Understanding Cyber Risks in Aesthetics - Hamilton Fraser


The digital age has brought about a significant amount of change within the aesthetic industry, much of which has been beneficial to practitioners. However, it has also introduced certain risks that aesthetic practitioners should be aware of to ensure that their business remains protected.

What cyber risks do aesthetic practitioners face?

According to the World Economic Forum Global Risks Report 2018, cyber attacks are the third most likely risk facing the globe after extreme weather events and natural disasters.

Many small to medium-sized enterprises assume that their business is unlikely to face any cyber risks, however cyber risks are everywhere and can take their form in a number of different ways. Fall victim to a cyber breach and it could cost you greatly.

The National Cyber Security Centre (NCSC) states that around one in two SMEs will experience a cyber breach (with many more being on the receiving end of scam emails), and that for micro and small business, such a breach could run up costs of around £1,400. This is a lot more than the average premium for most cyber insurance policies for small businesses. In the UK, 18 of all data breaches came from the healthcare sector (2017).


Malware is a very common cyber security threat aimed specifically at aesthetic practitioners, thus increasing their cyber risk. Malware is designed to make the recipient either click on a link within an email or an attachment, or inadvertently download software, allowing the cybercriminal access to the computer or network.

Once the link has been clicked on, a virus such as a Trojan horse programme is used by the cyber attackers to infiltrate the system, rendering it unusable.

Attackers may also use ransomware, a malicious software that holds the victim to ransom before they can regain access. Ransoms that are used vary depending on the nature of the attack or geographical location, and have wide scale implications for the victim if they are unable to reinstate their system.

The cyber risk posed by malware is extremely serious for practitioners who are storing patient records, drug histories and health information. Not only could the use of malware disrupt operations but it could also cause severe reputational damage and ultimately even damage to the patient’s health.

It is therefore incredibly important to cover your clinic or practice for this eventuality with a comprehensive cyber insurance policy.


Phishing is another type of cyber security threat that can be targeted at practitioners, increasing their cyber risk. Phishing emails are used by attackers to obtain personal data from an unsuspecting person. This often involves directing the recipient to a dummy site and asking them to submit personal details in order to continue.

This is a common cause of identity theft, with personal data such as names and date of birth used to forge documents such as passports or driving licences. In some cases the data can be used to apply for credit cards, loans and mortgages in the victim’s name.

Within the last few years phishing scams have become significantly more sophisticated, making them more difficult to spot and leaving people open to a serious cyber breach.

Denial of Service (DoS) attacks

Denial of Service attacks find ways of disrupting the service to a network. This is commonly achieved by overloading the network by sending a significant amount of traffic or data to the website. This can leave a website unusable for a significant amount of time, which can have a direct impact on your business and ability to trade.

What should you consider in order to protect your business?

It is just as important to ensure that you protect yourself and your individual information as it is to protect your business and customer information.

The best ways to help protect your business and reduce your cyber risk are;

  • Avoid clicking on suspicious links or opening attachments. Trust your gut instinct that if something does not look right or you are being requested to provide sensitive personal information from your bank for example, then you are likely to be putting yourself at risk
  • If in any doubt about an email you receive then you should either manually go to the website or you can contact the company who has allegedly sent the email to you to check if it is genuine or not
  • Back up your data – you should have a backup of all your data on your system that updates regularly, preferably every day
  • Secure passwords – it is advisable to have complex passwords that are different for each online portal you use containing a combination of letters, numbers and symbols so that they are not easy to guess
  • Take security measures – use a security product that protects your Wi-Fi and business networks and ensure that Java, Flash and other plug-ins are up to date to avoid hackers exploiting any weaknesses
  • Take out cyber insurance – in March 2016 only seven per cent of small and medium enterprises (SME) owners had cyber insurance in place; this is despite the fact they aim to grow their businesses by 31 per cent via online expansion. Cyber insurance is now being built into all types of insurance policies, not just business but home insurance as well.

What are the benefits of having a cyber insurance policy?

Naomi Di-Scala, Aesthetic Insurance Manager at Hamilton Fraser, explains the benefits of having a cyber policy should you face a cyber breach.

“If you have a cyber-incident whereby your data or network and business is compromised, the policy will respond and get you up and running again. In addition your insurance company will deal with the investigation of the attack on your behalf. Under a business policy, there is likely to be an expert panel of companies on hand to assist in the event that you suffer an attack.

The panel will usually comprise of a forensic investigation team to find out the source of the problem and a legal team to assist with any public relations or reporting of the incident. Some are even able to set up a call centre if required to field calls from customers if they have been notified that their personal information has been stolen. There may also be cover for business interruption, which will provide reimbursement for any loss of earnings during the period of downtime.

Have a contingency plan as to how you would deal with an incident if it occurred. It is easy to assume that it will not happen to you but if it did then it would take far longer to implement any investigation and recovery if there is no plan in place.”

Protect your business

Having spent time and money developing your business it is only natural to want to protect it in the best way you can. In this digital age a comprehensive cyber insurance policy is the best way to make sure that, should the worst happen, your livelihood is safe.

Hamilton Fraser are a recognised cyber insurance provider and our cyber liability insurance will offer protection in the event of any loss, illegal threat or interruption arising from a cyber-attack.

Get a quote today!
We’ve made the process easy