On Wednesday November 20th 2013, business people from across South Wales joined us at the Cardiff City Football Stadium to learn more about the risks posed by cybercrime and discover just how easy it could be for companies to suffer a data breach.
After everyone had enjoyed a hot beverage and bacon roll, Jan Wilkins, our Managing Director, welcomed those attending and thanked the guest speakers from Selex and AIG for their assistance in organising this; Creative Risk Solutions’ first Cyber Liability Seminar.
Jan admitted that, until recently, she had been as much in the dark as anyone regarding the specifics of cybercrime and the risks that data breaches presented nowadays to the majority of businesses. While the Seminar would no doubt alarm a lot of those attending as to how easy an IT system could suffer a breach, whether intentionally or accidentally, the intention was always to temper that concern with the comforting knowledge that the correct insurance could lessen the impact of a data breach.
First to speak was Simon O’Gorman, an IT security expert from Selex, a world leader in the development and supply of information security products and services, who provide computer forensics for cyber liability policies. His presentation gave an insight into the growing threat of hacking and proved just how easily your business could suffer a data breach.
Whilst an external hack is a clear threat, systems can be prone to data loss and infection from something as innocuous as opening an email, or simply through an employee losing a laptop or USB. Secondary attacks are also a possibility through the infection of a company’s supply chain. Simon made it clear that anything containing a computer is now open to attack, with both Smart TVs and air conditioning units being used to infect companies’ systems with malicious software.
Many SMEs will fall into one of two categories when it comes to the threat of a data breach, they either bury their head in the sand and deny that their business is at risk, or run forward with their hands over their eyes unaware of where they are going and what they are doing, metaphorically speaking of course. The truth is that 95% of attacks target well known vulnerabilities and 97% of attacks are easily preventable, so the threat of a data breach, intentional or accidental, can’t be ignored.
It’s no longer a question of ‘if’ your business will suffer a data breach but more a case of ‘when’ you will become a victim, with the advent of cloud computing opening up even more cyber threats. Firewalls and viruses will protect a business to some extent but there are just too many factors that are completely out of your control.
Leaving everyone with that sobering thought, Simon gave the floor to Rachael Schoer, a Senior Development Underwriter at AIG, one of the largest companies specialising in the UK business insurance market. Now that everyone attending had a deeper understanding of the risks that are out there, Rachael was able to go into more detail about the costs relating to a data breach and how a specific Cyber Liability policy could cover them.
The costs related to a cyber-attack or data breach could quite easily wipe out a small to medium business, thankfully a Cyber Liability policy can cover these costs. The fact is, cyber-attacks are on the rise, with a 50% increase since 2011, with 87% of small businesses experiencing a data breach in 2012. The cost of a breach can be significant, with UK cybercrime costs amounting to £27bn a year and the average cost to SMEs from £35,000 to £65,000. Most alarmingly, cybercrime generates more income per year than the global porn and drugs industry combined!
Rachael went on to explain that new European legislation requires that the Information Commissioner’s Office be notified of a data breach within 24 hours of it being discovered. Fines in relation to a data breach occurring have now increased from a maximum of £500,000 to €1,000,000 or 5% of annual worldwide turnover, depending on the severity of the breach. AIG’s CyberEdge policy can cover costs related to a data breach, including any regulatory fines, one example being a college who accidentally posted the details of around 42,000 students on its website; an investigation was launched and the CyberEdge policy paid out £250,000 in legal defence costs.
A traditional insurance policy won’t cover these and other costs when data is lost or a breach occurs, but Rachael showed that CyberEdge could not only cover fines and defence costs but also the costs for notifying those affected by a breach, repairing or restoring data, a PR consultancy to contain reputational damage and an expert cyber forensics team. Rachael concluded by highlighting the tools that CyberEdge can offer, including an iPad app and a Risk Tool website that simplifies the process for users.
After thanking Simon and Rachael, Jan hoped that the day had highlighted the need for businesses to be aware of the risks relating to data breaches and cyber-attacks. You can follow our live tweets from the event by searching for #crscyber on Twitter or, if you want to find out more about Cyber Liability and the CyberEdge policy, you can speak to one of our team today.