regular business news and commentary delivered direct to your inbox each week. Sign up here