Risk consultancy Partners& believe Human Resources (HR) experts should be far more involved in assessing – and protecting their organisation from – cyber attacks.

Staff at some of the UK’s biggest employers – including the BBC, Boots, Aer Lingus, and British Airways (BA) – will all be rightly concerned at the potential loss of their personal data to cyber criminals as part of the widely reported MOVEit hack.*

This is not the first large-scale cyber-attack on British business and is unlikely to be the last.  Yet next generation insurance advisory business and risk consultancy Partners& believe that this latest round of online criminality should function as the catalyst to finally place cyber security at the front and centre of Human Resources thinking.

 

Steve Herbert, Wellbeing and Benefits Director at Partners&, has strong views on this subject;

“Cyber security experts often point to the “human element” as the inconsistency which – deliberately or accidentally – enables criminals to find an access route into their employer’s computer systems. And, although this latest attack doesn’t appear to be the result of employee actions, it has nevertheless led to the stealing of sensitive employee data as the ultimate objective of criminal activity.

 It follows that employees can be the catalyst for such an attack and/or the victims of it, and this makes cyber security very much a Human Resources issue. HR experts may therefore need to become far more involved in implementing policies, procedures, and insurances to minimise these risks across their entire workforce.”

 

Partners&’s Cyber Director, Matthew Clark, reminds employers that government figures published last year indicate that almost 4 in every 10 employers (39%) reported at least one cyber attack in the previous 12 months, whilst fewer than 15% of the UK’s small and medium-sized enterprises have a standalone cyber insurance policy in place.

Clark commented;

“Cyber security is a problem for employers of all sizes, and for every breach at a major employer, there are likely to be many more attacks on smaller – potentially far more vulnerable – organisations too.

Aside from the reputational damage and interruptions to operations, employers may need to report breaches to the Information Commissioner, notify each data subject of the leak, and potentially pay significant levels of compensation. Employers are often required to also bear the cost of monitoring services to minimise fraud for those impacted by the breach.

 

Clark concluded;

“This latest attack highlights that cyber security should be a central component of the Human Resources remit – both to prevent attacks and protect employees. We would therefore strongly encourage many more HR experts to consider the benefits of cyber insurance to protect both their employer and their employees.”

To understand more about cyber risk and how employers can protect themselves from cyber attacks visit the Partners& website or speak with their team today on 03300 940177.

For more detail on the MOVEit attack please see the end of this release for a detailed overview and insights from Partners& Cyber Director, Matthew Clark.

 

About Partners&

Partners& is a Chartered insurance broker providing specialist insurance, employee benefits, risk management and claims advice to businesses and private clients. As a next generation insurance advisory business, Partners& combines the best traditions of broking, such as technical advice and client service, with modern thinking and intelligent use of technology, to enhance the client experience and create a dynamic workplace for its talented team.

Recent accolades include the Best Diversity & Inclusion Programme and Best UK Start Up at the 2021 UK Broker Awards and the Diversity and Inclusion category at the Broker Innovation Awards 2022.  It has also been awarded its second gold Investor in Customers award demonstrating its commitment to delivering an exceptional client experience and most recently was shortlisted for two British Insurance awards: Commercial Lines Broker of the Year and Insurance Broker of the Year.

For more information, contact Malia Brown at malia.brown@partnersand.com or visit partnersand.com and LinkedIn.

 

—————————————————————————————————————————

The MOVEit hack – commentary from Matthew Clark, Cyber Director at Partners&

 

A cyber event impacting HR and recruitment sectors:

Organisations worldwide face persistent threats from hackers and cybercriminals who are constantly seeking vulnerabilities to exploit. One significant event that has shaken the HR and Recruitment communities this week was the MOVEit software hack, resulting in the breach of personal data on potentially millions of individuals including home addresses, dates of birth, national insurance numbers and bank details. There are critical implications for both the businesses involved and the individuals concerned.

MOVEit is a managed file transfer software product that enables users to store and share sensitive information securely. The National Cyber Security Centre (NCSC), the UK’s cyber watchdog, was quick to publish an advisory on this latest mass hack, describing it as a “SQL injection vulnerability”, a method of attack long favoured by cyber criminals where malicious code is inserted into a website’s database to manipulate or access unauthorised data. Though the attack method was long-established, this was the first time the weakness was uncovered, making it a so-called “Zero-day” vulnerability.

Progress Software Corporation, the US company behind MOVEit, has issued a software update that patches the vulnerability. However, with companies like British Airways, the BBC and Aer Lingus already impacted, the contagion is likely to be much broader.

A notable feature of this cyber-attack is its focus on the software “supply chain.” By compromising a single organisation within a supply chain (in this case Progress), attackers can potentially access and disrupt multiple organisations that depend on it. This allows them to maximise the impact of their attack and target high-value assets across the supply chain.

The attack highlights the importance of Cyber Insurance for professionals in HR, Recruitment, and Umbrella firms.