Log In

Reset Password

Business warned to wake up to cyber threats

There’s no question that the internet has change the way we live and work. Now, it’s beginning to change the insurance industry, which says businesses around the world need to “wake up” to the reality of cyber threats.

That’s the consensus following the Advisen Cyber Liability Insights Conference in London last week, which discussed the privacy and security risks facing businesses today.

Speaking at the conference, Francis Kean, executive director of the FINEX Global Unit for Willis, warned that companies and their boards of directors must understand how exposed they are to the growing threat of cyber attacks.

“There is a whole universe of potential cyber risk not understood at a board level,” he explained. “This, in turn, creates a risk that board directors will fail to discharge their duty of care and duty to promote the success of the company. Their fiduciary duties require them gain some understanding of the cyber threat faced by their companies and to ensure adequate and proportionate procedures are adopted to mitigate the consequences of a serious data breach.”

Cyber attacks against governments and businesses are among the top five risks in the world according to the World Economic Forum’s (WEF) Global Risks for 2012 report. Cyber attacks come in at number four of the risks most likely to materialise just behind economic fears about income disparity and fiscal imbalance, and concern over rising greenhouse gas emissions. Experts are most afraid of cyber attacks that spark come sort of devastating malfunction in power plants, water supplies and other critical systems.

But data breaches seem to be the most common of type of attack. InformationWeek recently reported that there were 419 data breaches in the US that were publicly disclosed in 2011 exposing a total of 22.9 million records. It’s difficult to pinpoint the exact number of breaches as many went unnoticed by the media or weren’t reported at all.

One that did not go unnoticed was a breach at Sony. The tech giant suffered a massive loss when hackers stole the names, birth dates and credit card numbers from nearly 100 million customer accounts on its PlayStation Network a debacle the company estimates will end up costing them at least $200 million.

In a lawsuit, Sony’s insurer, Zurich American Insurance Company, said the company did not have a cyber insurance policy. A spokesman for Sony said they had coverage for “significant portions” of the losses for the data breaches.

Despite high-profile cyber attacks like the one at Sony and others on Google, Epsilon, RSA and others last year, only a third of companies surveyed by the research group, Advisen, say they have a cyber insurance policy.

Even more disturbing is that cyber risks don’t seem to be getting adequate attention from the top. The 2012 Carnegie Melon CyLab Governance survey of the Forbes 2000 list found that nearly half of the respondents said they do not have full-time personnel in key privacy and security roles, and 58 percent said their boards had not reviewed their companies’ insurance coverage for cyber-related risks.

Experts say when it comes to cyber insurance, every company needs it and most don’t realise they don’t have it until it’s too late. More companies are expected to buy policies this year because of new Security and Exchange Commission requirements in the US. Last October, the SEC issued new guidance requiring companies to disclose material cyber attacks and their costs to shareholders. The guidance specifically requires companies to disclose a “description of relevant insurance coverage”.

“The SEC guidance is a useful wake-up call to the risks of data breaches for boards everywhere but they now have a delicate balancing act,” Mr Kean said at last week’s Advisen event. “The problem with exposing cyber breaches is you don’t want to provide a route map to hackers or potential plaintiffs down the road, but you also don’t want to expose yourself to a shareholder class action.”

Also speaking at the Advisen Cyber Liability Conference, Jeremy Smith, the cyber liabilities practice leader for Willis, discussed the development of cyber-liability insurance, saying: “The convergence of cyber coverage in recent years was largely due to a lack of sophisticated claims data and significant increases in cyber crime.”

Technological advances have changed and will continue to change the way companies collect, use and store their biggest asset data. Experts say smart companies understand that risk and are taking proactive steps to protect their data, customers and reputation.

Real risk: Insurance against cyber attacks is expected to boom in 2012

You must be Registered or to post comment or to vote.

Published March 20, 2012 at 2:00 am (Updated March 20, 2012 at 9:14 am)

Business warned to wake up to cyber threats

What you
Need to
1. For a smooth experience with our commenting system we recommend that you use Internet Explorer 10 or higher, Firefox or Chrome Browsers. Additionally please clear both your browser's cache and cookies - How do I clear my cache and cookies?
2. Please respect the use of this community forum and its users.
3. Any poster that insults, threatens or verbally abuses another member, uses defamatory language, or deliberately disrupts discussions will be banned.
4. Users who violate the Terms of Service or any commenting rules will be banned.
5. Please stay on topic. "Trolling" to incite emotional responses and disrupt conversations will be deleted.
6. To understand further what is and isn't allowed and the actions we may take, please read our Terms of Service
7. To report breaches of the Terms of Service use the flag icon