Cyber Crime – How can you be prepared?
This month we are focusing on cyber-crime, the risks that are posed to businesses and individuals and how you can reduce these risks and indeed ensure you are covered if the you do come under attack.........
In today’s world use of and interaction with, electronic data and the internet is an integral part of everyday operations – both business and personal. Cyber-crime, loss of sensitive data and loss of revenue from system downtime are issues that receive ever greater public attention. One only needs to think to the crisis that affected RIM, the company behind Blackberry, in October 2011.
Even a company whose network security was thought to be of the highest quality can suffer downtime. The disastrous effect that the fallout had on its reputation was undoubtedly heightened by the prevalence of social media.
Many UK companies are not equipped or insured to protect their data or the consequential losses arising from the loss of access to computer systems. Where those losses affect third
parties who may seek compensation as in the case of RIM the results could be catastrophic to the survival of a business and to its reputation.
As the criminal fraternity increasingly turns to cyber-crime, analysts suggest that such activities have reached epidemic proportions.
A report published by the UK Home Office suggests that cyber-crime may cost up to $1 trillion per year globally, with the cost in the UK being $27 billion. The same report highlights that cyber-crime is the second highest risk to the UK after terrorism.
Although firewalls, encryption and other methods of security protection are available, these are not infallible or always operative. In recent times, the networks of some of the biggest and supposedly most technologically sophisticated organisations in the world have been subject to targeted attacks which have resulted in network downtime, including Sony, Nokia, Adidas, Nintendo, Booz Allen Hamilton and the Spanish Police, to name but a few.
The loss of sensitive information can seriously compromise a company’s ability to function in a competitive market, while attacks on websites or email servers can effectively put a company out of business. With such losses provoking actions by shareholders, clients, suppliers or the general public, the insurance market has developed a range of products to provide protection as an ultimate backstop should systems security fail.
Most general insurance policies are unlikely to provide adequate cover for cyber risks without a specific extension and this represents a serious gap in the protection provided. Traditional policies are designed to cover loss of or damage to tangible property resulting from an insured peril (such as fire, flood, theft, etc). These policies do not generally cover intangible assets (for example data, intellectual property,etc) or incidents that do not result in physical damage (for example, theft of data, computer virus, etc)
The types of cyber exposure that can be covered by insurance, usually by way of a separate policy or section, include:
- Legal liability to others for computer security or privacy breaches
- Legal liability for online media content (including social media sites)
- Loss or damage to data
- Loss of revenue or increased costs incurred due to a computer attack
- Loss or damage to reputation
- Cyber extortion