Cyber crime cost businesses worldwide £241bn last year, but liability insurance can protect your company from data and privacy breaches
A third of data breaches are caused by memory stick theft
Cyber crime is not a fictional concept; it is a very real problem, says Ben Beeson, a data protection and security expert at global insurance broker Lockton. Last year, an individual fell victim to a form of online crime every 19 seconds.
In today’s multichannel, mobile and interconnected world, every element of society including government, industry, commerce, charity, health, education and individual citizens is increasingly at risk as more and more sensitive data is stored on a computer system somewhere in the world. The risks are constantly evolving as technology develops, and they are likely to become more acute as a new generation of smartphones effectively become wallets, which will place even greater volumes of personal and financial data at risk.
Regulators across the world are waking up to the fact that changes in data privacy laws are required. The Barack Obama administration in the US and the European Justice Commissioner, Viviane Reding, are both proposing new national and crossborder data breach notification and data privacy laws. The EU data privacy proposals include fines of up to 2 per cent of global annual turnover if a company breaches the proposed data laws, and a requirement for companies with over 250 employees to appoint a data protection officer, and for all breaches to be reported to the regulator – ideally within 24 hours.
Data breaches are becoming more common and dealing with them is increasingly costly, complex and damaging for the organisation that “owns” the data. Norton’s 2011 Cybercrime Report estimates that the cost of stolen cash and the cost of time spent on identifying and resolving data breaches to businesses and governments is around $388bn (£241.6bn) globally.
Risk managers and finance directors realise they need to develop a greater understanding of how to predict and prevent data breaches. According to NetDiligence’s recent study of cyber and data breach insurance claims published in June 2011, the reasons for data loss are split into three main areas: Hackers and criminals were responsible for 32 per cent of breach events. Rogue employees were the cause of 19 per cent of data breaches – and the poor economic climate is expected to exacerbate this problem going forward. Theft of mobile computer equipment such as laptops and memory sticks carrying unencrypted data was responsible for 33 per cent of breaches.
As the frequency and severity of cyber data risk increases, the insurance world is becoming more concerned about the financial risks associated with a data breach and cyber crime. There is a growing insurance market for both first and third party data liability business, and also first party business interruption cover. These products and insurance policies are likely to continue to develop over the coming years.
London is a pre-eminent market for this business due to high levels of innovation and its ability to provide specialist and tailored cover. We expect the introduction of mandatory reporting of data breaches for companies handling EU citizen’s data inside or outside Europe will speed up the rate of new product development in 2012 and beyond.
Data privacy is, and will continue to be, the biggest emerging risk for businesses in the 21st century. Insurance can provide essential financial assistance and access to highly experienced legal, IT forensic and crisis PR advice – which can help companies preserve their reputation and get back to trading as rapidly as possible.
020 7933 2857
ben.beeson@uk.lockton.com
