“Cyber attacks are a reality and companies need to prepare themselves,” warns Munich Re in a recently released study – “Cost of Cyber Crime” – conducted by the Ponemon Institute. “Advancements in the IT sector are opening up new applications, but also creating new risks. So-called cyber risks pose mounting challenges for companies, and corporate risk management needs to consider the threat of losses in turnover and reputational damage.”
The study noted: “In 2011, more than 232 million data records containing personal information were stolen or compromised globally, of which about 23 million records related to people in the United States. Stolen data records can cost an average of US$ 200 per person. In Germany, crime statistics compiled by the police indicate that about 60,000 cases of cybercrime were recorded in 2011.”
Munich Re’s bulletin also pointed out that cyber risks “can take a wide variety of forms. Virus infections, internet fraud, industrial espionage, misuse of personal data (identity theft), copyright infringements or denial-of-service attacks that block targeted sites by overloading them with communication requests – the companies affected may suffer extensive loss either in terms of turnover or as a result of liability claims made by clients or business partners.”
The problem, as Munich Re explains, stems from the fact that “most traditional property and liability policies provide no cover for cyber risks.” As a result there’s been an “increasing demand in the corporate sector for insurance solutions that address this new risk situation and especially its inherent potential for loss accumulation.
“Depending on their design, individual policies may now cover a wide range of first-party and third-party losses. A British market research firm reports that 30 percent of major US companies have already acquired cover against cyber risks, as compared to just 5 percent of the companies in Europe.”
Thomas Blunck, a member of the Munich Re Board of Management, commented: “Adequate insurance against data abuse should be a standard element of commercial insurance because this is a context in which any company can suffer loss of turnover or image impairment.”
Munich Re recently published a comprehensive brochure on cyber risks. In addition to illuminating specific aspects, such as the issue of liability for Facebook parties or the special legal situation in the USA, the brochure “Cyber risks: Challenges, strategies and solutions for insurers” offers an overview of the various types of loss and liability.
Cyber attacks can impose substantial losses on companies. Munich listed the following as examples of some of the perils and resultant costs involved:
— Due to business interruption resulting from the disruption of IT operations or the necessity of conducting a forensic investigation of the causes
— For legal counsel, attorneys and penalties or for defense against lawsuits
— For data and system recovery, notifying the clients affected and repairing reputational damage
— For liability vis-à-vis third parties, an aspect important particularly in the USA, where there is the risk of especially high damages claims (also via class actions).
Munich Re explained that it “utilizes its Group-wide know-how to offer made-to-measure cyber risk covers. Hartford Steam Boiler (HSB) in the USA offers a Data Compromise program to help small and mid-sized businesses respond to a data breach. HSB reinsures and manages the program for other insurance companies, so they can include the cover in their business-owners and commercial package policies.”
“When a data breach occurs, customers expect prompt notification and assistance. We help businesses to respond to data breaches by covering the cost of client notifications and services for victims of identity theft,” added Eric Cernak, HSB Vice President for Strategic Products.
Munich Re also noted that “insurers face an entirely different challenge in cloud computing, i.e. the shifting of computing capacity, storage, platforms and software to the internet. Here, Microsoft and Munich Re have set up a strategic partnership this year to find common answers to issues involved in commercial cloud computing services.”
Source: Munich Re