Think HBR

Is your information protected?

Mark Bramley
OAMPS Insurance Brokers
Technology and globalisation are making the world a smaller place for fraudsters. As businesses are making the most of the upside of collaborative technologies so are cyber-criminals and the ability to accidentally commit security or privacy breaches.
Australian public and private networks are under threat from security and privacy breaches every day.
In the 2012 PWC Global Economic Crime Survey, Australians ranked cyber-crime the second most commonly experienced economic crime, just behind misappropriation. Prior to 2012, cybercrime didn’t even have its own focus in the report. Cybercrime is no longer the domain of young hackers; instead there are now a multitude of offenders with diverse motives. Additionally, security and privacy breaches can be committed by accident and without malice, such as inadvertent emails, or errors in sending mass emails.
One issue is cloud computing, it may offer a more flexible and lower cost facility, but there are risks inherent in storing data off-site. Many data centres for cloud providers are located in the US, Europe or Singapore, therefore your data would be entering different countries, where different laws and regulations apply.
Cloud services pose a serious challenge for IT security protection. High profile data breaches such as Sony, Twitter, LivingSocial, Distribute IT, Melbourne IT’s AAPT, and New York Times, to name just a few, show how easy it is to lose control of your information. According to the Poneman Institute, for the fourth consecutive year the cost per lost or stolen record has increased. In 2009, the cost per record was $123, and the cost in 2012 increased to $141.
There has been a 23% increase in one year in the total average cost of data breach. The total cost of a data breach must bear in mind the following items:
• Expenses related to identifying and repairing the breach, e.g. hiring a forensic investigator
• Business interruption costs, e.g. loss of income due to the disruption to key network technology such as billing or customer service systems
• Notification costs and the possible hiring of a PR firm to limit reputational damage
• Credit monitoring or related costs
• Then there is the cost of data rectification, that is, the work needed to replace and reconstitute lost or damaged data
Seven factors that influence the cost of data breach:
page 48 table
The 2012 Cyber Crime and Security Survey by the Centre for Internet Safety revealed that more than 20% of the 250 Australian businesses surveyed suffered a cyber-attack in the past year. From cyber-crime alone, estimates of losses to Australian businesses range from upwards of $595 million (The Australian Business Assessment of Computer User Security).
There have been a significant number of large breaches, including:
Target (100million records)
Global Payments (1.5 million records)
Yahoo! (400 thousand passwords)
Wyndham Hotels (600 thousand credit cards)
eHarmony (1.5 million passwords)
LinkedIn (6.5 million passwords)
Zappos (24 million records)
Reserve Bank of Australia (six computers infiltrated)
New York Times (system interrupted).
One of the most high profile to date happened in 2011 when Sony suffered 100 million compromised records costing over $300m with costs and legal expenses ongoing.
It is a company’s responsibility, whether they are public or private to make sure that their network is protected in such a way that it doesn’t become an unwitting participant in a cyber-attack. There is also an obligation to company shareholders that information in the company network is safe. Generally, traditional insurance policies do not cover costs associated with security and privacy breaches, which can leave businesses vulnerable. A Data Security and Privacy Protection policy can cover your company for both your first party liability expenses (i.e. business interruption, lost revenue, breach notification costs and investigation costs) as well as your third party liability expenses such as legal expenses and damages.
Cyber risks have an impact on nearly any business in Australia as most are dependent on some form of computer system. OAMPS we’ve found that more than 80% of Australian businesses do not have cyber insurance in their insurance programs. We understand the issues and have the expertise to inform, educate and advise on recommendations to position Australian businesses to avoid the major impact data security and privacy breaches can have.
For further information contact OAMPS on 1800 240 432, email or visit
Mark Bramley Mark Bramley
Mark Bramley is an Area Director at Gallagher and has worked in the financial services industry for more than two decades.