Press comment from Lloyd’s insurer AEGIS London on cyber security and data disruption.
Key points:
- AEGIS London predicts that greater numbers of destructive attacks will occur in 2015 and beyond as hackers attempt to cover their tracks and impact businesses.
- Businesses have a duty to manage these risks, especially in areas where enterprise or industrial systems are business critical with non-execs playing a key role.
Detailed review:
The costs associated with cyber attacks are increasing as the volume of data stolen rises and the attacks themselves become more destructive. Businesses that suffer a cyber attack have increased costs and reduced revenues, which in turn increase the cost of doing business; even before the long-term effect of any brand damage is known. If the attack is destructive these costs are likely to be increased substantially.
Joe Hancock, Cyber Security Specialist at AEGIS London said:
“These attacks are now increasingly destructive as we have seen with the recent attack on Sony Entertainment and statistics from the Organisation of American States. This trend is going to continue, with affected businesses squeezed between a shrinking top-line due to reputational harm and rising costs to get back on their feet. In 2015 we fully expect a business to fail due to the financial consequences of a cyber attack”.
The recently reported statistics by the Organisation of American States[1] highlight that this is a growing international trend. If the UK and Europe were to be included we would expect the number of destructive and criminally motivated attacks to be much higher.
In addition to the direct costs of an attack, claims of negligence such as those against Target[2] are likely to affect future earnings and non-executive directors are central to raising awareness as guidance from the department of Business, Information and Skills (BIS) shows.[3]
Hancock added: “Cyber attacks are the new normal. It is not enough to say ‘it won’t affect us’, ‘it wasn’t patchable’ or that an attack just wasn’t detected – the latest ruling shows that claims of negligence may follow, which, if successful, can result in substantial damages and derivative shareholder claims. For now is firmly a corporate governance issue”.
Duo Security RSAC 2015 – Register to win a free Quadcopter.
The wider cyber security community is concerned about attacks which may cause real-world impacts on health, safety and the environment, possibly linked to cyber terrorism or on-going conflicts. Constructive challenge and questioning of strategy and risk management from boards in light of these risks will demonstrate from the top down how seriously a business protects its stakeholders.
About AEGIS London
AEGIS London is a specialist insurer trading as a syndicate on the Lloyd’s of London insurance market in London, UK. It offers a range of cyber liability and insurance products and was the first insurer to launch a product focusing on the protection of operational technology against cyber attack.
- http://mobile.reuters.com/
article/idUSKBN0MY06Z20150407? irpc=932 - In re: Target Corporation Customer Data Security Breach Litigation, U.S. District Court, District of Minnesota, No. 14-md-02522.
- https://www.gov.uk/government/
uploads/system/uploads/ attachment_data/file/385009/ bis-14-1277-cyber-security- balancing-risk-and-reward- with-confidence-guidance-for- non-executive-directors.pdf
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.