Risk of Cyber Attacks Should Be Board-Level Concern, Lloyd’s Says

Article

Digital risks must be a board-level concern for business as the range, frequency and scale of cyber attacks increases, according to a new report.

Many companies are unwittingly vulnerable to the possibility of data leakage, phishing attacks, trojans or advance persistent threats, according to a new report from Lloyd’s, the world’s leading specialist insurance market, and HP, the world’s largest technology company.

The report, “Managing digital risks: trends, issues and implications for business,” warns that, as businesses become more reliant on technology, they will face more complex and damaging digital attacks as sophisticated attackers quickly adapt their methods to steal from, disrupt and spy on businesses.

Many companies are unintentionally exposed to digital risks, believing their existing insurance policies will cover them, but most traditional (property and commercial liability) policies focus on the tangible damage to physical property and do not cover the many new areas where digital risks lie.

Lloyd’s Chairman, Lord Levene, said:

“A discussion of digital risks should be on the agenda of board meetings everywhere as cyber attacks become more frequent, more creative and more disruptive. Cybercrime is an international business aided by those countries without the legislative framework to tackle it. If we are serious about combating cybercrime, we need to increase international communication and collaboration between governments and businesses, and move towards uniform global regulation.”

Most of the digital risks that companies face, such as extortion and stolen information, are similar to risks they have always known, the report indicates. However, technology has increased the speed at which these risks can occur as well as amplified their impact. It has made information and processes more accessible and now citizens of the world – with both good and bad intentions – are more connected than ever.

The study points out that:

As part of the overall digital risk management strategy, companies should consider the growing number of cyber-risk insurance products and solutions that can transfer these risks to third parties. Although difficult to measure, the current market for cyber insurance is estimated to be around USD $600 million, a 16 percent to 25 percent increase from 2009, according to a Betterley Cyber Risk and Privacy Market Survey.
Most digital risk mitigation typically happens within the IT department. However, risk managers, technology experts and other stakeholders need to be more involved in the process in order to bring broader business perspectives to the decisions that are made.

Prith Banerjee, senior vice president of research at HP and Director of HP Labs, said:

“This collaborative research effort demonstrates HP’s focus on innovation with a purpose. The combination of Lloyd’s corporate view of risk with HP Labs’ knowledge of future technology trends and information security has enabled us to provide companies with impactful information about the digital threats facing businesses worldwide.”

Jenny Menna, director of critical infrastructure cyber protection and awareness for the national cyber security divison of the Department of Homeland Security, said cyber threats are diverse, and a collaborative approach from private businesses, the insurance industry, tech companies and federal resources are necessary to manage the risks. “Cyber security can’t just be something managed by the IT shop,” she said. “It’s got to be something business people think about in the C suite.”

The real challenge for risk managers is to determine how to effectively monitor digital risks in order to decide how seriously they should be considered. The report provides several practical and implementable recommendations to help risk managers respond to the growing digital threat including: