Lloyd’s Highlights Potential Impact from Cyber Crime, Data Loss

June 10, 2011

Cyber crime has become a high profile problem for risk managers, heightened as a result of the recent attacks by hackers on Sony. In an article on its web site Lloyd’s notes that risk manager are increasingly concerned “over the huge potential cost of data loss.”

It also notes that a recent workshop on “cyber crime was the best attended at this year’s AIRMIC risk management conference in Bournemouth. Over 100 risk professionals crowded the workshop, which was hosted by Lloyd’s broker Miller Insurance Services, to debate the risks and potential solutions posed by cyber crime in today’s business environment.”

The recent attacks on Sony’s Playstation Network and Sony Online Entertainment services resulted in the theft of data that “included names, passwords and addresses of more than 100 million accounts. The company has estimated that the data breach will result in a $170 million hit to its operating profits.”

These incidents and other similar attacks point to a rise in the number and seriousness of the security breaches. Lloyd’s said that “hostile cyber attacks on companies accounted for nearly one third of all UK data breaches in 2010 – up from around 22 percent the year before – and the incidents are becoming increasingly expensive.

“A survey by the Ponemon Institute found that the cost of a data breach rose in 2010 for the third year running. The average data breach incident cost UK organizations £1.9 million [$3.1 million] or £71 [$115.65] per record, an increase of 13 percent on 2009, and 18 percent on 2008. The incident size ranged from 6,900 to 72,000 records, with the cost of each breach varying from £36,000 [$58,639] to £6.2 million [$10.1 million]. The most expensive incident increased by £2.3 million [$3.75 million] compared to 2009.”

In addition Miller’s presenter pointed out that “the cost of detecting and fixing security gaps is only one issue, as there is huge expense incurred in informing potentially millions of customers whose data has been compromised, and monitoring their credit ratings going forward. The expenses associated with a data breach range from detection, escalation, notification, and customer churn – due to diminished trust.”

Nick Alston of Digital Barriers, a panelist at the AIRMIC workshop warned of the “changing face of cyber crime. He said it is no longer an activity carried out by a single person, but has been taken over by major organized crime.

“He went on to warn that, while businesses may be focusing closely on their own IT security, the risks around outsourced services are much less well-understood. “Companies should be asking themselves how well do they know the companies they are working with and how are they protecting data?”

Risk manager Chris Maurice from telecoms corporation BT plc discussed the “risks a heavily data driven business can face, and how data risks should be treated like any other property or liability risk.” He noted that as a result increased responsibility is placed “on the risk manager to understand both IT terminology and the role it plays within an organization, so that they can take an informed view on what is critical to the business and decide what [insurance] cover is required.”

Graeme Newman, of Lloyd’s specialist MGA CFC Underwriting, explained that hacker attacks, such as the recent Sony incident, have sensationalized cyber crime. As a result, there are many more incidents, such as laptops being left in the back of cabs, that need to be considered. He noted that it’s “so topical these days that even minor incidents are widely reported, and that magnifies the reputation risk around problems. At the same time regulators in Europe are pushing more responsibility onto a wider range of businesses.”

Insurance coverage is one way that companies can protect themselves. Lloyd’s indicated that, given the rise in concerns about cyber crime, “businesses are increasingly interested in insuring themselves against the potential costs that could result from data breaches or data loss. CFC Underwriting offers a standalone cyber insurance product that includes cyber, privacy and social media related risks.

“The cyber part, for example, covers third party liability and first party losses, the cost of restoring data and even business interruption loss of revenue. The broad privacy cover includes customer notification costs and credit monitoring for affected individuals.”

Newman added: “Data represents a whole new world of liability risk and businesses in Europe increasingly recognize that they must manage it in the same way as their other big liability exposures.”

Source: Lloyd’s of London

Was this article valuable?

Here are more articles you may enjoy.