View this article online: https://www.claimsjournal.com/news/international/2008/03/14/88224.htm
Tom Sheffield, Technical Director at Aon, pointed out that businesses are typically at ease with physical security systems, but when it comes to online matters there appears to be a lack of knowledge. Companies must think outside the box and prepare for an emerging risk that may well be outside their comfort zone, he warned in an article on the Lloyd’s web site (www.lloyds.com),
The article states: “Cyber crime is on the increase, with criminals using information negatively to exploit and extort money from individuals. Companies are therefore urged to take action and educate their employees to promote cyber security awareness, as currently 40 percent of data loss comes from business partners.
“This results in a huge sum of losses, including customer compensation, the cost of dealing with the incident and the loss of pipeline sales.
“Mobile phones are another cause for concern as they can now store emails and personal information. Employees have to be aware that information on devices such as mobile phones and Blackberrys could be accessible to others if those devices were lost or stolen.
“Old computers that are about to be replaced can also hold a great deal of important information such as bank details. They can be hacked into and decoded so the best way to avoid a potential cyber crime of this kind, Aon suggests, is to ensure that hard drives are wiped before disposal.”
Sheffield noted: “Situations like the NHS [the UK’s National Health Service] losing patient data and HM Revenue & Customs mislaying over 25 million records of child benefit claimants have provoked directors to think about the next big risks they may face and they are asking us how the nature of the threat is changing.”
He added: “On top of the direct loss from technology abuses, there are risks to the management of companies relating to how well they protect against the attacks. We’re warning directors that they could find themselves being sued by employees or shareholders for not taking appropriate measures to prevent hacking, for example, or failing to provide back up for lost data. This is adding another layer of risk to directors who need to take action to protect the assets of their business against cyber crime or else face being sued.”
If employers do not take the necessary precautions in order to safeguard their information, employees could sue over confidentiality issues.
Marcus Alldrick, responsible for Information Protection and Continuity at Lloyd’s, explained: “While many of the incidents highlighted in the media have been opportunistic attacks, such as stolen laptops that can easily be sold, targeted attacks perpetrated by organized crime are on the increase due to the high return on investment.
“Hackers and virus writers are now for hire, resulting in more sophisticated attacks and a ready underground market for information. Frighteningly, the link between terrorist organizations and organized crime is growing, with the former sponsoring the latter to undertake attacks or sell their techniques, putting the safety of people at increased risk.”
Sheffield indicated that while cyber crime and data loss will continue to grab headlines, technology is constantly evolving. The laws governing technology will therefore continue to change and adapt in order to accommodate these new advancements. Insurance coverage is also evolving in tandem with the legal changes, but it will always be reactive to changes in technology.
Businesses have traditionally sought protection against traditional types of disaster, such as fires and natural catastrophes. But one of the new disaster scenarios they must face is “cyber risk, which essentially affects everyone from small businesses to large conglomerates.”
In addition Lloyd’s notes that “cyber crime is not just a threat to businesses, it can impact on individuals. According to security systems firm Symantec, if you own a credit card and a car your information will be on 700 databases.”
Source: Lloyd’s