According to a new report from Willis Group Holdings – Willis Summer 2011 Leisure Newsletter – “vast quantities of personal, identifiable information collected by the leisure and hospitality industry has made it a chief target of cyber attacks.”
Willis’ Cyber Risk Unit reported that “cyber-related insurance claims have spiked by 56 per cent over the past year alone, with an increasing proportion of victims in the hospitality industry.” Citing a recent survey, Willis warns that hotels, resorts, tour companies, and other leisure and entertainment providers are “increasingly vulnerable to hackers seeking to steal personal information. The Newsletter highlights the major risks posed by the deluge of personal data and explores actions companies can take to protect themselves against cyber crime.”
According to estimates compiled by the Ponemon Institute, a US-based information technology think tank, “the costs of recovering from a cyber attack – including costs associated with notifying customers and implementing credit monitoring software to help ensure victims’ credit records are not compromised by the misuse of stolen data — typically range anywhere between $100,000 to $1 million.”
However, Willis pointed out that “some of the largest breaches can cost in excess of $100 million. More stringent data protection legislation coming into force will only further increase companies’ financial exposure to cyber crime, both in terms of liabilities to banks and individuals, to say nothing of the more difficult to quantify reputational damage such attacks can cause.”
The main culprits of data breaches include rogue employees, malicious attacks, and innocent mistakes made by outsourcing firms employed to manage customer data.
Laurie Fraser, Global Markets Leisure Practice Leader for Willis explained: “Hackers are getting ever more sophisticated, penetrating firewalls to drain corporate databases of their customers’ personal details, including credit-card numbers when not encrypted, medical histories and other personal information.
“This year has already seen at least three high profile cyber crime cases where security breaches triggered public outrage and panic over identity theft and fraud. The incidents badly bruised the reputations of popular consumer brands, as well as exposed firms to a host of increased costs as well as potential liabilities.”
Jeremy Smith, Practice Leader of Willis’ London Cyber Team, added: “Companies that hold substantial volumes of personal, identifiable data are irresistible to web-based pirates.”
In response, Smith said that cyber liability insurance, which has existed for about 10 years, is evolving to reflect the current environment, helping companies to transfer the risks and costs of data loss and cyber piracy.
“Willis is working closely with the insurance industry to stress test existing policies’ ability to address the nature of cyber crime and develop exclusive wordings that assist in the transfer of these risks. Recent breakthroughs include the introduction of identity theft solutions and Payment Card Industry fines coverage, which helps to protect companies from penalties linked to the mismanagement of credit card data.”
Source: Willis
Topics Cyber
Was this article valuable?
Here are more articles you may enjoy.
AIG General Insurance Chairman McElroy to Retire May 1 
FBI Says Chinese Hackers Preparing to Attack US Infrastructure 
Former Congressman Charged After Collision with State Trooper in Florida 
Trump’s Bond Insurer Tells Judge Shortfall Is ‘Inconceivable’ 
