Cyber Crime - Part I
Gone are the days when a solid lock and alarm system would suffice to protect a workplace from criminals. Attacks on businesses via the internet are increasing exponentially, as data systems evolve and hackers become more sophisticated.
According to the 2013 Information Security Breaches Survey, 93% of large organisations reported a cyber breach in 2012. Banks and insurance companies are attractive targets to identity thieves due to the vast expanse of consumer information that they hold. Telematics is an example of a factor that is driving the huge amass of data.
Different types of cyber crime
There are three broad categories of cyber-attacks:
- Business disruption and misuse
- Online scams
- Theft and fraud
Business disruption and misuse consists of preventing IT resources from operating correctly, or infecting a company’s computer systems with viruses. Examples of online scams include purchase fraud or fraudulent websites which may fool individuals to enter their personal information. The third category, theft and fraud, is perhaps the most relevant to insurance companies at present. Customer data theft, identity theft and theft from business are all examples of this type of cyber crime.
Legislation
A new European Commission data protection law is on the horizon. The commission will enforce that companies who experience a cyber breach such as having their customer data stolen through a hacking incident, must notify the data regulator and individuals whose data was subject to the breach. A draft version of the law specifies that organisations who fail to notify the relevant parties in a timely manner will face fines of up to €1 million or 5% of annual turnover, depending on which is greater. The implementation date for this legislation is currently uncertain.
This good first step is making firms put cyber risk into the spotlight, however, we do wonder how many cyber attacks have gone undetected in the past and if firms are aware that they need to step up their game in this area.
Cyber Monday
The most recent potential cyber attack in UK occurred on Monday 2 nd Dec 2013, where millions of shoppers found their cards were declined as they tried to pay for online transactions. The cause of this problem is currently unclear, but the suggestions range from a cyber attack to an IT issue.
In August 2012 Yahoo was sued for negligence after more than 450,000 usernames and passwords were stolen from one of its sites. Other examples of cyber breaches include attacks on users of Facebook and Skype using Blackhole exploits disguised as Facebook account verification emails, Skype voicemails and spam messages. Blackhole is a malicious software kit that is extensively used by cyber criminals to infect personal computers.
UK companies
A recent survey by the Department for Business, Innovation and Skills on FTSE 350 firms has revealed that UK companies are not doing enough to tackle cyber crime. The results show that 25% of companies consider cyber a major risk, and 56% have cyber on their risk register. We should see cyber security soar up corporate agendas as it becomes no longer acceptable to devolve the responsibility for cyber management to the company’s IT department. Effective business and IT systems that safeguard a firm against a breach are essential, but another possible option to mitigate the risk is cyber crime insurance. Part 2 to this blog will follow shortly, detailing the features of this relatively new type of insurance.