Safeguarding your business’s survival in the aftermath of a cyber attack
Jonathan Healy, a Divisional Executive at Marsh Africa.
Jonathan Healy, a Divisional Executive at Marsh Africa, discusses how in today's modern environment, organisations, whether government or private, are reliant on technology and telecommunications to effectively function and this means that no business is immune to a cyber security breach. Essentially, companies need to ask themselves if they are adequately prepared should the eventuality occur.
Upon discovering a breach, it is vital to act decisively and comprehensively, or it may expose your business to extensive financial risk. Make no mistake; dealing with a cyber-attack is an enterprise-wide issue, affecting every team within an organisation. Although comprehensive insurance has been proven to limit the financial fallout, a balanced approach including sufficient risk management practices and security measures, to enable a sound policy response to cyber-attacks, need to be in place.
Take the example of the Toronto-based dating website, which was hacked late last year. The hackers gained access to millions of customer records through the database of the online married dating portal for extramarital affairs and posted 30GB of personal data of its tens of millions of customers, including their names and email addresses.
Today, the lessons learnt from one of the largest, most personally-damaging information exposures ever is that maybe it’s time we think differently about the liabilities of companies and individuals in possession of our data. Some of the many class-action lawsuits unfolding against the dating site are hoping to do just that. Many of them seek to hold the company liable for its false promises of discretion and security. Ask yourself, is your company equipped to survive, whether consumer facing or not, if a breach of this magnitude were to occur?
There is a broad spectrum of cyber and privacy risks that have the potential to cause significant economic loss and reputational damage to business. The theft, loss or unauthorised disclosure of personal and company information, payment-card information and other third party confidential information together with other events which may result in denial of service, outages and disruption to critical applications and networks, are some of the important risks to consider. This is further exacerbated by a changing regulatory environment and personal information protection regulation, introducing penalties and the mandatory notification to affected data subjects following a breach.
Business exposures resulting from cyber-crime and the rapidly evolving regulatory environment may be classified as first party or direct losses such as business interruption, extortion, loss of digital assets or fines and penalties and third party or liability losses such as privacy breaches, denial of service due to errors and omissions or transmission of a virus.
Cyber-attacks are escalating in frequency and intensity and an increasing number of businesses, are seeking financial protection through insurance for losses arising from data breaches and cyber related network interruption.
Privacy and cyber security risks have left many traditional forms of insurance unable to adequately respond to these exposures. The insurance market has responded by offering specialty cyber insurance products that are designed to help bridge gaps in traditional lines such as property, crime and civil liability and general liability. Cyber policies also provide cover for direct and third party liability losses associated with the use of technology and data and can also be expanded to include business interruption following a cyber-event.
A risk evaluation programme which has been carefully designed in conjunction with a knowledgeable insurance broker who has considered, together with the client, the various specific cyber exposures which they face, can ensure that cyber insurance fills many of the gaps in traditional cover.
