By Mark Camillo, Head of Cyber, EMEA, AIG –
The number of detected cyber attacks skyrocketed in 2014 to 42.8 million –117,339 attacks each day – up 48 percent from 2013, according to consulting firm PWC. The types of incident range widely both in cause and location. From an insurance claims perspective, we now receive over 2 notices per business day on a global basis with an increase in cyber extortion claims as criminals look for more ways to monetise their exploits. In addition, the rise of the “internet of things” and the reliance on third-party cloud providers means that a host of devices connected to the internet are now exposed to new types of risk, which could increase the number of business interruptions.
Despite this, many organisations have an inadequate knowledge and understanding of the issue. The cost of a breach can be high. Typical costs include notification costs, experts to control the damage, costs of credit and ID monitoring, investigation costs, third party liabilities and regulatory investigations along with industry fines and penalties.
However, the threat of lost income stemming from systems failure either from security failures, attacks or viruses, or that might have come about internally – for example a patch that failed – is increasing. More firms are using off-site Cloud services for their business operations or rely heavily on outsource services providers, and in the event of a cyber incident, these firms could suffer significant losses with critical services being unavailable.
There are some interesting regional differences in terms of risk awareness. In the US, the states’ requirement for the notification of data breaches means that companies are more aware of the potential costs and liabilities arising from them. In the EU, businesses are more focused on business interruption, although this may change with the proposed reform to the Data Protection Directive.
Regardless of location, there can be no doubt that cyber liability is an issue no organisation can afford to ignore. The solution lies in risk managers working together with industry professionals to understand the company’s risk profile so that it can get the best cyber protection programme available in the marketplace.