Safety in cyber insurance
In an era in which technology is pervasive and security can be easily compromised, it is important for businesses to put security measures and safeguards in place to mitigate any breaches that may occur.
There is a growing threat of cyber crime and the crimes are becoming more dramatic. They are being carried out wittingly by hackers and thieves, and unwittingly by employees, who with the shifting nature of workplace practice, take their computers home, open emails on trains and access corporate networks 24/7 in unsecure locations.
While security measures are becoming ever more diligent to deal with this cultural workplace shift, it seems there is always someone who wants to cause havoc with your intellectual property. And they can do some serious damage. In 2013, one hacker installed malware in Target’s (TGT) security and payments system to steal every credit card used at the company’s 1,797 US stores. It left customers extremely vulnerable.
The breach cost the company hundreds of millions in compensation to the 70 million customers who had information stolen.
Sony is another case in point. Nine former Sony employees have filed an amended class action lawsuit against Sony Pictures Entertainment, alleging that the studio failed to take adequate safeguards to protect personal information that was exposed in the hacking attack of 2014.
“Following the breach, SPE has focused on its own remediation efforts, not on protecting employees’ sensitive records or minimising the harm to its employees and their families,” states the amended complaint, filed in the US District Court in Los Angeles.
“Rather, SPE has focused on securing its own intellectual property from pirates and a public relations campaign directed at controlling damage to SPE associated with the release of embarrassing internal emails.”
Again, the fallout of this hacking scandal has been significant, but it just goes to show that any business – large or small – can be breached. If this occurs money is lost, customer or client confidence is destroyed, staff loyalty diminished and sensitive information is out in the world for all to see. These can be consequences from which a business may never recover.
Closer to home, The Australian Tax Office has sent out a warning to tax agents with regards to criminals targeting tax practitioners who are stealing details of their business and their client base.
Thieves have used this stolen information to:
- create false payment summaries;
- lodge fraudulent returns; and
- obtain fraudulent GST refunds.
Tax agents are particularly vulnerable as much of their tax work is now conducted online.
They are not the only ones. A report by Chubb lists several breaches, these include an energy firm which had a laptop stolen. The report states: The laptop contained significant private customer and employee information. Although the file was encrypted, the overall password protection on the laptop was weak and the PIN for accessing the encrypted information was compromised. The resolution: After assessing the nature of the information on the laptop with a forensic expert and outside compliance counsel at a cost of $50,000, the energy company voluntarily notified relevant customers and employees and afforded call centre, monitoring, and restoration services, as appropriate. While the additional first-party cost was $100,000, the energy company also incurred $75,000 in expenses responding to a multi-state regulatory investigation. Ultimately, the company was fined $100,000 for deviating from its publicly stated privacy policy. Total costs associated with the event: $325,000
In another instance a rogue employee accessed the human resources platform of a professional service provider. The employee acquired and sold social security information on the black market before being apprehended by law enforcement. Thereafter, several cases of identity theft were perpetrated against the professional service provider’s employees. The professional service provider engaged a forensics investigator and outside compliance counsel. It also notified employees of the breach, established a call centre, and provided monitoring and restoration services to impacted employees. Total costs associated with the event: $75,000
Other than taking the usual steps to better secure your privacy, a business should ask itself whether they would be able to cover the costs if a breach of large magnitude occurs. If not, insurance is required.
Cyber insurance can cover a business for data restoration, provide cover for loss of systems outage caused by a virus, provide comprehensive crime cover, cover against lawsuit and under some policies may pay for the costs of engaging a PR firm to help restore reputation. This can also include for the loss of future sales that arise as a direct result of customers switching to your competitors.
The world has changed significantly and intellectual property is under siege. It may be just a small internal breach made by a careless employee who lost a computer containing sensitive information, or it could be a major hack by a disgruntled competitor or ‘cyber terrorist’, no matter what the case protection against loss or attack is crucial to recover costs and restore reputation.
For more information about how cyber insurance can help you, Lewis Insurance can assist in providing advice on appropriate cover.
This article and any accompanying material does not consider your personal circumstances as it is of a general nature only. You should not act on the information provided without first obtaining professional financial advice specific to your circumstances and considering the specific Product Disclosure Statement.