This page contains a Flash digital edition of a book.


Cyber attacks: It’s not a matter of if but when

WE HAVE BEEN INUNDATED WITH reports over the last couple of years of huge cyber attacks on large companies that are household names across the globe. It is as if the Sony PlayStation attack of April 2011 awakened the world’s hackers to the vulnerabilities of businesses and the riches that lie within. There have been countless surveys

from global accounting firms and large IT security companies that attempt to put a dollar value on the impact of cyber attacks. While the figures on the global cost vary wildly from tens of billions up to several hundred billion dollars, all reports agree on the exponential increase in cyber attacks. The Norton Cyber Crime Report of 2013 has put the number of victims at more than one million per day; that equates to 12 victims every second. IT security firm Kaspersky Lab reported that they successfully neutralized more than five billion cyber attacks in 2013 alone. The impacts of an attack are now well known and best demonstrated by the recent high profile cyber attack that hit US retailer Target. The breach compromised more than 40 million customer credit cards and has already claimed the job of the company’s Chief Information Officer and its CEO. In February the share price had plummeted more than 12% and Target’s earnings slid 46% as costs associated with the breach continued to mount and consumer sales slumped. The full impact of the reputational damage will only be truly known in the years ahead, and it is not likely to be forgotten quickly with the company now facing more than 80 related lawsuits.

If you only trawled the headlines of the major media publications, you could be forgiven for thinking that cyber attacks were a phenomenon centred around large companies only. However, the largest credit card ID

fraud in Australia’s history occurred in December 2012 and was the result of an attack on 46 small to medium businesses – mainly service stations and retail outlets. They are hardly your stereotypical targets for this type of attack but that is precisely the reason they were targeted.



Australian businesses remain complacent when it comes to the threat of cyber exposures. It is this very attitude that has made them the “low- hanging fruit” for international cyber criminals. Too many companies still view themselves as too small to be targeted, or they simply rely on their IT teams to manage the exposures. The profound impact of a cyber attack means that it should rank in the top three exposures to any business and, accordingly, it should be the CEO and the Board taking responsibility for the management of the exposures, not IT. All of this paints a pretty bleak picture, so what can brokers do to help protect their clients?

36 Insurance & Risk Professional – Raise awareness: cyber exposures

are not going away. If anything, they are only going to increase in frequency and sophistication. Ensure your clients understand what data they have and how they store it, and keep them up to date with what attacks are taking place generally. This way they can learn from others before they become the victim. Cover the basics: the majority of

attacks are not targeted and can be thwarted with simple IT security software. Ensure they are using firewalls and virus software that is up to date and that all of their data, particularly mobile data, is encrypted. Be prepared: if they haven’t got a business continuity plan in place, urge them to get one. Ask them how their business could operate without access to its data. Build a plan and test it; refine the plan and test it again. Prepare for the worst and hope for the best. Transfer risk: look to transfer any

exposure that you cannot manage. The proliferation of cyber liability policies available in the market provides broad cover for cyber exposures. These policies are not designed

to replace good risk management practices, but in the event that your risk management fails, cyber liability insurance will ensure that the impact to your business is mitigated.

Matthew Clarke is AIG’s Australasian Professional Indemnity Manager. He will give a seminar at the 2014 NIBA Convention exploring the risks of systemic technological failure and how brokers can best advise and protect their clients.

Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56  |  Page 57  |  Page 58  |  Page 59  |  Page 60  |  Page 61  |  Page 62  |  Page 63  |  Page 64  |  Page 65  |  Page 66  |  Page 67  |  Page 68  |  Page 69  |  Page 70  |  Page 71  |  Page 72  |  Page 73  |  Page 74  |  Page 75  |  Page 76  |  Page 77  |  Page 78  |  Page 79  |  Page 80  |  Page 81  |  Page 82  |  Page 83  |  Page 84  |  Page 85  |  Page 86  |  Page 87  |  Page 88  |  Page 89  |  Page 90  |  Page 91  |  Page 92  |  Page 93  |  Page 94  |  Page 95  |  Page 96  |  Page 97  |  Page 98  |  Page 99  |  Page 100