The Cy­ber Threat Fac­ing Busi­nesses

BUSI­NESSES FACE THE RISK OF FI­NAN­CIAL LOSS AND DIS­RUP­TION DUE TO THEFT OF PRI­VATE OR SEN­SI­TIVE IN­FOR­MA­TION, AT­TACKS ON IT SYS­TEMS, AND FRAUD. CY­BER EX­PO­SURES ARE ON THE IN­CREASE, AS BUSI­NESSES BE­COME MORE RE­LIANT ON THE IN­TER­NET AND NET­WORK­ING TECHNOLOGIE

Insurance - - CONTENTS - Text Mat­son Driscoll & Dam­ico Pte Ltd

SWHAT IS “CY­BER THREAT”?

ome of the more re­cent high-pro­file in­ci­dents, such as the at­tacks on Bangladesh Bank, Ash­ley Madi­son and Sony Pic­tures En­ter­tain­ment, have drawn even greater at­ten­tion to cy­ber risks, now con­sid­ered to be among the top risks to global busi­ness. Ac­cord­ing to the Al­lianz Risk Barom­e­ter, cy­ber in­ci­dents ranked third for busi­ness risks glob­ally in 2016 (for per­spec­tive, cy­ber risks were ranked 15th in 2013).

CY­BER RISKS POLI­CIES

Cy­ber risks typ­i­cally fall out­side the cov­er­age of tra­di­tional busi­ness in­sur­ance poli­cies thus a spe­cific cy­ber risk in­sur­ance pol­icy needs to be taken out for pro­tec­tion. As the de­mand in­creases for such poli­cies, more in­sur­ance prod­ucts are be­ing de­vel­oped and of­fered in the mar­ket­place. Pol­icy word­ings dif­fer but typ­i­cally in­clude cov­er­age for a range of first party risk ex­po­sures and third party li­a­bil­ity ex­po­sures. Ex­am­ples of first party risks in­clude loss or dam­age to dig­i­tal or data as­sets, busi­ness in­ter­rup­tion from net­work down­time, restora­tion costs, cy­ber ex­tor­tion, rep­u­ta­tional

dam­age (with as­so­ci­ated costs such as cri­sis man­age­ment and pr) and theft of money and dig­i­tal as­sets. Losses as­so­ci­ated with third party risks might in­clude se­cu­rity and pri­vacy breaches, in­ves­ti­ga­tion of pri­vacy breaches, cus­tomer no­ti­fi­ca­tion ex­penses, multi-me­dia li­a­bil­ity, loss of third party data, reg­u­la­tory fines and penal­ties, and data ware­house breach.

CY­BER BUSI­NESS IN­TER­RUP­TION LOSSES – SOME IS­SUES AND CON­SID­ER­A­TIONS

The con­cept of busi­ness in­ter­rup­tion fol­low­ing cy­ber­crime is not sig­nif­i­cantly dif­fer­ent to busi­ness in­ter­rup­tion re­sult­ing from phys­i­cal dam­age. How­ever, as cy­ber risk poli­cies are rel­a­tively new and still evolv­ing, we ob­serve a va­ri­ety of new word­ings and be­lieve there is larger scope for pol­icy in­ter­pre­ta­tion dis­putes com­pared to tra­di­tional in­ter­rup­tion pol­icy word­ings. For ex­am­ple, am­bi­gu­ity re­gard­ing the in­ter­rup­tion pe­riod – un­like a prop­erty loss whereby the in­ter­rup­tion pe­riod is usu­ally well-de­fined, the “start” and “end” date may be less clear in a cy­ber claim. There may be un­cer­tainty as to when an at­tack oc­curred or when the im­pair­ment as­so­ci­ated with the at­tack be­gan. It may also be dif­fi­cult to de­ter­mine when an at­tack has ended. To com­pli­cate mat­ters fur­ther, losses may still be in­curred even af­ter sys­tems have been re­stored. Would this be cov­ered un­der the pol­icy? An­other con­sid­er­a­tion is de­ter­min­ing the losses that re­sult di­rectly from an in­sured cause, as op­posed to in­di­rect losses that are out­side of pol­icy cov­er­age. For ex­am­ple, it is pos­si­ble that neg­a­tive public­ity from a high­pro­file cy­ber breach may cause loss of trust among cus­tomers to the ex­tent that they do not re­turn, even af­ter sys­tems have been fully re­stored. This type of loss is un­likely to be cov­ered, al­though this would be sub­ject to the ac­tual word­ing of the pol­icy. This con­sid­er­a­tion could be ex­tended to claimed costs. Many cy­ber poli­cies al­low for costs to in­ves­ti­gate an in­for­ma­tion se­cu­rity breach. Such in­ves­tiga­tive ef­forts may in­volve a num­ber of dif­fer­ent dis­ci­plines, in­clud­ing both in­ter­nal and ex­ter­nal per­son­nel. Ser­vices may also be re­quired to re­store net­works and data, and to re­pair or re­place equip­ment dam­aged in the breach. It is im­por­tant to dis­tin­guish be­tween the costs to in­ves­ti­gate and rec­tify the breach, and the costs to im­prove and strengthen the sys­tem, in an ef­fort to pre­vent a re­oc­cur­rence.

The large vol­ume of data can yield lots of use­ful in­for­ma­tion that will be help­ful in quan­ti­fy­ing the loss.

Re­cov­ery is a dis­tinct pos­si­bil­ity through “make-up” sales, par­tic­u­larly if the prod­uct or ser­vice be­ing sold is rel­a­tively unique. A con­sumer un­able to pur­chase a prod­uct from a web­site one day may well try again later and suc­ceed. In such a sce­nario, the sale has merely been post­poned and not ac­tu­ally lost. An­other re­cov­ery sce­nario could crop up in the case of busi­nesses that sell on­line but also have phys­i­cal stores, whereby po­ten­tial buy­ers un­able to pur­chase on­line visit the stores to trans­act in­stead. This type of sales “mi­gra­tion” would not be picked up by an anal­y­sis of on­line sales alone and would re­sult in the loss be­ing over­stated. Like­wise, with the ear­lier ex­am­ple of post­poned sales, an anal­y­sis of the “down­time” pe­riod alone would miss the re­cov­ery and over­state the loss. Th­ese are only a cou­ple of ex­am­ples of how loss re­cov­er­ies could be missed.

One ad­van­tage of a cy­beren­vi­ron­ment is usu­ally the avail­abil­ity of elec­tronic data. On one hand, the large vol­ume of data can yield lots of use­ful in­for­ma­tion that will be help­ful in quan­ti­fy­ing the loss. De­tailed data bro­ken down by ge­o­graphic re­gions, store lo­ca­tions and prod­uct lines al­low trends and buy­ing pat­terns, as well as losses di­rectly re­lated to the cy­ber event, to be de­ter­mined. On the other hand, large vol­umes of de­tailed data could prove chal­leng­ing to an­a­lyse with­out the proper soft­ware and skills.

THE ROLE OF FOREN­SIC AC­COUN­TANTS IN CY­BER IN­SUR­ANCE CLAIMS

Foren­sic ac­coun­tants can as­sist in­sur­ers in the mea­sure­ment and ver­i­fi­ca­tion of the loss in cy­ber claims and can work as part of a wider team of ex­perts in­clud­ing claims han­dlers, IT an­a­lysts, lawyers and ad­justers. Foren­sic ac­coun­tants en­sure that the losses are mea­sured rea­son­ably, ac­cu­rately and in ac­cor­dance with the terms of the in­sur­ance pol­icy. Their work helps to pro­vide clar­ity on the fi­nan­cial fig­ures, which as­sists in set­tling dis­putes and helps safe­guard in­sur­ers from over­pay­ing. As men­tioned ear­lier, the cy­ber arena is still rel­a­tively new; there­fore, there is large scope for dis­putes to arise.

Cy­ber claims are typ­i­cally as­so­ci­ated with very large vol­umes of data, which can be over­whelm­ing for most claim de­part­ments. Foren­sic ac­count­ing firms have the depth of re­source, ex­per­tise and ex­pe­ri­ence to han­dle large vol­umes of data and tar­get the rel­e­vant data to mea­sure the loss.

Foren­sic ac­coun­tants can also as­sist by re­view­ing claimed costs and pro­vid­ing in­sight on whether th­ese costs may meet pol­icy cri­te­ria. Depend­ing on the in­di­vid­ual pol­icy, it could be nec­es­sary to dis­tin­guish be­tween costs to in­ves­ti­gate a po­ten­tial breach and costs to ‘beef up’ net­work se­cu­rity (which could be con­sid­ered bet­ter­ment and may not be cov­ered).

Many cy­ber poli­cies al­low for costs to in­ves­ti­gate an in­for­ma­tion se­cu­rity breach.

Newspapers in English

Newspapers from Malaysia

© PressReader. All rights reserved.