According to a 2016 survey of Airmic members, cyber now ranks as the biggest area of concern for risk managers. This reflects the fact that the vast majority of businesses now rely on information technology; the fact that so many cyber attacks now occur (the Office of National Statistics recently revealed that there were 2.5 million incidents of cyber crime between May and August of 2015 alone); and the fact that risk managers now understand that cyber security breaches can have very serious repercussions.
Hackers or viruses can bring customer transactions to a halt; critical data can be damaged, corrupted or lost altogether; and intellectual property can be compromised. As a consequence, notification costs, fines for data loss, legal expenses, awards and damages can all negatively impact revenue and profit. Furthermore, reputational damage is a likely knock-on effect with customers no longer trusting that their personal data is safe and shareholders selling shares due to lost confidence.
Most companies like to think they have processes in place to protect against cyber attacks, ranging from firewalls to written policies and training. However, it is difficult to legislate against human error or misjudgement. For example, according to a recent Verizon report on data breaches, 23% of people who have received phishing e-mails have opened them, and 11% even open the attachments in those e-mails. Moreover, 40% of employees apparently download company files onto their personal devices and 50% of employees take confidential information with them when leaving an organisation. Hence a misplaced USB stick or laptop can have disasterous consequences.
Most businesses also like to think that they have insurance cover in place for cyber breaches, but traditional insurance policies are not designed to cover these technological risks. Realty is now providing clients with specialist cyber insurance products designed to mitigate the impact of incidents ranging from innocent data breaches to malicious denial of service attacks and extortion.
Cyber insurance can generally be divided into first party and third party cover. The former includes loss, theft or damage to digital assets (data and software); the cost of restoring data; business interruption; cyber extortion and reputational damage (e.g. PR assistance to limit adverse publicity). The third party cover includes costs and damages associated with security and privacy breaches; customer notification expenses; and loss of third party data including compensation for denial of access.
June 10, 2016
No comments for this post | Comments to this post