Upload
david-dickson
View
19
Download
0
Embed Size (px)
Citation preview
Safeonline LLP is authorised and regulated by the Financial Conduct Authority
What are the cyber risks?
Cyber risk now poses one of the
biggest threats to businesses
and governments since the
inception of the internet, and
the exponential growth of both
personal and business users is
further increasing the number of
avenues through which cyber-
attacks can be launched.
As the digital world touches on
more and more areas of our
lives, we pay the price by being
exposed to a greater variety
and frequency of cyber risks. This
means that any business
operating online, or even with a
presence online, needs to be
wary. Cyber risks continue to
evolve at a pace that far
exceeds international cyber risk
prevention strategies and
legislation.
Some of the main cyber risks that affect companies, governments and countries, worldwide,
are as follows:
Rogue employees stealing hardware or data to obtain a competitive advantage or
to sell on to criminal interests for extortion purposes. For example, individuals’ credit
card, banking and healthcare information is often sold on the black market for over
$100;
Negligent employees sending incorrect data, losing hardware (such as laptops or
mobile phones, which can now hold up to the equivalent of 5000 filing cabinets worth
of information), or falling victim to phishing attacks, whereby an employee will simply
click on a link in an email which allows unauthorised access into a system;
Hackers and criminal syndicates launching sophisticated and continuous denial of
service attacks, as well as foreign government agencies and cyber criminals
harvesting trade secrets, intellectual property and data for industrial espionage;
Vendors can also expose a business to cyber risks. For example, a data centre or
outsourced service provider with inadequate cyber security could offer a route for
unauthorised access to systems and networks;
Social media accounts are increasingly used for ‘spear-phishing’ attacks – whereby
hackers specifically target employees with bespoke phishing emails, allowing hackers
into company systems via personal accounts.
$68
$121
$124
$126
$127
$129
$132
$136
$137
$155
$165
$179
$215
$220
$300
$363
$0 $50 $100 $150 $200 $250 $300 $350 $400
Public
Transportation
Research
Media
Technology
Hospitality
Energy
Consumer
Services
Industrial
Retail
Communications
Financial
Pharmaceutical
Education
Healthcare
Cost per record lost (USD)
IND
UST
RY
Cost of Data Breach, per record lost
Source: Ponemon Institute, 2015 (Cost of data Breach Study: Global
Analysis). Data based on results from 350 companies across 11 countries
Average: $169
Safeonline LLP is authorised and regulated by the Financial Conduct Authority
What does cyber insurance cover?
At Safeonline we have been insuring organisations against cyber risk for over 15 years. We
are at the forefront of this product and our broking team, the largest and most experienced
in the London market, can handle any size or type of business.
Whilst at Safeonline we look at each risk individually in order to ascertain the most suitable
coverage, there are typical perils that cyber insurance covers, including:
Business Interruption: With an increasing
number of companies being ever reliant on
technology to operate, business interruption
exposures are becoming ever more
significant, and are often the main
quantifiable loss as a result of a data or
security breach. Business interruption can be
triggered by hackers, a system or technical
glitch and even human/employee error.
Some leading examples of business
interruption cases are:
Hackers took TV5 (a French
broadcaster) off air in April 2015
which affected 11 TV stations,
websites, emails and social media;
Hackers grounded ten aeroplanes belonging to LOT (a Polish airline) after
denial of service attacks blocked the transmission of flight plans;
Stocks worth $28trillion were suspended on the New York Stock Exchange for
three and a half hours in July 2015. The incident was due to a system glitch,
rather than any cyber-criminal activity.
Network/website restoration: In the case of a malicious attack, insurance can cover
restoration costs whereby IT experts are hired to reinstate a network to full operating
capacity;
Data and privacy breaches: From Personal Identifiable Information (PII) through to
actual monetary losses, cyber insurance can cover the defence costs and damages
for which the insured or outsourced service provider is liable;
Crisis Management: Cyber insurance covers the legal, PR and notification costs
associated with the aftermath of a breach;
Extortion: Sensitive data, emails or worse can be held to ransom by hackers, costs of
which can be covered by cyber insurance;
Malware/traditional hacking attacks: Whether using malware or simpler social
engineering techniques, the aftermath of a hack can involve costs to employ forensic
IT experts and also to cover costs of subsequent litigation/fines if it has impacted on
the business output. According to Symantec, a leading cyber security firm, almost one
million new malware threats were released online every day in 2014. This number is
expected to continue to grow;
Reputational harm: Cyber insurance provides an indemnity for the loss of profit that is
attributable to an adverse media event, subsequent to a cyber-attack or breach.
Human Error30%
Malicious or criminal attack
41%
System Glitch29%
Causes of Cyber Loss
Source: DataBreachToday.com
Safeonline LLP is authorised and regulated by the Financial Conduct Authority
Fines & penalties: Cyber insurance covers the costs of these fines and penalties levied
by national, international and industry regulators (where insurable by law) and can
help to minimise the significance of the fine incurred in the first place
Size doesn’t matter
Whilst a number of large multinational companies continue to make the headlines when it
comes to cyber-attacks – such as Sony, Target, Anthem, Google and eBay - it is important to
note that it is often SME businesses that are commonly worst affected by cyber-attacks.
Whilst large companies might have the capital, risk management and IT infrastructure to help
mitigate the effects of an incident, SMEs will often struggle to survive due to the business
interruption effects arising from the fatal impact that a breach. These firms are more
commonly targeted as they can provide a backdoor into larger companies with more robust
systems. This was how hackers breached Target’s (US retailer) systems, stealing 110m records
in the process. Symantec, a leading cyber security firm, have recently stated that almost two
thirds of all targeted cyber-attacks have been against SMEs.
The role of cyber insurance
Cyber insurance should not be considered as a replacement for an efficient and effectively
implemented cyber and risk management program, but rather an risk transfer mechanism
that provides financial protection should the worst happen; as well as providing immediate
access to leading forensic, legal and PR teams to mitigate and prevent any further loss. Just
as you would install sprinklers to mitigate fire damage in a property, insurance would still be
bought in case the property burned down – the same concept applies to how a company
should approach their cyber risk.
Organisations have an increasing moral and legal obligation to keep customer information
secure. The long term reputational harm of a breach can outprice any of the initial and direct
costs.
*****************
If you would like any further information about cyber insurance or anything else here, then
please do not hesitate to get in touch.
David Dickson
Broker
Safeonline LLP
Direct: +44 (0) 207 954 4409
Mobile: +44 (0) 797 168 8769
Email: [email protected]
Website: www.safeonline.com
Office: 80 Leadenhall Street, London, EC3A 3DH