Are you protected from cybercrime?

by

The most prevalent stories of cybercrime in the media today highlight the personal effects of the compromised of credit card numbers, medical records, birth dates, passport numbers and other personal information.  However cybercrime can also severely disadvantage commercial entities through the loss of corporate data and information such as intellectual property and proprietary information.  Research has found that:

  • In 2013, it was estimated that more than one-fifth of the major 255 businesses in Australia were targeted by cyber attackers. Of this number, more than 20% experienced more than 10 ‘cyber security’ incidents (“Rise in cyber attacks on Australian Businesses”, Moses, SMH 2013)
  • In Australia, cybercrime is the second most commonly experienced crime, just behind asset misappropriation

In 2009, six countries in the Asia Pacific/Oceania region enacted data privacy laws.  Two more have since followed suit. The Australian Federal Government recently introduced new cybercrime law in March 2013, which has allowed Australia’s law enforcement and intelligence agencies to compel carriers to preserve communications about specified people (“Australia’s new cybercrime law”, Kallenbach and Sam, Minter Ellison 2013), as well as expanding the offences set under Criminal Code 1995 (Cth).

Further, the government established the national Cyber Security Centre (CSC) at the end of 2013, acknowledging that businesses are increasingly relying on the Internet in order to run their operations (“Australia’s New Cyber Security Initiative”, Morris and Gian, Allens 2013). The CSC will be part of Australia’s new National Security Strategy, commissioned by Julia Gillard in 2013, and has the following objectives to achieve:

  • To promote international norms for cyberspace (through representation through UN bodies, APC, 260, and the Seoul Conference on Cyberspace
  • To update intelligence legislation to reflect the changing environment and to promote the applicability of existing international law for cyberspace
  • Accession to the Council of Europe’s Convention on Cyberspace

The CSC will be able to provide advice in relation to the type of cyber security measures that businesses should take, and will provide critical infrastructure and telecommunications for businesses to use in regards to protecting assets and information (“Australia’s New Cyber Security Initiative”, Morris and Gian, Allens 2013).

A common misconception for businesses however is that external forces are the biggest threat to privacy and security.  In 2011, a survey conducted by Accenture found that employees (48%) and business/system (57%) failures were cited most often as the source of data breaches across the world.  Malicious insiders, in particular, are a growing pandemic and can affect any industry (KPMG, 2010).  Research has found that:

  • 46% of insider incidents are committed using company email
  • 70% of insiders take the information to competitors
  • Records taken are mostly regarding personally identifiable information and Government ID numbers
  • 93% of malicious insiders leave the company before their acts are discovered

Cyber insurance policies can protect you and your business for claims arising from your Internet use.

Whether you mean to or not, your Internet use effectively creates a portal for external access into your internal systems.  This exposure can result in viruses and Trojans, liability from slander/defamation and rogue employees.  Further, expensive lawsuits, lost business opportunities and damage to your network and reputation can cost more than you think.

For example, in January 2012, Australia’s second biggest online broking business, ANZ Bank’s ETrade, was forced to shut down over the New Year period by a denial-of-service attack launched from overseas.  Following the attack, access to the site was unavailable for some customers for nearly two weeks (SMH, Cyber-attack strands ETrade customers, 5 Jan 2012). Last year the Australian Federal Police (AFP) and the Reserve Bank of Australia (RBA) were both attacked by the Indonesian activist-hacking group Anonymous Indonesia, where the AFP website went down early in November, whilst the RBA’s anti denial-of-service successfully stopped their website from going down (“AFP and RBA websites suffer cyber attacks”, Hoh, SMH 2013). These latest attacks show the potential for cyber attacks to not only target small business, but also critical functions of an economy, suggesting the very real dangers that cyber attacks can cause.

Moreover, it can take years to build a good reputation and book of business, but a single data breach can instantly change everything, leading to loss of clients and potential devaluation of company stock.

Other policies on the market do not offer sufficient protection when it comes to cybercrime.  For example, Professional Indemnity policies are tied to professional services and may have a requirement that there be an act of negligence; Crime risk is only in regards to money, securities and tangible property; Property risk does not consider data as tangible property.

Cyber insurance policies therefore provide coverage for: personal data liability, corporate data liability, outsourcing, data security, defence costs.  Further the additional benefits of these policies include: data administrative investigations and fines, and reputational repair of the company and individual.

So contact ii-A today to see how we can assist you with Cyber and Privacy Policy to meet the needs of your business.