If we were to use the term “Cybercrime” you’d possibly either picture a futuristic police squad from a sci-fi movie or perhaps a typically nerdy hacker, tapping away on his laptop, spreading viruses to get some attention. The truth is, Cybercrime is bigger than the global black market in marijuana, cocaine and heroin combined!
There was a time when the risks to a business were easily defined, it used to be that you’d only need to invest in security for your physical assets, nowadays you need to safeguard your virtual assets too. Any company dealing with electronic data is at risk of a cyber breach or data leak, in fact more and more companies see it as one of their most pressing risk concerns and yet it’s one of the least insured areas. Source – AIRMIC survey June 2012
Data stored on a network is a threat to almost any business and yet most are only vaguely aware of how exposed they are and what they should do to protect themselves. Anyone who doesn’t have sufficient cyber security could be in breach of personal data protection and fined as a result.
Risks are evolving and becoming more complex. In 2011 data breaches corrupted over 174 million records.Source – Verizon’s 2012 Data Breach Investigations Report
Recently the news has been full of successful and foiled ‘cyber plots.’ The Ministry of Justice was fined £140,000 after the details of more than 1,000 inmates at Cardiff prison were emailed to three prisoners’ families and estate agent Foxtons suffered a possible data breach when a list of 10,000 e-mail addresses, usernames and passwords were posted online.
It isn’t just big business that can be targeted, hackers are just as likely to aim for a larger company through their supply chain. Very often they will aim low in the hope that a virus could infect systems higher up the chain. Sectors particularly at risk include UK companies with US operations, universities and colleges, retailers, the hotel, travel and leisure industry, telecom companies, utilities and financial institutions.
75% of data breaches occurred in organisations with less than 100 employees.Source – Verizon 2012 Data Breach Investigations Report.
Loss of data needn’t always be the result of some nefarious, underworld “cyber criminals!” It’s just as likely that data could get into the wrong hands due to the accidental loss of a laptop or USB stick. Even opening an innocent looking e-mail could result in downloading software that leaves your business open to attack.
Every minute 232 computers are infected by malware.Source – RSA 2012 Cybercrime Trends Report
The knock-on effects of a cyber breach or data leak can be massive with some serious consequences to your business. Your IT department, if you have one, will need to discern whether it was a leak, a loss or a hack. They’ll need to investigate what happened to the data and where it is now. Has it affected your server? Does it need replacing? Do you have a disaster recovery plan? News could spread fast, with confidence in your business and its reputation taking a dip as a result. Who needs to know first? The media, clients, staff, stakeholders? How is it best to notify them?
Then you’ll start to see the financial affects. Possible regulatory fines, potential litigation from the people whose data has been lost, third parties who have been affected by the loss of data. Not to mention the costs you’ll incur to diagnose the loss, notify everyone affected by it, reconfigure networks, re-instate security and restore data. In the event of a cyber breach it’s estimated that the cost to notify everyone affected is £50 per person. With many companies’ databases running into the thousands the financial impact could be considerable.
Many businesses in Europe don’t have a specific policy covering cyber risks, whereas in the US most companies already have separate Cyber Liability policies. These will cover the obvious, and less obvious, consequences of cyber risks, allowing companies to continue their day-to-day business with the least amount of disruption. Through a combination of traditional insurance cover and professional consultancy they can lessen the financial, reputational and IT impacts of a data leak, loss or breach.
The knock-on effects can be substantial and a specific policy will cushion much of the impact an attack of this nature will have on a business. The costs of a cyber incident response service can be covered, performed by cyber risk specialists, as well as any costs incurred when restoring, recollecting or recreating data. Crisis management could be provided to notify and monitor anyone affected, which also helps to safeguard any reputational damage.
With the latest “cyber plot” appearing in the news headlines, and a realisation that loss of data is a major risk in today’s business world, Cybercrime is less in the realms of the science fiction movie and very much present in the real world.
Or feel free to sign up to our free cyber liability seminar.