Share with your friends

Closing the gap: Insuring your business against evolving cyber threats

Closing the gap

An analysis of cyber threats in various sectors, the true costs of cyber crime, and ways in which companies can mitigate this fast-evolving risk


Key contacts

Also on


Over the past few decades the internet has provided a remarkable platform for business growth and innovation. However, digital systems are susceptible to cyber threats, and businesses today are confronted by a bewildering variety of cyber attacks. KPMG in the UK joins insurance market Lloyd's of London and international law firm DAC Beachcroft in a new report to provide a cross-sector assessment of the cyber threats facing companies today.

The cyber risk challenge

As technology advances, so does the threat landscape. Organised criminals are scaling their operations and looking to automate the targeting and exploitation of business networks. They are also repurposing attacks to target new institutions in various sectors.

The publication (PDF 5.47 MB) outlined different types of attacks that organisations in 14 different sectors are subject to, and the sector-by-sector analyses highlight what businesses need to adapt in order to keep themselves and their customers safe.

The true cost of cyber crime

The costs of a cyber incident typically occur in two phases - immediate (i.e. legal and forensic investigation fees, and extortion payouts) and “slow-burn” (i.e. those associated with the long-term impacts, such as the loss of competitive advantage and customer churn). The extent of these costs can vary considerably by sector and are constantly evolving.

Businesses need to be aware of the full costs of a cyber attack, especially the “slow-burn” costs, when added to immediate costs, can dramatically increase the final bill. 

Four drivers increasing cyber risk complexity

As the risk of cyber attack increases, so do the legal and cost ramifications. There are a few factors that are most likely to influence the complexity and cost of future breaches, namely, changes to regulations, trends in litigation, supply chain security, and the internet of things (IoT) and integrated systems.

The combined impact of these four trends is a clear warning for organisations to heed. Regulatory sanctions and compensation and increasing complexity give rise to significant financial risk to businesses that fail to adequately secure their electronic networks, assets and data, and fail to hold and use data in accordance with privacy laws.

Closing the cyber insurance gap

While it is not possible to be 100 percent secure from a cyber attack, there are measures companies can take to mitigate the risks, minimise the consequences and recover more quickly should a breach occur.

Cyber insurance is a key part of the solution. Demand for cyber risk coverage continues to be driven by privacy breach laws in certain countries, yet the absence of similar measures in other continents may contribute to the relative lack of awareness around cyber insurance.

As rapid technological advancements expose new threats and liabilities to companies, the onus is on both businesses and insurers to stay on top of ever-changing cyber risks. There are four ways for businesses to work with their insurers to prepare for and mitigate cyber threats:

  • Understand your company's risk profile
  • Evaluate both current and future threats
  • Promote an enterprise-wide cyber security culture
  • Call in the cyber professionals

KPMG member firms around the world have over 3,000 cyber security professionals who can support and guide you in mitigating the inevitable risks from the increasingly digital world. Contact your KPMG adviser to discuss how KPMG can develop a tailored approach for your organisation.

Download the full report (PDF 5.47 MB)

© 2020 KPMG Channel Islands Limited, a Jersey Company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity.

KPMG International Cooperative (“KPMG International”) is a Swiss entity.  Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm vis-à-vis third parties, nor does KPMG International have any such authority to obligate or bind any member firm.

Connect with us


Want to do business with KPMG?


loading image Request for proposal