Companies must think outside the box and prepare for an emerging risk that may well be outside their comfort zone, a leading Lloyd’s broker has warned.
Tom Sheffield, Technical Director at Aon, says businesses are typically at ease with physical security systems, but when it comes to online matters there appears to be a lack of knowledge.
Cyber crime is on the increase, with criminals using information negatively to exploit and extort money from individuals. Companies are therefore urged to take action and educate their employees to promote cyber security awareness, as currently 40% of data loss comes from business partners.
This results in a huge sum of losses, including customer compensation, the cost of dealing with the incident and the loss of pipeline sales.
Mobile phones are another cause for concern as they can now store emails and personal information. Employees have to be aware that information on devices such as mobile phones and Blackberrys could be accessible to others if those devices were lost or stolen.
Old computers that are about to be replaced can also hold a great deal of important information such as bank details. They can be hacked into and decoded so the best way to avoid a potential cyber crime of this kind, Aon suggests, is to ensure that hard drives are wiped before disposal.
Sheffield said: “Situations like the NHS losing patient data and HM Revenue & Customs mislaying over 25 million records of child benefit claimants have provoked directors to think about the next big risks they may face and they are asking us how the nature of the threat is changing.
“On top of the direct loss from technology abuses, there are risks to the management of companies relating to how well they protect against the attacks. We’re warning directors that they could find themselves being sued by employees or shareholders for not taking appropriate measures to prevent hacking, for example, or failing to provide back up for lost data. This is adding another layer of risk to directors who need to take action to protect the assets of their business against cyber crime or else face being sued.”
If employers do not take the necessary precautions in order to safeguard their information, employees can sue over confidentiality issues.
Marcus Alldrick, responsible for Information Protection and Continuity at Lloyd’s, added: “While many of the incidents highlighted in the media have been opportunistic attacks, such as stolen laptops that can easily be sold, targeted attacks perpetrated by organised crime are on the increase due to the high return on investment.
“Hackers and virus writers are now for hire, resulting in more sophisticated attacks and a ready underground market for information. Frighteningly, the link between terrorist organisations and organised crime is growing, with the former sponsoring the latter to undertake attacks or sell their techniques, putting the safety of people at increased risk.”
Cyber crime and data loss will continue to grab headlines, but as technology is constantly evolving, the law will continue to change and adapt in order to accommodate these new advancements. Cyber insurance is also evolving but it will always be reactive to changes in technology, Sheffield states.
Firm’s traditional disaster scenarios that spring to mind are fires and natural catastrophes, but one of the new disaster scenarios is cyber risk, which essentially affects everyone from small businesses to large conglomerates.
And cyber crime is not just a threat to businesses, it can impact on individuals. According to security systems firm Symantec, if you own a credit card and a car your information will be on 700 databases.
