French cybersecurity and governance company Wallix has published the results of a survey looking at cyber-insurance and discovered that IT Professionals don’t see the need.
The increase in cybersecurity incidents is costing billions of pounds per year on a global basis. It is not just the cost of cleaning up after a cyber attack but all the ancillary costs that occur. Where data has been stolen companies are now realising that customers expect them to pay for fraud protection.
Banks and credit card companies also want compensation for the cost of cancelling and reissuing cards as well as losses incurred by customers. Suppliers and business partners who are affected may also make claims for having to take additional action to clean and validate their systems.
A successful hacking attack or data breach will also lead to substantial reputational damage for a company. This often results in the need to launch a comprehensive PR and marketing campaign to repair a company’s reputation before it becomes business threatening. If the breach can be shown to be an internal failure of the board or systemic incompetence, activist shareholders may also launch class action systems to recover losses they may have incurred as share values are slashed.
If all of this was not enough regulators are getting tougher and the level of fines are increasing. In some cases we have even seen courts in the US require companies to submit to regular security audits for a number of years after an incident. On top of this any company that does business with Europe will soon find itself subject to the General Data Protection Regulation that could cost them up to 5% of their global turnover.
It is not just cyber attacks that are a major risk factor
Surprisingly these are just the losses associated with a cyber attack. Many companies often find that they lack sufficient insurance to deal with a major IT outage of their systems due to the failure of key components and the lack of comprehensive disaster recovery programmes. Over the last decade we have seen problems with major banks suffering serious IT failures due to botched software upgrades that have often left customers without access to their accounts.
There is also the risk from a disaffected employee or contractor, many of whom often have access either to their own accounts or those of former colleagues when they have left the company. While only a fraction take advantage of such access to cause damage to systems or steal Intellectual Property it is an on-going problem for many companies.
Finally, or is it, there is the risk of industrial espionage. This may come from competitors or even hackers operating on behalf of nation states that are looking to steal Intellectual Property. There is also the ever present risk of being hacked by the security services from friendly countries looking for commercial information which they pass to competitors in order to undermine a company bid. In areas such as defence this is such a constant risk that many companies invest heavily into prevention solutions.
(Next: The Wallix survey around cyber-insurance)